Re: Session layer in OSI and TCP/IP

[sandthakur () gmail com]

My answer are inline with your queries, Naruto,


According to OSI model session layer provides connection establishment, management and termination. So does this mean 
that in OSI TCP 3-way handshake and graceful connection termination is initiated by session layer
and the transport layer is concerned with data transfer and reliability of communication only?
But in TCP/IP the connection establishment and termination along with reliability are part of the transport layer and 
no session layer is used. Is this statement correct?
Sandeep> Please refer the image from the below url first for better understanding of realtime protocol suit (TCP/IP) 
with respect to international standard (ISO OSI; this is not a protocol suit by itself; this is a standard for 
implementation of networking protocol suites).

http://homepages.uel.ac.uk/u0306091/TCP_IP9.gif

The function of  transport layer as per standard OSI will be implemented as is or with slight enhancements. In 
otherwords, connection establishment, reset task will be done at transport layer, you may refer OSI or TCP/IP. 
Similarly session layer is above the transport layer and nothing to do with connection establishment (three-way 
handshake procedure). Essentially, session layer will refer to protocols that fall under that layer or the session 
related to application itself which requires network service.


Eg.- I want to browse a website.
a) So according to OSI, firstly I resolve domain name using the DNS in application layer, then my web browser asks the 
session layer to initiate a
session. Session layer asks the transport layer to make suitable TCP packets to perform a 3 way handshake. Then HTTP 
packets are transported using the transport layer.
Sandeep> DNS is a concept which work across the networks. Yes, as you said the program which usually runs at 
application layer maintains the session incase required, which inturn are the services/features from session layer, 
similarly the presentation layers functions to the application layer program. Hence, all these are actually clubbed 
into one layer in TCP/IP as the program/protocol suite itself does most of these actions of (Application, Presentation, 
Session) layers. Transport layer when receives its top layer packets, it has nothing to do with top layer packets 
rather establish the connection from source port/address to dest port/address using flagging mechanism in handshake 
procedure and transfer it further. Network layer has role in it when request has to go out of the network. IP protocols 
helps in doing this...


b) According to TCP/IP, firstly I resolve domain name using DNS in application layer. Then my application layer 
requests the transport layer to
connect to a webserver on port 80. Transport layer makes a TCP 3-way handshake. After connection establishment HTTP 
packets are transported using transport layer.
Sandeep> This is correct.



Regards
Sandeep Thakur,
CEH, CHFI, ECSA, ISO 27001 LA, ... so on

Reach me here for any queries with respect to IT Security and its culture:

http://groups.google.com/group/nforceit

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------