CISSP Domain 4 Communication and Network Security Cheat Sheet

Layer 4 – Transport

Handles packet sequencing, flow control, and error deduction. TCP and UDP are layer 4 protocols. TCP contains features that allows for resending and resequencing at the expense of speed as oppose to UDP where these features are not implemented.

Layer 5 – Session

The session layer manages session, which provide maintenance on connections. Mounting a file share via a network requires a number of maintenance sessions, such as remote procedure calls (RPCs). The session layer manages “session between applications” and uses simplex, half-duplex and full duplex communication.

Layer 6 – Presentation

The presentation layer presents data to the application in a comprehensible way. This includes data conversion, character sets such as ASCII, image formats such as GIF,JPEGand TIFF.

Layer 7 – Application

This layer is where the user interfaces with the computer application such as web browser, word processor, instant messenger, FTP, telnet.

Please Do Not Throw Sausage Pizza Away – PDNTSPA
Please Do Not Tell Sales People Anything – PDNTSPA
All People Seem To Need Data Processing – APSTNDP


TCP/IP (Transmission Control Protocol/Internet Protocol) is an informal name for the Internet protocol suite. It contains a suite of protocols including UDP and ICMP, among many others.

Network Access Layer

It combines layers 1 and 2 of the OSI model.

Internet Layer

Aligns with layer 3 of the OSI model the network layer.

Host-to-Host Transport Layer

Aligns with layer 4 of the OSI model the transport layer.

Application Layer

Combines layer 5-7 of the OSI model (Session, Presentation and Application Layers)


Takes information from a higher layer and adds a header to treating the higher layer information as data. One layer’s data is another layer’s data. As data moves down the stack, application layer data is encapsulated in a layer 4 TCP segment. That TCP segment is encapsulated in a Layer 3 IP packet. That TCP segment is encapsulated in a Layer 3 IP packet. That packet is encapsulated in a Layer 2 Ethernet frame. The frame is then converted into bits at layer 1 and sent across the local network. Data, segments, frames, and bits are examples of Protocol Data Units.

Mnemonic for PDUS
SPF10 – Segments, Packets, Frames, 1 and 0s (bits)

The reverse of encapsulation is called de-multiplexing or de-encapsulation.

Network Access, Internet and Transport Layer Protocols and Concepts

MAC Addresses

A MAC address is the uniqe hardware address of an Ethernet network inteface card (NIC), typically burned at the factory. MAC addresses maybe changed in software. The MAC address is 48 bits long with two halves: 24 bits form the Organization Unique Identified (OUI) and 24bits form the serial number (Extention indentifier).

EUI-64 MAC addresses

The IEEE created the EUI-64 (Extended Unique Identifer) standard for 64 bit MAC addresses. 24 bits for the OUI and 40 buts for the serial number. IPv6 autoconfiguration supports both EUI64 and 48 bit mac addresses.


IPv4 Internet Protocol v4 was designed for the US defense advanged research projects agency (DARPA) for use in ARPAnet which later became the internet. IP is simple, connectioness and unreliable and relies on TCP to offer such features. IPv4 uses a 32bit source and destination address which and has a limitation in the total address space.

Key IPv4 Header Fields

  • Version: IP version (4 for ipv4)
  • IHL: Length of IP header
  • Type of Service: Originally used for precedence of packet, but now used for DIffServe – QoS
  • Identification, Flags, Offset: used for IP fragmentation
  • Time to Live: to end routing loops
  • Protocol: embedded protocol (protocol number representing TCP, UDP, etc.)
  • Source and Destination IP addresses
  • Optional: Options and Padding
IP Fragementation

If a packet exceeds the Maximum Transmission Unit (MTU) of a network a router along the path may fragement it. A typical MTU size is 1500 bytes.

  • Identifiation field (IPID) – used to associate fragemented packets (they will have the same IPID)
  • Flags field – used to determine if fragmentation is allowed and whether more fragements are coming
  • Offset field – gives the data offest the current fragment carries

Path MTU discovery uses fragmentation to discover the largest size packet allowed across a network by using the DF flag (do not fragment) and listening to the ICMP response “Fragmentation needed and DF set”. By sending increasingly smaller packets with DF set, you can determine the maximum packet allowed.

Related Posts with Thumbnails

About the Author

Alfred Tong
Author and owner of this blog. A Networking enthusiast, full time networking and systems Engineer. Generally curious about all things IT.Certifications: GIAC GSEC, CCNP-S, CCNP, CCSP, CCDP, CCNA, RHCE, JNCIA - FWV