| OSI (7 layers) | TCP/IP (4 layers) | Examples |
|---|---|---|
| Application | Application | HTTP, DNS, SSH, SMTP |
| Presentation | (folded in) | TLS, encoding |
| Session | (folded in) | — |
| Transport | Transport | TCP, UDP |
| Network | Internet | IP, ICMP |
| Data link | Link | Ethernet, Wi-Fi |
| Physical | Link | Cables, radio |
OSI vs TCP/IP
Both are layered models. OSI is theoretical, TCP/IP is what runs on the internet.
Memorise the four: Application · Transport · Internet · Link.
What each layer does
| Layer | Job | Identifies by |
|---|---|---|
| Application | What the app actually sends (HTTP request, DNS query) | URL / endpoint |
| Transport | Reliable (TCP) or fast (UDP) delivery between processes | Port (0–65535) |
| Internet | Route packets across networks | IP address |
| Link | Move bits across one physical hop | MAC address |
A web request goes: HTTP (app) → TCP (transport) → IP (internet) → Ethernet/Wi-Fi (link), then back up the stack on the server.
TCP vs UDP
| TCP | UDP | |
|---|---|---|
| Connection | Yes (3-way handshake) | No (fire and forget) |
| Reliability | Guaranteed, retries, ordered | Best-effort, lossy |
| Speed | Slower | Faster |
| Header overhead | 20 bytes min | 8 bytes |
| Use for | HTTP, SSH, email, file transfer | DNS, streaming, gaming, VoIP |
Pick TCP when correctness > speed. Pick UDP when speed > correctness (live video can drop a frame; a payment cannot drop a digit).
The 3-way handshake
How TCP starts a connection:
Client Server
│ ─── SYN ─────────────►
│ ◄─── SYN + ACK ──────
│ ─── ACK ────────────►
│
│ [connected]- SYN — "I want to talk, sequence starts at X."
- SYN + ACK — "OK, I'll talk, my sequence starts at Y, I acknowledge X."
- ACK — "Got it, I acknowledge Y."
Three round-trips before the first byte of payload. This is why connection-heavy protocols (HTTP/1.1) feel slow without keep-alive.
IP addressing
IPv4: 32-bit, written as four octets (192.168.1.1). ~4 billion addresses. Already exhausted.
IPv6: 128-bit, written in hex blocks (2001:0db8::1). Effectively unlimited.
Private ranges (not routable on the internet):
10.0.0.0/8172.16.0.0/12192.168.0.0/16127.0.0.1— localhost
NAT (Network Address Translation) translates between your private LAN and one public IP — that's how multiple devices share one home router's address.
CIDR notation: 192.168.1.0/24 = first 24 bits are network, last 8 are host → 256 addresses.
DNS
How a name like mariaa.tech becomes an IP:
- Browser checks local cache. Miss.
- Asks the recursive resolver (your ISP or 8.8.8.8).
- Resolver asks the root server → "ask .tech".
- Resolver asks the .tech TLD → "ask Cloudflare's nameserver".
- Resolver asks Cloudflare → "it's
76.76.21.X". - Resolver returns the answer to your browser.
Record types:
- A — IPv4 address.
- AAAA — IPv6 address.
- CNAME — alias to another name.
- MX — mail server.
- TXT — arbitrary text (DKIM, SPF, verification).
- NS — nameserver authoritative for the domain.
HTTP / HTTPS
HTTP runs on top of TCP, port 80. HTTPS is HTTP inside TLS, port 443.
TLS handshake (simplified):
- Client says hello + supported ciphers.
- Server picks cipher, sends its certificate.
- Client verifies the cert against trusted CAs.
- Exchange keys, derive a shared session key.
- All further traffic is encrypted with that key.
Latency cost: ~1 round trip beyond TCP's 3-way handshake. HTTP/3 over QUIC (UDP) reduces this further.
Debugging tools
The networking toolbox:
| Tool | Use |
|---|---|
ping | Is this host reachable? |
traceroute / tracert | Which hops does my packet take? |
nslookup / dig | Resolve a DNS name. |
netstat -an | What ports are open / connected on this machine? |
ss | Modern replacement for netstat. |
tcpdump / Wireshark | Capture and inspect actual packets. |
curl -v | Inspect HTTP requests, headers, TLS. |
mtr | Combined ping + traceroute over time. |