The TCP/IP Model
The dreaded TCP/IP model. I say that tongue in cheek because the OSI model is the language that I use when referring to networking, “Layer 1 issue.” I seldom use the TCP/IP model, but I understand the change. When we were speaking in the Understanding the OSI Model blog we mentioned that not every protocol can fit nicely into the OSI Model, for example, the NIC works both in the layer 1 and layer 2, so which type of device is it?
This will be a brief description of the Model as the previous blog goes a bit deeper into what is going on in each layer.
The TCP/IP Model is a 4 layer model that combines parts of the OSI that should be combined to better understand what is going on in that layer. Those layers, which aren’t really numbered like in the OSI model:
- Link
- Internet
- Transport
- Application
The Link Layer
This layer combines the OSI Model of Layer 1 and Layer 2. One thing that books and people say about the TCP/IP model is that “TCP/IP starts at layer 3.” The Link Layer deals with everything from cabling, MAC Address, NICs, and switches. It doesn’t clearly distinguish between the energetic impulse of the data on the wire and the NIC, it all works seamlessly together. Without the NIC the frame that is being encapsulated can’t make it to the wire and vice versa, the 1s and 0s and the Frame go together neatly.
The Internet Layer
The Network Layer 3 from the OSI and the Internet Layer are a 1 for 1 change. Not sure why they decided to change the name of the layer, especially the internet layer. I understand that the “Internet” works on the IP but, still, it doesn’t make sense. One helpful way to differentiate between the Link Layer and the Internet Layer is that the Link Layer deals with the Frame and the Internet Layer deals with the Packet. This layer only cares about getting the Source to the Destination.
The Transport Layer
The Transport layer mostly deals with the connection-orientated TCP and the connectionless UDP for each segment/datagram that it builds but also cares about some of the OSI session layer with reassembling the segments correctly. The Transport layer also works on the port level where each application tells the transport layer what port the destination is and what port the application is sending the communication on. There are a lot of ports that are used as standards across the world, servers that are serving http traffic are going to be TCP port 80. There are also what’s known as ephemeral ports, these are the ports that applications use as their source so that the traffic can get back to the application. These ephemeral ports are just made up and random, whereas those ports used by protocols are usually static and the same around the world.
The Application Layer
The application layer combines the last 3 layers of the OSI model, Session, Presentation, and Application layers. This layer is responsible for initiating, controlling, and disconnecting from any remote system.
Conclusion
The TCP/IP was never helpful for me. Frankly, the only part of it I agree with is combining the top two of OSI model Presentation and Application into the Application layer. This is because the presentation layer doesn’t fit well into any model and it is just something that the application layer DOES. It makes sense to combine the two. Also, as working with networking and never touching the application, the network stops at the transport layer. Sometimes the session comes in handy when you are capturing data and see packets not segmented correctly when they go to the device. But really, as a network security guy, I care up until the transport layer and each layer below, the internet and link are important separately. The first 4-5 layers of the OSI model, again to me, are more important for troubleshooting than using the TCP/IP model.
Stay Curious, Stay Strong.
Remember to follow us on the following socials:
Leave a Reply