Defining Networks with the OSI Model | 43 This is a secure, encrypted connection to the PayPal Web site. Many Web sites offer this, not only when actual transactions are made, but also as a courtesy to customers, giving them peace of mind in that their entire session with the Web site is encrypted and somewhat secure. This type of encryption protocol works on port 443, and the actual transmission of encrypted data is governed by the presentation layer. One of a few protocols can be used during HTTPS transfers. The most common example as of the writing of this book is Transport Layer Security TLS, but you might also see Secure Sockets Layer SSL. Data that is transferred over the web is usually compressed, or encoded, as well. For example, many web browsers accept gzip encoding. DEFINE THE APPLICATION LAYER GET READY. Layer 7—the application layer—is where protocols like HTTP, FTP, and POP3 reside. The application layer is not the applications themselves Internet Explorer or Outlook, but rather the protocols that the applications initiate, such as HTTP or POP3. For example, when you open Internet Explorer, you are opening an application. If you were to type http:www.microsoft.com in the URL field and press Enter, doing so would initiate the HTTP protocol starting the transfer of data over the OSI model, beginning with the applica- tion layer. Let’s capture some data as we connect to a Web site by performing the following actions:

1. Open Wireshark and begin a packet capture.

2. Connect with your browser to www.microsoft.com.

3. Stop the capture and view the information.

4. Look for the first HTTP packet in the Protocol column. This should be called GET

HTTP1.1 in the Info column.

5. Click the packet and drill down through the various layers in the middle pane. Not

only will you see Layers 2 and 3 as we defined them in the network layer section, but you will also see the upper layers in action. Your results should be similar to Figure 2-7. Figure 2-7 Wireshark capture of an HTTP packet

6. Click the ⫹ sign next to Hypertext Transfer Protocol. Here, you will see the host

that you connected to: www.microsoft.com. You will also notice the gzip and deflate encodingdecoding schemes we alluded to earlier. 44 | Lesson 2 7. Click the ⴙ sign next to Transmission Control Protocol. Here, you will see the out- bound port used by your computer to connect to the web server known as a source port, as well as the inbound port 80 that the web server uses known as a Dst or destination port.

8. Spend some time analyzing the information listed, and match it to the appropriate

layer of the OSI model. Devices known as gateways reside on the application layer. These are not to be confused with gateway devices like routers on the network layer. An application layer gateway is a computer that translates from one protocol suite to another, such as from TCPIP to IPXSPX. An example, albeit an out of date one, would be Client Services for NetWare when loaded on a Windows client computer. Reviewing the OSI Layers CERTIFICATION READY What do you need to know to review all of the OSI layers? 3.1 Application Presentation Transmitting Computer Session Transport Network Data Link Physical Application Presentation Receiving Computer Session Transport Network Data Link Physical Figure 2-8 OSI layers revisited In general, data transactions start at the sending computer, travel down the OSI layers start- ing with the application layer and ending with the physical layer, are transmitted across the physical medium be it wired or wireless, and travel back up the layers of the OSI model at the receiving computer. For example, if you wanted to connect to a Web site, you would type the name of the site in your web browser’s address field. Then, when you press Enter, the HTTP protocol would take effect at the application layer. The packets of data would be compressed with gzip and possibly encrypted HTTPS by way of SSL or TLS at the presentation layer. The web server would acknowledge the session with the client web browser at the session layer. The information would then be transmitted as TCP information on the transport layer, where ports are also selected. The TCP information would be broken up into easy-to-send The OSI model contains seven layers, each of which work collectively to define the trans- mission of data from one computer to another. The mnemonic device All People Seem To Need Data Processing can help you memorize the layer order. Although earlier in the lesson, we defined each of the OSI layers starting at the bottom, the physical layer, and moving upward from there, quite often, you will see the layers listed from the top down, with the application layer at the top and the physical layer at the bottom, as shown in Figure 2-8. However, in Wireshark and other protocol analyzers, the physical layer will be displayed at the top. It all depends on what application or technical document you are looking at, so be ready to encounter both orientations.