OSI Model in real world – step by step analysis

By | July 10, 2020

OSI Model Real world is step by step analysis of what happen behind the scene when we visit the website using the internet .We will go through the Packet flow by analyzing each layer of the OSI model. Everyone must have basic understanding of OSI model and the packet format in each layer before going through this full article for good understanding.


As we can see from above topology we have our happy client Bob with IP address on left hand side using Internet explorer [Web browser ] which is an application software to surf website [www.google.com [].For this scenario Bob is connected to the internet via router 1 (usually managed by ISP who provides internet services, e.g : Airtel ) and server is connected to remote device which is router 2 here.Please not in the real internet environment there may be other devices such as router/firewall [managed by other regional/national ISP ] will exist in the path.

As we look at the first layer of OSI model

Bob Computer

Application layer [layer 7] –

Bob open his Internet explorer and type www.google.com in address bar, as soon as he type the address. His computer [] browser behind the scene send a request to Public DNS server [] at port 53 to resolve Google.com [domain name] into IP address.

Packet Capture 150: Browser Query to DNS server []

DNS server looks its local database and send response back to client with google IP address

Packet Capture 168: DNS server [] Response

Once web browser know the IP address of google.com i.e. .Browser use the IP address to form a TCP connection with the google server.

Packet Capture 184 to 192 : TCP connection with Google Server

Protocol HTTP (HTTP – is a Protocol used for communication between browser and webserver) which operate at port 80 and create a HTTP request which is a GET message [GET-give me you page], which is used to request the web page from the Server.

Presentation layer – layer 6

The request pass down to presentation layer which convert that HTTP request into a standard format so that other side of Presentation layer understand it and convert it back to its native format. It ensures that data transferred from the client Application layer read by the Application layer of google server.

HTTPS – Presentation layer encrypt the data

Session layer – Layer 5

Session layer create HTTP session with www.google.com using random source port [1024 to 65535 –assigned to web browser by operating system of computer.] and well know destination port 80 which is so that it can be separated it from other sessions.

Please note the 3 top layers of OSI model (Application, Presentation and Session) are not really distinguished in TCP/IP world and are all part of Application layer

Transport Layer- Layer 4.

Transport Layer [layer 4] at client side is responsible for transport and it choose TCP for every HTTP session. Here it divide Client data into segments by adding source port: 23739 and destination port number: 80. Source port number to distinguish the web browser application from very else program running on computer and it also used to identify which application should receive return traffic. And the destination port number is used to make sure message coming from web browser gets and sent to web server program running on the server and it does not grab by other application running on that server. Once segment is created it will be transfer it to Network Layer

Layer 4 Segment format

Network Layer [layer 3]

At client side create packet by adding source IP address [] and destination IP address [] and encapsulate segment inside the packet and handover to Layer 2.

Layer 3 Packet format

Data link Layer – Layer 2

With destination IP address software in Bob computer check ARP cache to find mac address of router1 [ Airtel managed router ] .if cache is empty it use ARP Protocol and send request to resolve IP address into mac address. Every devices on that network segment gets that ARP request because as it layer 2 broad cast message destined for all devices but only the router 1 reply with its own mac address.

Local ARP cache

Packet capture 88 and 90: ARP Query and reply

Once the data link layer of Bob PC know the mac address of Airtel router 1, it build a frame by adding source and destination mac address.and it also run CRC which simply check the data and frame header bits and add that result in to frame check sequence field. And pass that information down to Physical layer.

Layer 2 Frame Format

Physical layer [layer 1]

Convert all that information in 1’s and 0’S and send it to destination Airtel router 1 using physical cable.

Airtel router 1 end:

Physical layer [layer 1]

It receive those bits on the physical cable and pass it data link Layer

Data link Layer – Layer 2

It Build frames from bits which it received at layer 1. It Run CRC and compare the result with FCS field. If answer dint match the frame is discarded. If it match then the destination mac address is checked. And here destination mac address is the mac address of router 1 so it matches. Once it match L2 check the Ethernet type field to the upper layer protocol used at network layer. Here in our case is Internet Protocol [IP].

L2 now remove the frame [DE encapsulate it] and it now pull the Packet and handover to IP at network layer.

Network Layer – L3

It check destination IP address which is and realize that it is not destined for it as the IP address doesn’t belong to any of its interface. So it realize it need route it so it to look the routing table to find best path to route it across that interface. As per the topology router 1 has only one path which is goes to router 2 [which is managed by google]

Routing Table of Airtel Router.

Router1-Airtel encapsulate the packet into frame at layer 2 and convert it bits at Layer 1 and send it across the interface fa0/0.

Router2-Google receive those bits at layer 1 .It goes through DE encapsulation process.it build the frame and check the destination mac address. The destination mac address is match so it check Ethernet type field and handover the packet to layer 3.layer 3 check the destination IP address [] which not Destin to it so it look its routing table to forward the packet.so Here the Google Server is directly connected to it.so it encapsulate the packet into frame at Layer 2 [run CRC and source mac add of interface fastethenet 0/1 and mac add of google server]and convert it to bits [0,1] and send it to google.com []

Routing table of router2-Google

Google server:

Physical layer 1:

It receive bits

Data link Layer 2:

It build frames. Run CRC and compare the answer with FCS field. If answer dint match then the frame is discarded. If it matches then the destination mac address is checked. Here destination mac address is matches so it check Ethernet type field to find the protocol used at network layer. Here it is IP.it pull the packet from frame and hand our to IP at network layer

Network layer –Layer 3

Network layer check destination IP address and now finally it matches [ IP address is configured on google server ] so it check protocol type field to find the protocol used at Layer 4.here it is TCP and now network layer of server send all information to TCP at layer 4 .

Transport layer – Layer 4

At transport layer check destination port number which is here well know port number = 80 .which destined to web server application running on that particular server i.e in our case www.google.com.so it passes all those information up to google web server. Google web server send acknowledgement message to client to ensure that is received its request.

Packet Capture 211: ACK Message from Google server

Layer 5 – Agee for HTTP session

Layer 6- convert the data from standard format to native format

Layer 7-finally it send all web pages over the network to client. And all those information gives google web page to our happy client Bob web browser.

Packet Capture 223: HTTP Response from google server

Please note : Encapsulation happen when data moves from upper layer to lower level and the reverse process is decapsulation occurs when data is received on the destination [data moves from lower layer to upper layer ]. During this whole process Bob computer IP address and google server IP address does not change. Only the Source and Destination Mac address will be changed hop by hop basis.

Conclusion: In this article, I have discussed how OSI model works in real world scenario by explaining what happen behind the scene when we visit any particular website over the Internet. Keep in mind that this entire system didn’t spring into existence in a day, it took decades for dozens of developments to come together to make the process of requesting, retrieving, delivering and displaying web pages possible hope this Help

One thought on “OSI Model in real world – step by step analysis

Leave a Reply

Your email address will not be published. Required fields are marked *