OSI Layer Protocols – How to Determine Which Network Protocol Works in Which OSI Layer

The OSI model is not 100% conformed to. It is a guide line for understanding and organizing the various functions required to create a network, or an inter-network, or even the Internet.

So not everything falls perfectly within a single OSI layer. However, understanding the primary purpose of each layer will help categorize different protocols into different layers.

Layer 1 is primarily responsible for providing a mechanism or medium to move bits (1s and 0s) from one device to another. Twisted Pair wiring, Serial cables, Fiber Optics are all considered Layer 1 technologies.

Wifi, though it doesn't have a physical medium, is also considered a Layer 1 technology since it has the ability to move 1s and 0s from one device to the next.

Anecdotally, you could consider the string between two cans a Layer 1 "technology", since it has the ability to move 1s and 0s from one device to another.

Layer 2 is concerned with what I like to call Hop to Hop delivery. It is responsible for putting the 1s and 0s on whatever L1 technology is being used, as well as retrieving the 1s and 0s from whatever L1 technology is being used.

The Network Interface Card (NIC) is an example of a Layer 2 technology.

To facilitate "hop to hop" delivery, Layer 2 uses a MAC address -- which is effectively the identification of a particular device's NIC.

Layer 3 is responsible for what I like to call End to End delivery. This is where protocols like IP exist.

Between two end points on either side of the Internet, there might be 10s or 100s of NICs that a packet must pass through. Layer 2 will get it from one NIC to the next. But Layer 3 will determine where the final destination is.

Layer 2 and Layer 3 work together to move Data from one end point to another through each individual "NIC to NIC" hops between the end points.

Layer 4 is responsible for segregating Network Streams. All the 1s and 0s carried by L1 arrive on your PC on the same NIC. Something has to distinguish which 1s and 0s belong to your Internet Browser, or your Music Streaming application, or your Chat program, or Operating System updates, or a plethora of other applications that send or receive data from the Internet.

Layer 5, 6, and 7 all blend together. I wrote a potential example of the initial intention of each of those layers on reddit, but understand that was mostly an example, not a description of how it actually works:

L5 - Session - this could be something like HTTP cookies, keeping individual browser sessions different from the next. It is a way identify and keep track of different set of bits, within the same L4 TCP/UDP connection.

L6 - Presentation - The bits show up as 1s and 0s. Something needs to deterimine how those 1s and 0s should be interpretted. For example, should bits be grouped into sets of 8 and converted into letters according to ASCII. Or should the bits be converted to large numbers and used to decrypt the content.

L7 - Application - Now that L6 has turned the bits into letters, we need to turn those letters into something meaningful. For example, the letters GET /index.html HTTP/1.1 mean something in the HTTP application, they are a command to fetch the index.html page from the server.

^Source

Given the brief description of each Layer, you can then apply that knowledge to determine what layer a particular protocol operates at. For example...

• HTTP is not a function to move 1s and 0s across a wire.
• HTTP is not a function that puts and pulls 1s and 0s on/off a wire
• HTTP is not a function that enables end to end delivery of data
• HTTP is not a function that segregates all the data streams from a wire.

As such, HTTP can be considered as a L5/L6/L7 protocol. I've seen this abbreviated as a L5 protocol, or L5+, or L7. It all means the same thing.

But again the OSI model is not perfect, and everything doesn't perfectly conform to a particular layer. For example...

• ICMP is not a function to move 1s and 0s across a wire.
• ICMP is not a function that puts and pulls 1s and 0s on/off a wire
• ICMP is not a function that enables end to end delivery of data
• ICMP is not a function that segregates all the data streams from a wire.

Despite all that, ICMP is considered a L3 protocol, mainly because its primary usage (ping) tests if a packet can get from one end of the Internet to the other. AKA, it is primarily associated with end to end delivery.

As for the rest of the protocols you listed, this is where they typically are associated with:

• L3 - OSPF, ICMP, BGP, RIP
• L4 - TCP, UDP
• L5/L6/L7 - HTTP

DHCP is a tricky one. On one hand, it is primarily concerned with providing end hosts with IP addresses, but on the other its communication does not happen over IP. Personally, despite that, I like to consider DHCP a L3 protocol.

ARP is also the other often debated tricky one. It communicates without an IP (L3) header, but its purpose is to resolve IP addresses to MAC addresses -- and it is only used by L3 devices. It is sometimes considered both layers, or in between both layers. Or sometimes simply identified as a L2 protocol.

It doesn't really matter where you land on the debate, so long as you understand the view points from both sides.

Hopefully that will help you distinguish or place protocols in a particular layer. Again, keep in mind, it never works out perfectly. The OSI model is a conceptual model, not an explicit standard everyone strictly adheres to.