The First Time I Saw the OSI Model, I Wanted to Cry
I’m not exaggerating. I was watching a networking tutorial, and the instructor casually pulled up a diagram with seven layers, each with a name that meant nothing to me. Application. Presentation. Session. Transport. Network. Data Link. Physical. He rattled them off like they were obvious. I paused the video and stared at my screen for a solid minute.
Seven layers? And I need to understand all of them?
That was about six weeks ago. Today, I not only understand the OSI model — I genuinely think it’s one of the most elegant concepts in all of computing. And I want to explain it the way I wish someone had explained it to me: simply, with a real-world analogy, and with zero assumptions about what you already know.
If you’re a beginner — especially a career changer with no IT background — this is for you.
What Is the OSI Model?
The OSI (Open Systems Interconnection) model is a conceptual framework that describes how data travels from one computer to another across a network. It was developed by the International Organization for Standardization (ISO) in the 1980s to give engineers a common language for talking about networking.
Think of it as a universal blueprint. It doesn’t describe any specific technology — it describes the categories of work that need to happen for two devices to communicate. Every time you load a web page, send an email, or stream a video, data passes through all seven layers.
The model is split into seven layers, each with a specific responsibility. Data starts at the top (Layer 7, closest to the user) and works its way down to the bottom (Layer 1, the physical wire or signal) before being transmitted. On the receiving end, it works its way back up.
The Postal System Analogy
The analogy that finally made the OSI model click for me was thinking about sending a letter. Not email — an actual physical letter through the postal system. Bear with me, because this maps surprisingly well.
Imagine you’re in Sydney and you want to send a letter to a friend in Melbourne.
Layer 7 (Application): You decide to write the letter. This is the intent — the reason for communicating. In networking, this is the application you’re using: a web browser, an email client, a file transfer tool.
Layer 6 (Presentation): You write the letter in English (not Mandarin, not binary) so your friend can read it. This layer handles translation and formatting — making sure data is in a format both sides understand. It also handles encryption (like sealing the letter in a tamper-proof envelope) and compression.
Layer 5 (Session): You start a conversation. If you’re sending multiple letters back and forth, the session layer manages that ongoing exchange — keeping track of who said what, when to start, and when the conversation is done.
Layer 4 (Transport): You decide whether to send the letter via registered post (reliable, tracked, confirmed delivery) or just drop it in a regular mailbox (faster, cheaper, but no guarantee it arrives). In networking, this is the choice between TCP (reliable) and UDP (fast but no delivery confirmation).
Layer 3 (Network): You write your friend’s full address on the envelope — their street, suburb, state, and postcode. The postal system uses this to route the letter to the right destination. In networking, this is the IP address, and routers are the postal sorting centres.
Layer 2 (Data Link): The letter arrives at your friend’s local post office. The postie needs to deliver it to the right house on the right street. This layer handles local delivery — getting data to the specific device on a local network. It uses MAC addresses, like a house number on a street.
Layer 1 (Physical): The actual truck, road, and postie that physically carry the letter from point A to point B. In networking, this is the physical medium — ethernet cables, fibre optic lines, Wi-Fi radio waves. The actual electricity or light that carries the data.
The 7 Layers at a Glance
The OSI Model — 7 Layers
Data flows down from Layer 7 (sender) and back up from Layer 1 (receiver)
Layer by Layer — What You Actually Need to Know
Let me walk through each layer with a bit more detail. I’m keeping this focused on what matters for a beginner, not on every edge case and sub-protocol.
Layer 7 — Application
This is the layer you interact with directly. When you open Chrome and type a URL, Chrome is a Layer 7 application. When you send an email, your email client operates at Layer 7. Common protocols here include HTTP/HTTPS (web browsing), DNS (translating domain names to IP addresses), FTP (file transfers), and SMTP (sending email).
Key point: Layer 7 is not the application itself — it’s the network functionality the application uses. Chrome is software; HTTP is the Layer 7 protocol Chrome uses to communicate.
Layer 6 — Presentation
This layer translates data between the format the application uses and the format the network needs. It handles three main things: data formatting (converting between character sets like ASCII and Unicode), encryption/decryption (SSL/TLS operates here, securing your HTTPS connections), and compression (reducing data size for faster transmission).
Key point: When you see the padlock icon in your browser, that’s Layer 6 at work — your data is being encrypted before it goes any further down the stack.
Layer 5 — Session
The session layer manages conversations between devices. It establishes a session (the initial handshake), maintains it (keeping the connection alive during data transfer), and tears it down when communication is complete. It also handles synchronisation — if a large file transfer gets interrupted, the session layer can help resume it from where it left off rather than starting over.
Key point: This layer is often the hardest to grasp because it’s somewhat abstract. In modern practice, Layers 5-7 are often blurred together. But conceptually, the session layer is the “conversation manager.”
Layer 4 — Transport
This is where things get really important for cybersecurity. Layer 4 manages end-to-end data transfer and introduces port numbers — numerical identifiers that tell the receiving device which application should handle the incoming data. Web traffic uses port 80 (HTTP) or 443 (HTTPS). Email uses port 25 (SMTP). SSH uses port 22.
The two key protocols here are TCP (Transmission Control Protocol) — reliable, ordered delivery with acknowledgements — and UDP (User Datagram Protocol) — fast, no-frills delivery with no guarantee the data arrives. Video streaming and gaming often use UDP because speed matters more than perfect delivery. Banking transactions use TCP because every packet must arrive intact.
Key point: Firewalls often operate at this layer, allowing or blocking traffic based on port numbers. Understanding ports is fundamental to cybersecurity.
Layer 3 — Network
Layer 3 is responsible for logical addressing and routing. This is the domain of IP addresses — the unique identifiers that allow data to find its way across the internet from one network to another. Routers operate at Layer 3, examining the destination IP address in each packet and forwarding it along the best path.
Key point: When you run a traceroute command, you’re watching Layer 3 in action — each hop is a router making a routing decision about where to send your data next.
Layer 2 — Data Link
Layer 2 handles communication within a single local network segment. It uses MAC addresses (unique hardware addresses burned into every network interface card) to identify devices on the same network. Switches operate at Layer 2, forwarding data frames to the correct device based on its MAC address.
This layer also handles error detection (checking whether data was corrupted in transit) and flow control (making sure a fast sender doesn’t overwhelm a slow receiver).
Key point: ARP (Address Resolution Protocol) bridges Layer 2 and Layer 3 — it translates IP addresses into MAC addresses so that data can be delivered locally. ARP spoofing is a real attack that happens at this layer.
Layer 1 — Physical
The bottom of the stack. Layer 1 is the actual hardware: ethernet cables, fibre optic lines, Wi-Fi antennas, network interface cards, hubs, and repeaters. This layer deals in raw bits — electrical voltages, light pulses, and radio frequencies. It defines connector types, cable specifications, signal encoding, and transmission speeds.
Key point: If your internet “isn’t working” and the fix is plugging in a loose cable, you’ve just resolved a Layer 1 issue. Physical layer problems are more common than you’d think.
The Mnemonic That Saved Me
Memorising seven layers in order is genuinely annoying. The classic mnemonic — going from Layer 7 down to Layer 1 — is:
Please Do Not Throw Sausage Pizza Away
Physical, Data Link, Network, Transport, Session, Presentation, Application
Wait — that’s bottom to top. For top to bottom (Layer 7 down to Layer 1):
All People Seem To Need Data Processing
Application, Presentation, Session, Transport, Network, Data Link, Physical
I use “Please Do Not Throw Sausage Pizza Away” (bottom-up) because the silliness of it makes it stick. Pick whichever version works for your brain and repeat it until you can recite it in your sleep. Interviewers will ask.
Why Cybersecurity Professionals Care About the OSI Model
This is the part that made me truly appreciate the model rather than just memorising it for exams. Attacks happen at specific layers, and understanding which layer is being targeted changes how you defend against it.
| Layer | Attack Examples |
|---|---|
| Layer 7 (Application) | SQL injection, cross-site scripting (XSS), DNS poisoning |
| Layer 6 (Presentation) | SSL stripping, encryption downgrade attacks |
| Layer 5 (Session) | Session hijacking, cookie theft |
| Layer 4 (Transport) | SYN flood (DDoS), port scanning |
| Layer 3 (Network) | IP spoofing, ICMP flood, routing attacks |
| Layer 2 (Data Link) | ARP spoofing, MAC flooding, VLAN hopping |
| Layer 1 (Physical) | Cable tapping, signal jamming, hardware tampering |
When a security analyst says “this is a Layer 4 attack,” everyone in the room immediately knows the general category of the threat and what kind of defences apply. The OSI model is the common language of cybersecurity troubleshooting.
When Layer 3 vs Layer 4 Finally Clicked for Me
I want to share the specific moment this stopped being abstract for me, because I think it’s the kind of thing textbooks skip.
I was setting up firewall rules in my home lab and I needed to block traffic to a specific service. The tutorial said “create a rule to block TCP port 22.” And I suddenly realised: blocking a port is a Layer 4 decision (Transport — port numbers), but the traffic is being routed based on IP addresses, which is a Layer 3 decision (Network). The firewall was operating across multiple layers simultaneously.
That was when I understood why the model exists. Not as a rigid set of boxes, but as a thinking tool. When something goes wrong on a network, you systematically work through the layers: Is it a physical cable issue (Layer 1)? A MAC address problem (Layer 2)? A routing issue (Layer 3)? A port being blocked (Layer 4)? This is how network engineers and security professionals diagnose problems efficiently.
OSI vs TCP/IP — A Quick Comparison
You’ll often hear about the TCP/IP model alongside the OSI model. The TCP/IP model is simpler — it has four layers instead of seven and is what the actual internet is built on. The OSI model is more of a teaching and reference framework.
| OSI Model | TCP/IP Model |
|---|---|
| Layer 7 — Application | Application |
| Layer 6 — Presentation | Application |
| Layer 5 — Session | Application |
| Layer 4 — Transport | Transport |
| Layer 3 — Network | Internet |
| Layer 2 — Data Link | Network Access |
| Layer 1 — Physical | Network Access |
The TCP/IP model collapses the top three OSI layers into one “Application” layer and the bottom two into one “Network Access” layer. In practice, most real-world networking uses TCP/IP terminology, but the OSI model remains the standard reference for exams, interviews, and security discussions.
I cover this comparison in much more detail on my networking basics page.
This post covers the OSI model, but networking is just one piece of the puzzle. The full guide walks you through every foundational concept in the same plain-language style.
Intro to Cybersecurity for Non-ITAvailable Now
Complete beginner guide to cybersecurity for career changers with zero IT background.
Why Interviewers Love Asking About the OSI Model
Every cybersecurity professional I’ve spoken to or read about has been asked about the OSI model in at least one job interview. It’s practically guaranteed. And there’s a good reason for it: the question reveals how you think, not just what you’ve memorised.
An interviewer asking “walk me through the OSI model” isn’t testing whether you can recite seven layer names. They want to know:
- Can you explain technical concepts clearly?
- Do you understand how data actually moves across a network?
- Can you troubleshoot systematically by thinking in layers?
- Do you know which security tools and attacks operate at which layers?
If you’re preparing for cybersecurity interviews, the OSI model is non-negotiable. Check my interview questions guide for more common questions and how to approach them.
Study Tips for Memorising the Layers
After struggling with this myself, here’s what actually worked:
-
Use the mnemonic religiously. “Please Do Not Throw Sausage Pizza Away” — say it out loud ten times. Then say the layer names. Repeat daily for a week. It will become automatic.
-
Draw it by hand. Something about physically writing out the seven layers, numbering them, and adding one keyword per layer cements it in memory far better than staring at a diagram.
-
Map real-world activities to layers. Every time you use the internet, pause and think: “Which layers am I touching right now?” Opening a website? That’s Layer 7 (HTTP), Layer 4 (TCP port 443), Layer 3 (IP routing), all the way down to Layer 1 (your Wi-Fi signal).
-
Learn the protocols per layer. Don’t try to memorise everything at once. Start with one or two protocols per layer: HTTP at Layer 7, TCP/UDP at Layer 4, IP at Layer 3. Build from there.
-
Use it to troubleshoot. When your internet breaks, start at Layer 1 and work up. Cable plugged in? (Layer 1.) Getting a local IP? (Layer 2/3.) Can you ping the router? (Layer 3.) Can you load a website? (Layer 7.) This practical use makes the model stick.
The OSI model isn’t just an exam topic. It’s a framework you’ll use throughout your entire cybersecurity career. The time you invest in truly understanding it — not just memorising it — will pay dividends in every networking and security conversation you ever have.
Further Reading
- Networking Basics — the comprehensive guide including TCP/IP, protocols, and subnetting
- Security Concepts — understand the defences that operate at each layer
- Interview Questions — how to answer OSI model questions in interviews
- Home Lab Setup — see the layers in action by capturing packets with Wireshark
- Start Here — the full structured learning path
Individual results vary based on location, experience, market conditions, and effort invested.
Comments
Join the discussion! Comments are powered by GitHub Discussions.