Troubleshooting Networks – Layers 4-7 in the OSI Model

I was recently asked how to troubleshoot layers 4-7 of the OSI model.

Lower layers are drawn wider to show protocol encapsulation

Layer 4 (Transport) : Most problems at the transport layer have to do with blocked ports.  Ensure there are no firewalls (ex. iptables) blocking the TCP/UDP ports you’re trying to troubleshoot.  You can also try temporarily disabling quality of service (QoS).

Layer 5 (Session) and Layer 6 (Presentation) : Example protocols in these layers include sockets in the session layer and MIME in the presentation layer.  These two layers play a less active role in the functioning of the network compared to the other layers of the OSI model.  There usually isn’t anything here to troubleshoot.

Layer 7 (Application) : The app layer is where client-server apps are used.  For example, HTTP, HTTPS, SMTP, SSH, DNS.  Regarding DNS, use the dig or nslookup commands as a starting point to figuring out why DNS is failing.  For HTTP, you might use Apache’s or NGINX’s stats pages.  (Be sure to turn these off when you’re done using them though, for security.)  For SSH, SMTP, and all cases: check the logs.  Temporarily enable debug logging if you have to.  You can also use tcpdump to filter TCP/IP packets and analyze the protocols used.
There is certainly more that could be said here, but I just wanted to write down what I’ve learned so far.  Credit for much of the above info goes to:

Sukesh Mudrakola at Techgenix
Brendan Gregg’s book on Systems Performance

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s