LearnNetwork
OSI and TCP/IP layers

TCP/IP — the four-layer model that actually runs the internet

8 min

OSI is the textbook model. TCP/IP is the one your laptop, the routers between your laptop and the server, and the server itself are actually built around. Where OSI has 7 layers, TCP/IP has 4 — but they map to the same physical realities.

The four layers

| TCP/IP layer | What lives here | Maps to OSI | |---|---|---| | Application | HTTP, DNS, SMTP, SSH, TLS — whatever a user-facing program speaks | 5, 6, 7 | | Transport | TCP, UDP, SCTP, QUIC — end-to-end delivery semantics | 4 | | Internet | IPv4, IPv6, ICMP, IPsec — routing across networks | 3 | | Link / Network Access | Ethernet, 802.11, PPP — bits on the local medium | 1, 2 |

Some textbooks call the bottom layer "Network Access," others "Link," others lump in the physical separately. The model is more of a guideline than the IETF cares to enforce.

Why the merge?

OSI's Session and Presentation layers ended up empty in practice — by the time IETF was building the internet, encryption (TLS) and session management (e.g., HTTP cookies, QUIC streams) were absorbed by application-layer protocols. The Application layer in TCP/IP just contains all the protocols that aren't dealing with packets or routing.

OSI's Physical and Data Link, on the other hand, are tightly bound — Ethernet "the protocol" specifies both the bit-on-the-wire encoding (L1) and the framing (L2). Splitting them out adds bureaucratic clarity but no operational value.

Each layer's identifier

| Layer | Identifies what with what | |---|---| | Application | A specific service (TCP/UDP port: 80 for HTTP, 443 for HTTPS, 53 for DNS) | | Transport | A specific connection (the 5-tuple: src IP + src port + dst IP + dst port + protocol) | | Internet | A specific host (IP address) | | Link | A specific NIC on the local link (MAC address) |

When you connect to https://example.com:

  1. Application decides: "I need to speak HTTPS on port 443 to example.com."
  2. Transport opens a TCP connection: source port (random, eg 49231) → dest port 443.
  3. Internet picks the right local interface and routes the packet to the destination IP.
  4. Link wraps the packet in an Ethernet frame to the next-hop's MAC and transmits it.

At every router along the way, the Internet layer makes the routing decision; the Link layer is rebuilt for each hop. The Transport and Application layers ride end-to-end and never inspect intermediate routers.

Why this matters operationally

Troubleshooting always starts at the bottom:

  1. Is the link up? Cable plugged, light on optic, switch port forwarding?
  2. Is the internet layer reachable? ping, traceroute, routing table sane?
  3. Is the transport opening? telnet host 443 or nc, does it connect or RST?
  4. Is the application speaking the expected protocol? curl -v, openssl s_client?

A user complaint about a slow website is, at heart, a question about which layer is the problem. Knowing the model is knowing how to ask the question.

What to remember

  • TCP/IP has 4 layers: Application, Transport, Internet, Link.
  • It maps directly onto OSI but collapses what real protocols actually merge.
  • Each layer has a specific identifier — port, 5-tuple, IP, MAC.
  • Troubleshoot from bottom up; ask "which layer is broken" rather than "the network is broken."