OSI and TCP/IP Models with Device and Protocol Mapping

The OSI Model as a Troubleshooting Map

The CompTIA Network+ (N10-009) exam launched June 20, 2024 and is a 90-question, 90-minute test scored 100-900 with a passing score of 720. Domain 1, Networking Concepts, is the largest objective at 23%, and the Open Systems Interconnection (OSI) model is its backbone. Memorize the layers bottom-up with "Please Do Not Throw Sausage Pizza Away" (Physical, Data Link, Network, Transport, Session, Presentation, Application) and top-down with "All People Seem To Need Data Processing."

The exam uses OSI to organize symptoms, not as trivia. If the link light is dark, start at Layer 1. If IP works but names fail, look at Layer 7. If TCP connects but the app rejects credentials, the path is fine and the problem is the application. The model also dictates which tool you reach for: a cable certifier and toner probe live at Layer 1, a managed switch CLI and show mac address-table live at Layer 2, ping, traceroute, and route tables live at Layer 3, netstat and port scans live at Layer 4, and protocol analyzers such as Wireshark let you read whichever header you suspect.

Anchoring tools to layers keeps you from, for example, replacing a cable when a name-resolution failure clearly sits at the top of the stack.

A second reason the exam loves OSI is that each layer is a clean handoff point. The unit of data at every layer has a specific name, called a protocol data unit (PDU), and being able to say "the problem is at the packet level, not the frame level" is the difference between a confident diagnosis and a guess. Watch the boundary cases: TLS encryption is presentation-layer work even though it rides inside a Layer 4 segment, and ARP straddles the line between Layer 2 (it deals in MAC addresses) and Layer 3 (it resolves IP addresses), which is why many references call it a Layer 2.5 protocol.

Mapping OSI to the TCP/IP Model

The TCP/IP model (also called the DoD model) compresses the seven OSI layers into four. The exam expects you to translate fluently between them, because real protocol stacks follow TCP/IP while diagnosis vocabulary follows OSI.

Device and Protocol Layer Mapping

Most N10-009 "which layer" questions hinge on the primary decision a device makes. A hub repeats electrical signals (Layer 1); a switch reads MAC addresses (Layer 2); a router reads IP addresses (Layer 3).

Worked Scenario: Narrow by What Works

A desktop has a link light, gets a DHCP lease, can ping its default gateway, but cannot open https://intranet.example by name. Walk up the stack:

The clue points to DNS resolution, so the fix is nslookup, the resolver config, or the DNS server, not a cable swap. As data leaves the host each lower layer adds its header (encapsulation), and the receiving stack removes them in reverse (de-encapsulation). Knowing the protocol data unit names, Data, Segment/Datagram, Packet, Frame, Bits, lets you describe exactly where a capture or counter sits.

A disciplined approach for any N10-009 layered question is to confirm each layer from the bottom up before blaming the one above it, because every working layer rules out a whole class of causes. In the example, a valid DHCP lease proves the host completed a Layer 2 exchange and holds correct Layer 3 settings, and a successful gateway ping proves ICMP echo (Layer 3) reaches the router and returns. Only the name lookup is left, so the fault is isolated to DNS without touching cabling, switches, or routing.

The same logic runs in reverse for top-down questions: if a browser shows a certificate error, you already know Layers 1 through 4 work, so you investigate the Presentation layer, the certificate, cipher, or system clock, rather than re-running connectivity tests. This is precisely the reasoning the exam rewards, and it is why memorizing layer numbers alone is not enough; you must know what each working layer lets you eliminate.