CISSP D4 Preview | The TCP/IP model

In this lecture, we’re going to talk about the other big model that we use for networking traffic, that is the TCP/IP model.
You may also hear it referred to as the Internet Protocol Suite or the DOD model.
They’re all names for the same.
The TCP/IP model is just like the OSI model, a conceptual model.
It gives us that standardization.
So when we talk about data, how it’s addressed, how it’s packetized, transmitted, routed, received, regardless of what our backend systems are, we have a common point of reference.
We’re not going to spend as much time on the TCP/IP model like we did on the OSI model, because much of the curriculum we have already covered, in this lecture, we’re just going to talk about what is different and how different things map to the different layers of the TCP/IP model.
If you look at the graphics here below, you can see that the TCP/IP model has four layers where the OSI model has seven.
It is very likely you will encounter both models, both in your work and on your exam.
So understand both of them, understand how they map to each other.
In the TCP/IP model, the link and physical layer is the lowest layer that would be layer 1 and 2 in the OSI model.
Layer 2 is the Internet work layer that maps directly to the networking layer of the OSI model, this is where, for instance, we have IPs which connect our network to other networks, which effectively allows us to communicate outside of our local network.
Most often the Internet.
Layer 3 in the TCP/IP model is exactly the same as layer 4 in the OSI model.
It is the transport layer in both.
Remember, this is where we have UDP and TCP, and then finally we have the application layer that combines they are 5, 6 and 7 from the same model.
That layer provides process to process data exchange for applications and as you probably remember from the OSI model, sessions, encryption, decryption, and presentation to the actual user.
And remember, these are logical models.
They just give us an easier way to understand how networks work.
And when we want to talk about something about networks, then it’s easy to say this is layer 3 or 4 or whatever.
So the link and logic layer is exactly the same, we would have on OSI layers 1 and 2.
We have cables, physical devices, Mac addresses, and all our data is contained to host on the same network and on the same subnet.
And as I mentioned, we’re going to go through the TCP/IP model pretty quickly because most of what we have here, we already covered in the OSI model.
Now you just need to understand how to map the two models.
The Internet work layer there is the one that maps directly to the OSI layer 3, the networking layer.
This is where we at IP addresses and IP addresses have two basic functions.
First off, it is host identification and addressing.
This is where each node has a unique IP address so we know where to send the data and then it does packet routing.
We talked about that before when I went to my website.
So if I type in, in my browser, Thorteaches.com, that is then translated to an IP address that is sent off to my service provider’s network and for each routed hits, it checks against its routing table.
What is the best path right now to Thorteaches.com and this IP.
It is then sent through the network of my ISP, the next ISP, the next ISP until it gets to the server that houses Thorteaches.com, then the server response to the request, it sends the website requested back to my IP doing everything in reverse.
Layer 3 of the TCP/IP model is the transport layer, exactly the same name as layer 4 on the OSI model.
So at least this one is easy to remember.
This is where we have TCP and UDP, but this is also where we have port numbers, and port numbers are very important and we will cover more in depth when we look at IP addresses.
An easy way to think of port numbers is like an address of a large apartment building.
The street name and number is the IP address.
The port number is the apartment.
The same when you go to a website or do anything on the Internet, you don’t just go to a website, you go to a website and a port number.
And that then sends the traffic back to my IP and to the port number where it is supposed to be.
If I go to my website, Thorteaches.com, what I am really requesting is Thorteaches.com at port 443.
It is a secure website.
I send the request off, but on my end, I also want it back in the browser window where I requested it, I may have 20 different windows open and to make sure it gets delivered in the right browser window, we use port numbers.
Just like with the address, if there are 200 apartments in that building, then the actual building number is not going to help much.
To deliver it to the right location, you need the street name, number, and you need the apartment number.
The last layer on the TCP/IP model is the application layer, and remember, that is what maps to layer 5, 6 and 7 on the OSI model.
The application layer has all the protocols used by our applications to provide user services, exchange data over our networks, and the types of applications and protocols we use determine how the data is transported in the lower layers.
If our application is voice over IP, then the transport layer needs to know that so you can choose to send the traffic as UDP, whereas if it was a website, it needs to know that so it can send the traffic as TCP.
Normally routers and switches don’t expect the package they’re sending, they’re just there to provide a conduit that can send it efficiently and fast.
We can, however, if we want to use firewalls or bandwidth throttling to interpret some of the application data.
And what that really means is we can prioritize certain traffic and to some extent have the firewalls that are below layer 5 on the model inspect traffic that is not encrypted.
Remember, traffic is encrypted on layer 6.
So if it is encrypted on layer 5, we can’t see what’s in the data.
I think it is also important to remember that the TCP/IP model distinguishes between user protocols and support protocols.
User protocols are the protocols we use, support protocols are, well, support protocols.
They make stuff work.
Over here on the right, you can see a very simplistic way of looking at how packets travel through our networks and the headers that are added or removed for each layer.
The green box is the actual data.
That is what we want to send from A to B.
On the application layer, we add the upper layer headers, this is where we tell it it’s a website, it is HTPPS, then at the transport layer, it decides is it TCP or UDP, we add the port number, since it is a website we get a TCP header.
Since it is a secure website, it is port 443.
Then on the internet work layer, we add the IP header, what is the source and destination IP.
Where do we need to go to get the data and where do we need to send it?
On the link layer we add the layer 2 header and then finally on the physical layer, this is where we send the actual data.
This is the 0s and the 1s.
When it gets to its destination, it does all the same in reverse, removes the layer 2 header, the IP header, the TCP/UDP header, and the upper layer header until it gets the data.
Since this was a website request, it then does everything in reverse.
Upper layer header, TCP/UDP, IP, layer 2, sends the traffic back to me all the way back up up to my application layer where I see the website.
So for each layer of the TCP/IP model or the OSI model, we add or remove encapsulation that is called encapsulation or decapsulation, and the higher up the stack would go, the slower and the smarter the stack is.
This is true for both models and with that we are done with this lecture.
I will see you in the next one.