TCP/IP Fundamentals & the OSI Model
Key Takeaways
- The OSI (Open Systems Interconnection) model has 7 layers (Physical, Data Link, Network, Transport, Session, Presentation, Application) and is the framework CompTIA uses to localize a fault to one layer during troubleshooting.
- TCP (Transmission Control Protocol) is connection-oriented and guarantees delivery via the SYN/SYN-ACK/ACK handshake; UDP (User Datagram Protocol) is connectionless, has an 8-byte header, and trades reliability for speed.
- IPv4 addresses are 32-bit (four octets, e.g., 192.168.1.1) while IPv6 addresses are 128-bit written as eight hex groups (e.g., 2001:0db8::1).
- RFC 1918 private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) are not internet-routable and need NAT; APIPA (169.254.0.0/16) signals a failed DHCP lease.
- Networking is 20% of CompTIA A+ Core 1 (220-1201), a 90-question, 90-minute exam with a passing score of 675 on a 100-900 scale.
The OSI Model
The OSI (Open Systems Interconnection) model is a seven-layer conceptual framework that standardizes network communication. Real traffic actually rides the four-layer TCP/IP stack, but CompTIA leans on OSI because it lets you localize a fault to one layer instead of guessing. On the 220-1201 exam you will see scenario questions like "a user has a link light but no IP address" and must map that to a specific layer (Layer 3, Network).
| Layer | Name | Function | Protocols/Devices | Data Unit |
|---|---|---|---|---|
| 7 | Application | User-facing services | HTTP, FTP, SMTP, DNS, DHCP | Data |
| 6 | Presentation | Formatting, encryption, compression | SSL/TLS, JPEG, ASCII | Data |
| 5 | Session | Establishes/maintains sessions | NetBIOS, RPC, SMB | Data |
| 4 | Transport | End-to-end delivery, flow control | TCP, UDP | Segments / Datagrams |
| 3 | Network | Logical addressing, routing | IP, ICMP, ARP; routers | Packets |
| 2 | Data Link | Physical addressing, framing | Ethernet, 802.11, MAC; switches | Frames |
| 1 | Physical | Signals over media | Cables, hubs, NICs | Bits |
Memory aids: "Please Do Not Throw Sausage Pizza Away" (Layers 1->7) or "All People Seem To Need Data Processing" (Layers 7->1).
Bottom-up troubleshooting
CompTIA teaches a bottom-up approach: verify Layer 1 first because most field problems are physical.
- Layer 1 (Physical): Cable seated? Link LED lit? Wi-Fi radio enabled?
- Layer 2 (Data Link): Does the switch see the MAC? Is ARP resolving the gateway?
- Layer 3 (Network): Valid IP and gateway? Can you ping 127.0.0.1, then the gateway, then 8.8.8.8?
- Layer 4 (Transport): Is the right TCP/UDP port open, or is a firewall dropping it?
- Layers 5-7: Does name resolution work (ping by name vs. by IP)?
Common trap: if you can ping by IP but not by hostname, the failure is DNS (an upper-layer/application issue), not connectivity. Start at the physical layer unless the symptom clearly points higher.
TCP vs. UDP
| Feature | TCP | UDP |
|---|---|---|
| Connection | Connection-oriented (handshake) | Connectionless |
| Reliability | Guaranteed, retransmits lost data | Best-effort, no retransmit |
| Ordering | In-order delivery | May arrive out of order |
| Header | 20 bytes minimum | 8 bytes |
| Speed/overhead | Slower, more overhead | Faster, low overhead |
| Use cases | HTTP/HTTPS, SMTP, FTP, SSH | DNS queries, DHCP, VoIP, streaming, gaming |
TCP three-way handshake
- SYN - client sends a synchronize request.
- SYN-ACK - server acknowledges and synchronizes back.
- ACK - client acknowledges; the session is established.
For latency-sensitive media, UDP wins: dropping one frame of video beats freezing the stream to retransmit it.
IPv4 Addressing
An IPv4 address is a 32-bit value in dotted-decimal notation (e.g., 192.168.1.100), split into a network portion and a host portion by the subnet mask.
Address classes
| Class | First Octet | Default Mask | Purpose |
|---|---|---|---|
| A | 1-126 | 255.0.0.0 (/8) | Very large networks |
| B | 128-191 | 255.255.0.0 (/16) | Medium networks |
| C | 192-223 | 255.255.255.0 (/24) | Small networks |
| D | 224-239 | n/a | Multicast |
| E | 240-255 | n/a | Experimental |
The 127.0.0.0/8 block is reserved for loopback; 127.0.0.1 tests the local stack.
RFC 1918 private ranges
| Range | CIDR | Approx. hosts |
|---|---|---|
| 10.0.0.0 - 10.255.255.255 | 10.0.0.0/8 | ~16.7 million |
| 172.16.0.0 - 172.31.255.255 | 172.16.0.0/12 | ~1 million |
| 192.168.0.0 - 192.168.255.255 | 192.168.0.0/16 | ~65,000 |
Special addresses
- 127.0.0.1 - loopback / localhost
- 169.254.x.x - APIPA (Automatic Private IP Addressing); a self-assigned address that proves the DHCP server was unreachable
- 0.0.0.0 - default route / unspecified
- 255.255.255.255 - limited broadcast to the local subnet
IPv6 Addressing
IPv6 uses 128-bit addresses to end IPv4 exhaustion and has a fixed 40-byte header.
| Type | Prefix | Role |
|---|---|---|
| Global unicast | 2000::/3 | Publicly routable |
| Link-local | fe80::/10 | Auto-configured, local segment (IPv6 analog of APIPA) |
| Unique local | fc00::/7 | Private, like RFC 1918 |
| Loopback | ::1 | Equivalent to 127.0.0.1 |
| Multicast | ff00::/8 | One-to-many (IPv6 has no broadcast) |
Shortening rules: drop leading zeros in each group (2001:0db8 -> 2001:db8), and replace one run of all-zero groups with :: exactly once (2001:db8:0:0:0:0:0:1 -> 2001:db8::1). Using :: twice is invalid because the parser can no longer tell how many zero groups belong to each gap, so the address length becomes ambiguous.
Subnet masks and CIDR
The subnet mask tells a host which bits of an address are the network portion and which are the host portion. A mask of 255.255.255.0 means the first 24 bits identify the network and the last 8 identify the host, which is why it is written in CIDR (Classless Inter-Domain Routing) shorthand as /24. A /24 network has 256 total addresses, but two are unusable for hosts: the all-zeros address is the network ID and the all-ones address is the broadcast, leaving 254 usable hosts. CompTIA expects you to recognize that 192.168.1.0/24 covers 192.168.1.1 through 192.168.1.254, with 192.168.1.255 reserved as the broadcast.
The default gateway is the router address a host sends traffic to when the destination is on a different network. If a workstation has a valid IP and mask but no gateway, it can reach neighbors on its own subnet yet cannot reach the internet - a frequent exam scenario. To decide whether a destination is local, the host applies its mask: if the network bits of the source and destination match, it delivers directly; if they differ, it hands the packet to the gateway.
A worked troubleshooting scenario
A user reports "no internet." You run ipconfig and see 169.254.12.40 with mask 255.255.0.0 and a blank gateway. That 169.254 prefix is APIPA, so the host never got a DHCP lease - this is a Layer 3 (and possibly Layer 1/2) fault, not a browser or DNS issue. You verify the cable (Layer 1), confirm the switch port is up (Layer 2), then ipconfig /release and ipconfig /renew. A real address such as 192.168.1.45 with gateway 192.168.1.1 returns, confirming the DHCP server was simply unreachable during boot. This bottom-up flow is exactly how the exam frames networking troubleshooting.
At which OSI layer do routers make their forwarding decisions?
A technician needs the lowest-latency transport for live VoIP audio. Which protocol fits best?
A workstation reports the address 169.254.45.201. What does this most likely indicate?
Which of the following are valid RFC 1918 private IPv4 ranges? (Select THREE)
Select all that apply