📅 Day 32 – OSI Model, Encapsulation, and Core Network Protocols
🎯 Goal
Build a solid mental model of networking using the OSI framework in preparation for CompTIA Network+ concepts and future SOC analysis work.
The focus was understanding:
- why network models exist
- how data moves through network layers
- how protocols cooperate to deliver traffic
- how this knowledge applies to security investigations
🛠️ What I Did
Studied Chapter 1 of the CompTIA Network+ All-in-One Exam Guide.
Topics covered included:
- purpose of networking models
- OSI seven-layer architecture
- encapsulation and decapsulation
- frames, packets, and segments
- NIC functionality
- MAC vs IP addressing
- hub vs switch vs router behavior
I also practiced recalling the OSI layers from memory and mapping responsibilities to each layer.
🌐 OSI Model Overview
| Layer | Function |
|---|---|
| 7 Application | Network services used by applications |
| 6 Presentation | Data formatting, encryption, compression |
| 5 Session | Session management between systems |
| 4 Transport | Segmentation, ports, reliable delivery |
| 3 Network | Routing using IP addresses |
| 2 Data Link | Frames and MAC addressing |
| 1 Physical | Bits transmitted over physical media |
Understanding these layers provides a structured way to reason about how network communication works.
📦 Encapsulation Concept
Network communication occurs through encapsulation, where each layer adds its own header information.
Example flow:
Application Data
→ Transport Segment
→ Network Packet
→ Data Link Frame
→ Physical Bits
At the receiving end, the process reverses through decapsulation, where each layer removes its header and passes the data upward.
🔐 Protocols Studied
ICMP
Internet Control Message Protocol is used for network diagnostics.
Examples:
ping
traceroute
ICMP operates at Layer 3 (Network layer).
ARP
Address Resolution Protocol maps IP addresses to MAC addresses on a local network.
Example use case:
When a host knows the destination IP but needs the MAC address to deliver the frame on the local network.
ARP operates between Layer 2 and Layer 3.
SNMP
Simple Network Management Protocol allows monitoring and management of network devices.
Typical use cases:
- collecting device telemetry
- monitoring routers, switches, and servers
- centralized infrastructure management
From a security perspective, SNMP can also be abused for network reconnaissance.
🔐 Key Cybersecurity Connections
Understanding network fundamentals enables analysts to interpret network telemetry.
Security investigations often rely on recognizing:
- abnormal network traffic patterns
- unexpected protocols or ports
- unusual routing behavior
- suspicious network scanning activity
A key concept learned today:
- MAC addresses change at every hop
- IP addresses remain constant end-to-end
This distinction is critical when analyzing packet movement across networks.
⚠️ Challenges
The main difficulty was reconciling:
- the OSI model (theoretical framework)
- the TCP/IP model (real-world implementation)
These models do not map perfectly to each other.
The solution was to separate:
- exam-oriented understanding
- operational networking reality
🧠 What I Learned
Networking communication follows layered abstraction.
Each layer solves a different delivery problem:
| Question | Layer |
|---|---|
| Which application? | Application layer |
| Which port/service? | Transport layer |
| Which host? | Network layer |
| Which local device? | Data link layer |
| How is data physically transmitted? | Physical layer |
Understanding these responsibilities makes network behavior easier to analyze.
⏭️ Next Steps
- continue Network+ study
- deepen understanding of TCP vs UDP behavior
- connect packet flow concepts to real network traffic analysis
- start using tools that reveal network activity
Examples to explore:
tcpdump
wireshark
netstat
ss
💭 Reflection
This session helped transform networking concepts from memorized definitions into a clearer mental model of how packets move through networks.
Instead of isolated facts, the OSI layers now feel like a structured explanation of how communication is actually delivered.
🧩 Lessons Learned
What worked
- active recall of OSI layers
- mapping protocols to their operational role
What broke
- confusion between Session and Transport responsibilities
Why it broke
- theoretical models sometimes simplify real implementations
Fix / takeaway
Understand both:
- the model used for learning and certification
- the real-world networking behavior systems actually follow.