Networking Fundamentals · beginner · ~10 min
Map a packet's journey through the layered model and know which layer each protocol lives at.
Networking is layered. OSI has 7 teaching layers; TCP/IP has 4 practical ones (Link, Internet, Transport, Application). Each layer wraps the one above — encapsulation.
Every tool and attack maps to a layer: ARP spoofing is layer 2, IP spoofing layer 3, port scanning layer 4, web exploitation layer 7. Knowing the layer tells you which tool to reach for and where a defence belongs.
Encapsulation. Each layer adds a header: HTTP → TCP segment → IP packet → Ethernet frame. Addressing per layer. Link uses MAC, Internet uses IP, Transport uses ports. Layer language. "Layer 7" = application, "layer 4" = transport, "layer 2" = switching. Decapsulation. The receiver unwraps headers bottom-up.
Networks are built in layers. Each layer does one job and hands its result to the layer below (sending) or above (receiving). Two models describe this.
A teaching reference: Physical, Data Link, Network, Transport, Session, Presentation, Application (layers 1–7). You'll hear engineers say "that's a layer-7 problem" (application) or "a layer-2 issue" (switching).
What the internet actually runs: Link, Internet, Transport, Application. This is the practical one.
| TCP/IP layer | Does what | Examples |
|---|---|---|
| Application | App-level protocols | HTTP, DNS, SSH, SMTP |
| Transport | End-to-end delivery, ports | TCP, UDP |
| Internet | Addressing & routing between networks | IP, ICMP |
| Link | One physical hop | Ethernet, ARP, Wi-Fi |
Sending data, each layer wraps the layer above in its own header: your HTTP request becomes a TCP segment, inside an IP packet, inside an Ethernet frame. The receiver unwraps in reverse. A pentester reading a packet capture is literally peeling these layers apart.
Two models: OSI (7 layers, teaching) and TCP/IP (4 layers, real). Data is encapsulated header-by-header on the way down and unwrapped on the way up. Everything else in networking hangs off this map.