OSI Model and TCP/IP

Understanding network architecture is fundamental to penetration testing. The OSI and TCP/IP models describe how data travels across networks, with each layer presenting unique security considerations and attack opportunities.

The OSI Reference Model

The Open Systems Interconnection model divides networking into seven layers from Physical at the bottom to Application at the top. Each layer encapsulates data from the layer above, adding headers and potentially trailers.

Security at Each Layer

Layer 2 (Data Link) attacks include ARP spoofing and cache poisoning, MAC address spoofing, VLAN hopping, and switch CAM table overflow.

Layer 3 (Network) attacks include IP spoofing, ICMP attacks, routing protocol attacks, and fragmentation attacks.

Layer 4 (Transport) attacks include port scanning, TCP session hijacking, SYN flooding, and UDP flooding.

Layer 7 (Application) attacks include protocol-specific vulnerabilities, authentication attacks, input validation flaws, and business logic attacks.

TCP/IP Model

The practical TCP/IP model consolidates into four layers: Application, Transport, Internet, and Network Access.

TCP vs UDP

TCP (Transmission Control Protocol) is connection-oriented with reliable delivery, ordered packets, flow control, and three-way handshake. UDP (User Datagram Protocol) is connectionless with no guaranteed delivery, preferred for speed over reliability.

Practical Implications

Understanding these models helps pentesters choose appropriate scanning techniques, identify attack surfaces at each layer, bypass security controls, and craft custom packets for exploitation.