Troubleshooting networking using the OSI model

Networking/Security Forums -> Networking

Author: fsb PostPosted: Fri Jun 13, 2003 6:14 pm    Post subject: Troubleshooting networking using the OSI model
When troubleshooting networking it is always sensible to approach the problem from the perspective of the OSI model. The OSI, or Open System Interconnection, model defines a networking framework for implementing protocols in seven layers. The beauty of this model is the fact that you can individually troubleshoot every layer using simple methods. I suggest working from layer 1 upwards until you find the problem.

Physical, Layer 1 : This layer conveys the bit stream - electrical impulse, light or radio signal -- through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier, including defining cables, cards and physical aspects. Fast Ethernet, RS232, and ATM are protocols with physical layer components.

I always start here to make sure that I don't waste time making things over complicated. If there are no lights on the network card, chances are that the cable is broken of there is a hardware failure on the network card itself. You can use cable testers to check cables, or use some common sense when swapping things round to isolate the cause of the problem. Making sure your operating system can see the hardware (and shows that it is functional) is also covered at this layer.

Data Link, Layer 2 : At this layer, data packets are encoded and decoded into bits. It furnishes transmission protocol knowledge and management and handles errors in the physical layer, flow control and frame synchronization. The data link layer is divided into two sublayers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sublayer controls how a computer on the network gains access to the data and permission to transmit it. The LLC layer controls frame synchronization, flow control and error checking.

Most problems at this layer can be troubleshooted with the arp command (in windows anyway). MAC addresses are supposedly globally unique to a device, but some people like to play around which can cause problems (google for arp poisoning / spoofing). Using 'arp -a' will show you which MAC addresses are mapped to which IP addresses locally which is sometimes helpfull. You could also setup a network sniffer to look at the frames being sent across your hubs / switches.

Network, Layer 3 : This layer provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. Routing and forwarding are functions of this layer, as well as addressing, internetworking, error handling, congestion control and packet sequencing.

This is a massive area to cover in a brief tutorial. It covers the routing protocols (rip1 and 2, ospf, igrp and a few others) as well as the routed protocols (most notably IP) . You can troubleshoot IP with icmp packets. Utilities like ping and tracert use icmp packets to get responses back from networked hosts.Packet sniffers can be setup to look at IP packets travelling across your hubs / switches in the same way as you would look at frame headers.

The 'route print' command will show you your routing table in windows. Every other operating system will have commands to show the routing table (in IOS it would be 'sho ip route'). Common problems at this layer will be things like duplicate IP addresses on your network.

Transport, Layer 4 : This layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer.

Most of the troubleshooting here would be done with a packet sniffer. TCP is used with IP as a means to ensure that the data within the packets is sent and received without any loss. If there is an error, packets are re-sent (it would be worth googling tcp packet header structure) with the correct sequence number so that no data is lost (it ensures complete data transfer). You can use packet sniffers to examine the tcp/udp packet headers to see what is happening at layer 4.

Session, Layer 5 : This layer establishes, manages and terminates connections between applications. The session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end. It deals with session and connection coordination.

The most likely thing you would be troubleshooting at this layer would be netbios over tcpip. Windows has some very useful utilities like nbtstat and the group of 'net' commands which will help you. Common mistakes are that people forget to install 'file and printer sharing' and 'client for microsoft networks' under Win9x operating systems and then wonder why they can't map drives or share folders. Other protocols like DNS, LDAP (this is used for most of the active directory replication), NFS, SQL, RPC and XWindows are also things that would be troubleshooted at this layer.

Presentation, Layer 6 : This layer provides independence from differences in data representation (e.g., encryption) by translating from application to network format, and vice versa. The presentation layer works to transform data into the form that the application layer can accept. This layer formats and encrypts data to be sent across a network, providing freedom from compatibility problems. It is sometimes called the syntax layer.

This layer looks at things like JPEG, MPEG, MIDI, QUICKTIME and other files of the same nature. Most of your troubleshooting will be with the applications that create them (at layer 7) but be aware that you can hex files to look at the structure and change them.

Application, Layer 7 : This layer supports application and end-user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and FTP are applications that exist entirely in the application level. Tiered application architectures are part of this layer.

If all of the other layers are working and have been tested, then this is usually just a matter of applying patches to software or reinstalling. Everyone probably has experience troubleshooting problems in windows. Telnet is an excellent tool for connecting to virtually any port to check to see if the above layers are functioning properly.

This document was not written as a step by step guide to setting up a network, nor was it designed to give detailed instructions on how to troubleshoot each layer. There will be many utilities out there to help you find problems that aren't covered by the scope of this document. Also, google is a wonderful thing. I suggest you all use it. Please just look at this and keep it in your head as a model of how to breakdown networking into easily manageable layers so you can identify and fix problems in a more systematic way. If I have left anything major out please let me know.


Author: flwLocation: U.S.A. PostPosted: Sat Jun 14, 2003 1:26 am    Post subject:
Thanks for reposting this. It is very good and I'd hate to loose it for good.

Author: PhiBerLocation: Your MBR PostPosted: Thu Aug 19, 2004 10:37 pm    Post subject:
You forgot to mention a layer.....Layer 8, the end user, the most prominent point of failure.

Author: tHe pRofeSsioNal PostPosted: Mon Feb 06, 2006 12:50 am    Post subject: correction
Network, Layer 3 : This layer provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node.

Logical paths and Virtual circuit creation comes under data link layer not in network layer-- like the virtual circuits created in frame relay which is a datalink layer protocol. right?

Author: ElToro PostPosted: Wed Feb 08, 2006 6:35 am    Post subject:
Logical paths and Virtual circuit creation comes under data link layer not in network layer-- like the virtual circuits created in frame relay which is a datalink layer protocol. right?

I believe the logical paths are referring to routes through the network. I do think using the term "virtual circuit" is a bit confusing here. I usually think of the network layer as providing logical addressing. Routes (or logical paths) through the network are created by routing protocols.

Author: spy109Location: Greenville, NC PostPosted: Thu Mar 16, 2006 11:46 pm    Post subject:
I just got to say that this post has help me understand the OSI model so much better. I am a IS: Network Admin and Support student and A+ certified. I have been having a really difficult time understand the model and what its purpose is. Thanks for clearing everything up for me. I have even copied the post in a word doc for future reference!

Author: booster PostPosted: Thu May 17, 2007 8:54 pm    Post subject:
Excellent post, makes things easier to understand for me anyway


Author: Strike TeamLocation: Scotland PostPosted: Wed Aug 01, 2007 9:53 pm    Post subject:
Very clear and well written. Helped my understanding a lot.

Where do firewalls fit into the OSI model?

Author: alt.don PostPosted: Wed Aug 01, 2007 10:37 pm    Post subject:
Firewalls have nothing to do with the OSI Reference model. They are an application true, but they are generally not thought of in the same breath as the OSI Reference model. The model is more for protocols vice actual programs such as a firewall. Hope this helps. For further reading on what a firewall is and how it works please give this a read.

Author: mcsestudentLocation: Karachi, Pakistan PostPosted: Wed Mar 11, 2009 10:43 am    Post subject: My understanding and knowledge
Yes I agree that the term virtual path means the logical path that the
data actually takes when travelling from 1 Router to the next .
Offcourse in the Network Layer(Where the Routers function),the data
travels in the form of packet containing source and destination IP address.

The data travelling throughout the network starting from 1st layer of OSI
model to the last layer ,is always logical(not seen from naked eyes).

But the logical addressing that you are talking about is actually the IP addressing which only occurs at the Network Layer(3rd Layer) of OSI Reference model.

As far as troubleshooting the network related problems is concerned,
The troubleshooting is always done in asending order starting from Layer1 to the last layer. And the Layers on which you actually work physically is Layer1,Layer2,Layer3, and Layer 7.

I hope this helps,

Author: colemancolLocation: United Kigdom PostPosted: Mon Dec 07, 2009 2:30 pm    Post subject:
The OSI layers are most important thing in networking:
Application layers: Deals with network services that interact with the user such as http, ftp, email, DNS etc. Problems related to browsers, ftp programs, email and network / internet programs can start here.
Presentation: Deals with data representation (data formatting) and encryption. Examples of technologies at this layer are ASCII, EBCDIC.
Session: Deals with interhost communication and is responsible for opening, closing and managing a session.
Transport: Deals with end to end connections, delivery of data and reliability. Examples of technologies at this layer are TCP / UDP and port numbers.
Network: Deals with logical address and routing (path determination) which includes IP addressing.
Datalink: Deals with physical addressing (MAC / LLC) and is responsible for getting data to other locations (LAN/WAN).
Physical:- Media, signal and binary transmission. Putting the data on to the physical media.

Author: wildsniper PostPosted: Sat Feb 06, 2010 8:56 am    Post subject:
It is very clear that OSI plays an very important for network troubleshooting.
Thanks a lot for sharing. Smile

Author: student123 PostPosted: Tue Jun 29, 2010 7:57 pm    Post subject: OSI Model
OSI Model no doubt is very important for IT Pros who are in networking.

FSB said that we can troubleshoot each and every layer of OSI Model.
How can we troubleshoot layer4(Transport),5(Session)and 6(Presentation)?

Author: alt.don PostPosted: Tue Jun 29, 2010 9:44 pm    Post subject:
Hello student123,

The question you are asking is way too vague. You are referring to a wide body of protocols ie: Layer 4/5/6. Please ask a specific question.


Author: dvdcd0211 PostPosted: Tue Mar 22, 2011 8:00 am    Post subject: Troubleshooting networking using the OSI model
Excellent for understanding the functions of seven OSI layers. A logical progression to identify faults within a network application. This kind of thing should be more accessible, such as the quality of identification of faults.

Networking/Security Forums -> Networking

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group