This chapter covers encapsulation and Protocol Data Units (PDUs) at each layer of the OSI model, a foundational concept for the CompTIA Network+ N10-009 exam. Understanding how data is wrapped and unwrapped as it travels through the network stack is critical for troubleshooting and design. Approximately 10-15% of exam questions touch on OSI model layers, encapsulation, and PDU terminology. Mastery of this topic ensures you can correctly identify where problems occur and how protocols interact.
Jump to a section
Think of sending a package via a postal service. You write a letter (application data), put it in an envelope (Layer 6 presentation), address it with a name and department (Layer 5 session), then put that envelope into a larger envelope with a specific company address and recipient name (Layer 4 transport, like a port number). This larger envelope goes into a mailbag labeled with the building address (Layer 3 network, like an IP address). The mailbag is handed to a courier truck that follows a route (Layer 2 data link, like a MAC address on a local segment). Finally, the truck drives on roads (Layer 1 physical, like cables and signals). At each step, the postal worker adds or removes the appropriate outer wrapping. The inner contents remain untouched. If the package is too big, it may be split into multiple boxes (segmentation) and reassembled at the destination. This mirrors exactly how data moves through the OSI model: each layer adds its own header (encapsulation) and the receiving peer layer strips it off (de-encapsulation).
What is Encapsulation and Why Does It Exist?
Encapsulation is the process by which each layer of the OSI model adds its own header (and sometimes a trailer) to the data received from the layer above. This header contains control information needed for the layer's function. The primary reason for encapsulation is modularity: each layer can focus on its own job without needing to understand the details of other layers. For example, the network layer (Layer 3) doesn't need to know about the physical medium; it just needs to know the logical address.
The Protocol Data Unit (PDU)
A Protocol Data Unit (PDU) is the generic term for a block of data at a specific OSI layer. Each layer has its own PDU name:
Layer 1 (Physical): Bits
Layer 2 (Data Link): Frames
Layer 3 (Network): Packets
Layer 4 (Transport): Segments (TCP) or Datagrams (UDP)
Layer 5-7 (Session, Presentation, Application): Data (or more specifically, Application Data)
When data moves down the stack, each layer adds its header (encapsulation). When data moves up the stack, each layer removes its header (de-encapsulation).
Step-by-Step Encapsulation Process
Consider a web browser requesting a page from a server using HTTP over TCP/IP:
Application Layer (Layer 7): The browser generates HTTP request data. This is the Application Data PDU.
Presentation Layer (Layer 6): May compress or encrypt the data (e.g., TLS). The PDU is still called Data.
Session Layer (Layer 5): Manages the session (e.g., TLS handshake). The PDU remains Data.
Transport Layer (Layer 4): The TCP protocol adds a TCP header, which includes source and destination port numbers (e.g., 49152-65535 for source, 80 for destination), sequence numbers, and checksums. The PDU becomes a Segment (TCP) or Datagram (UDP). If the data is larger than the Maximum Segment Size (MSS, default 1460 bytes for Ethernet), TCP segments it into multiple segments.
Network Layer (Layer 3): The IP protocol adds an IP header, which includes source and destination IP addresses (e.g., 192.168.1.10 to 203.0.113.5), Time-to-Live (TTL, default 64 or 128), and protocol type (e.g., 6 for TCP). The PDU becomes a Packet.
Data Link Layer (Layer 2): The Ethernet protocol adds a header (source and destination MAC addresses) and a trailer (Frame Check Sequence, FCS). The PDU becomes a Frame. The maximum transmission unit (MTU) for Ethernet is 1500 bytes. If the packet is larger, IP fragmentation may occur at Layer 3 before reaching Layer 2.
Physical Layer (Layer 1): The frame is converted into bits (electrical signals, light pulses, or radio waves) and transmitted over the medium.
At the receiving end, the process reverses: each layer strips its corresponding header and passes the payload up.
Key Components and Values
MTU (Maximum Transmission Unit): Default 1500 bytes for Ethernet. Determines the largest PDU that can be sent in a single frame. If a packet exceeds the MTU, fragmentation occurs at Layer 3.
MSS (Maximum Segment Size): Default 1460 bytes for TCP over Ethernet (1500 - 20 bytes IP header - 20 bytes TCP header). MSS is negotiated during the TCP three-way handshake.
TTL (Time to Live): Default 64 (Linux, macOS) or 128 (Windows). Decremented by each router; packet discarded when TTL reaches 0.
Protocol Field in IP Header: Indicates the upper-layer protocol: 6 for TCP, 17 for UDP, 1 for ICMP.
EtherType: Indicates the network layer protocol: 0x0800 for IPv4, 0x86DD for IPv6.
Encapsulation in Practice: A Web Request Example
Assume a client with IP 192.168.1.10 sends an HTTP GET to server 203.0.113.5:80.
Layer 4 (Transport): Source port = 49152 (ephemeral), destination port = 80. TCP segment includes sequence number = 100 (example), acknowledgment number = 0 (SYN flag set).
Layer 3 (Network): Source IP = 192.168.1.10, destination IP = 203.0.113.5, TTL = 64, protocol = 6 (TCP).
Layer 2 (Data Link): Source MAC = client's NIC MAC (e.g., 00:1A:2B:3C:4D:5E), destination MAC = default gateway's MAC (e.g., 00:1A:2B:3C:4D:5F). EtherType = 0x0800.
Layer 1 (Physical): Bits transmitted as electrical signals on Ethernet cable.
At the default gateway (router), the router strips the Layer 2 header, examines the Layer 3 destination IP, and forwards the packet out the appropriate interface. It then builds a new Layer 2 header with the next-hop MAC address.
De-encapsulation at the Server
Layer 1: Receive bits, convert to frame.
Layer 2: Check FCS, strip Ethernet header/trailer, pass packet to Layer 3.
Layer 3: Check IP header, verify destination IP matches, strip IP header, pass segment to Layer 4.
Layer 4: Check TCP header, verify port 80, reassemble segments if needed, pass data to Layer 5-7.
Layer 5-7: Process HTTP request.
Interaction with Related Technologies
VLANs (802.1Q): Adds a 4-byte tag to the Ethernet frame between the source MAC and EtherType. This increases the frame size, so the MTU is effectively 1504 bytes (or 1522 bytes with Q-in-Q).
MPLS: Inserts a shim header between Layer 2 and Layer 3.
IPsec: Encapsulates IP packets with an ESP header and trailer, adding overhead.
NAT: Modifies the IP header (source/destination addresses) and recalculates checksums.
Verification Commands
On a Windows client, you can see encapsulation details using:
ping -n 1 -l 1472 8.8.8.8This sends an ICMP echo request with 1472 bytes of data. With 8 bytes of ICMP header and 20 bytes of IP header, the total IP packet is 1500 bytes, fitting exactly in one Ethernet frame.
To check MTU on Windows:
netsh interface ipv4 show subinterfacesOn Linux:
ip link showSummary
Encapsulation is the fundamental mechanism that enables layered communication. Each layer adds its own header, and the receiving peer layer interprets and removes it. Understanding PDU names and the encapsulation process is essential for network troubleshooting and protocol analysis.
Application Layer Generates Data
The application (e.g., web browser) creates data to send. This data is typically in a format like HTTP, FTP, or SMTP. The PDU at this layer is called 'Data' (or Application Data). No header is added yet; the data is passed to the presentation layer. The application is unaware of lower-layer details.
Presentation Layer Formats Data
The presentation layer may perform encryption (e.g., TLS), compression, or character encoding conversion. It adds its own header if needed (e.g., TLS record header). The PDU is still called 'Data'. This layer ensures that the data is in a format the receiving application can understand.
Session Layer Manages Dialog
The session layer establishes, manages, and terminates connections between applications. It may add a header for session control (e.g., NetBIOS session). The PDU remains 'Data'. This layer is often combined with the presentation layer in practice (e.g., TLS handles both).
Transport Layer Segments Data
The transport layer (TCP or UDP) adds a header containing source and destination port numbers, sequence numbers (TCP), and checksums. TCP segments the data into MSS-sized chunks (default 1460 bytes). The PDU becomes a 'Segment' (TCP) or 'Datagram' (UDP). This layer provides reliable delivery (TCP) or best-effort (UDP).
Network Layer Adds Logical Addressing
The network layer (IP) adds a header with source and destination IP addresses, TTL, protocol type, and other fields. If the segment/datagram exceeds the path MTU, IP may fragment it. The PDU becomes a 'Packet'. This layer handles routing across networks.
Data Link Layer Frames for Local Delivery
The data link layer (Ethernet) adds a header (source and destination MAC addresses, EtherType) and a trailer (FCS). The PDU becomes a 'Frame'. This layer handles local delivery on the same network segment. If the packet is larger than the MTU (1500 bytes for Ethernet), the frame cannot be sent; fragmentation must occur at Layer 3.
Physical Layer Transmits Bits
The physical layer converts the frame into bits and transmits them over the physical medium (e.g., electrical signals on copper, light pulses on fiber, radio waves on wireless). The PDU is called 'Bits'. This layer defines the hardware specifications: voltage levels, timing, pin layouts, etc.
Enterprise Web Server Farm
A large e-commerce company runs a web server farm behind a load balancer. The load balancer performs NAT and terminates TLS. When a client sends an HTTPS request, the client's browser generates Application Data. The presentation layer (TLS) encrypts the HTTP request, adding a TLS record header. The session layer manages the TLS session. The transport layer (TCP) adds a segment with source port 44300 (ephemeral) and destination port 443. The network layer adds an IP packet with the client's public IP and the load balancer's virtual IP. The data link layer adds Ethernet frames with the client's MAC and the default gateway's MAC. The load balancer receives the frame, de-encapsulates up to Layer 4, sees destination port 443, terminates TLS (decrypts), and then re-encapsulates the HTTP request to send to a backend server using a private IP. This requires careful MTU planning: if the backend uses jumbo frames (MTU 9000), the load balancer must fragment or adjust MSS. Misconfiguration can cause 'TCP window scaling' issues or packet drops. Performance scales with the number of concurrent connections; the load balancer's CPU handles encryption and encapsulation overhead.
Remote Office VPN
A company with branch offices uses IPsec VPNs to connect over the internet. When a user in a branch office accesses a file server at headquarters, their data is encapsulated multiple times. The original packet (up to Layer 4) is encrypted and placed inside an IPsec ESP packet (Layer 3.5). This new packet is then encapsulated in a new IP header with the VPN gateway's public IP addresses. The outer packet is then framed for Ethernet and sent over the internet. The VPN gateway at headquarters de-encapsulates: strips the outer IP header, decrypts the ESP payload, and forwards the original packet on the internal network. Common issues include MTU mismatches: the additional IPsec headers (50-60 bytes) can cause fragmentation. Engineers often set the MSS to 1360 bytes (1460 - 100 for IPsec overhead) to avoid fragmentation. Also, if the VPN gateway's policy incorrectly handles IP protocol 50 (ESP) or 51 (AH), packets may be dropped.
Cloud Migration with Overlay Networks
When migrating to the cloud, companies often use overlay networks like VXLAN to extend Layer 2 segments across Layer 3 boundaries. VXLAN encapsulates the original Ethernet frame inside a UDP packet (port 4789) with a VXLAN header. This adds 50 bytes of overhead. The original frame's MAC addresses are preserved, but the outer packet uses the host's IP addresses. Cloud providers set the MTU to 1500, but the overlay overhead reduces the effective payload to 1450 bytes. If the application sends packets with DF (Don't Fragment) set and the path MTU is not adjusted, packets are dropped. Engineers must configure the host's MTU to 1450 or enable Path MTU Discovery (PMTUD) with ICMP. Misconfiguration leads to black-hole connections where large packets are silently dropped.
N10-009 Objective 1.1: Explain the OSI model and its layers
The exam tests your ability to identify the correct PDU name for each OSI layer and understand the encapsulation/de-encapsulation process. Specific objectives include: - 1.1.a: Identify the seven layers of the OSI model - 1.1.b: Describe the function of each layer - 1.1.c: Explain how data flows through the layers (encapsulation)
Common Wrong Answers and Why Candidates Choose Them
Mixing up PDU names: Many candidates think 'Packet' is the PDU for Layer 2 (Data Link) because they hear 'packet switching'. The correct PDU for Layer 2 is 'Frame'. For Layer 3, it's 'Packet'. Remember: Frames are for local delivery, packets are for routed delivery.
Confusing 'Segment' and 'Datagram': Candidates often use 'segment' for both TCP and UDP. The exam distinguishes: TCP uses 'Segment', UDP uses 'Datagram'. Always pair TCP with Segment and UDP with Datagram.
Thinking encryption happens at the Session layer: Encryption is a Presentation layer function (Layer 6). The Session layer manages dialog control, not encryption.
Assuming the Data Link layer adds only a header: The Data Link layer adds both a header and a trailer (FCS). Many candidates forget the trailer.
Specific Numbers and Terms
MTU: 1500 bytes for Ethernet
MSS: 1460 bytes for TCP over Ethernet
TTL: 64 or 128
Protocol numbers: TCP=6, UDP=17, ICMP=1
EtherType: IPv4=0x0800, IPv6=0x86DD
Port numbers: 0-1023 well-known, 1024-49151 registered, 49152-65535 dynamic/private
Edge Cases the Exam Tests
Fragmentation: Occurs at Layer 3 (Network) when the packet exceeds the MTU of the outgoing interface. The exam may ask which layer handles fragmentation.
Jumbo Frames: MTU larger than 1500 (e.g., 9000). Used in data centers. The exam might ask about the impact on encapsulation.
802.1Q VLAN Tagging: Adds 4 bytes to the frame, increasing the effective MTU to 1504 bytes. The exam may ask how this affects encapsulation.
IPv6 vs IPv4: IPv6 has a fixed header size (40 bytes) and uses extension headers. Fragmentation is done only by the source, not routers.
How to Eliminate Wrong Answers
If a question asks 'At which layer does a router operate?', eliminate Layer 2 answers because routers use IP addresses (Layer 3). If asked about 'reliable delivery', eliminate UDP answers. For 'What PDU is associated with the transport layer?', eliminate 'Packet' and 'Frame' because those are Layer 3 and Layer 2 respectively.
Encapsulation is the process of adding headers (and sometimes trailers) as data moves down the OSI stack.
De-encapsulation is the reverse: each layer removes its header as data moves up.
PDU names: Bits (L1), Frames (L2), Packets (L3), Segments (TCP L4) or Datagrams (UDP L4), Data (L5-7).
Ethernet MTU is 1500 bytes; TCP MSS is typically 1460 bytes for Ethernet.
Fragmentation occurs at Layer 3 (Network) when a packet exceeds the MTU.
The Data Link layer adds both a header (MAC addresses) and a trailer (FCS).
The Presentation layer handles encryption, compression, and translation.
The Session layer manages dialog control and synchronization.
Routers operate at Layer 3; switches typically at Layer 2; hubs at Layer 1.
TCP protocol number is 6; UDP is 17; ICMP is 1.
These come up on the exam all the time. Here's how to tell them apart.
TCP (Transmission Control Protocol)
Connection-oriented: establishes a session before data transfer
Provides reliable delivery with acknowledgments and retransmissions
PDU is called a 'segment'
Includes sequence numbers for ordering and flow control
Higher overhead due to header (20-60 bytes) and connection management
UDP (User Datagram Protocol)
Connectionless: no session establishment
Best-effort delivery: no acknowledgments or retransmissions
PDU is called a 'datagram'
No sequence numbers; no ordering guarantees
Lower overhead: header is 8 bytes; faster but unreliable
Mistake
The OSI model has 8 layers.
Correct
The OSI model has exactly 7 layers: Physical, Data Link, Network, Transport, Session, Presentation, Application.
Mistake
Encapsulation adds headers at every layer, including the physical layer.
Correct
The physical layer does not add headers; it transmits bits. Headers are added at Layers 2 through 7. Layer 1 deals with raw bits.
Mistake
The PDU at the network layer is called a 'frame'.
Correct
The PDU at the network layer (Layer 3) is called a 'packet'. 'Frame' is the PDU for the data link layer (Layer 2).
Mistake
TCP and UDP both use the same PDU name 'segment'.
Correct
TCP uses 'segment', but UDP uses 'datagram'. The exam distinguishes between them.
Mistake
Fragmentation occurs at the data link layer.
Correct
Fragmentation occurs at the network layer (Layer 3) when the packet exceeds the MTU of the outgoing interface. The data link layer cannot fragment; it drops frames that are too large.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
The PDUs are: Layer 1 (Physical): Bits; Layer 2 (Data Link): Frames; Layer 3 (Network): Packets; Layer 4 (Transport): Segments (TCP) or Datagrams (UDP); Layers 5-7 (Session, Presentation, Application): Data. For the exam, remember that 'packet' is Layer 3, 'frame' is Layer 2, and 'segment' is TCP Layer 4.
Encapsulation occurs at the sending device: each layer adds its header to the data as it moves down the stack. De-encapsulation occurs at the receiving device: each layer removes its corresponding header as data moves up the stack. For example, a web server receiving an HTTP request will de-encapsulate the Ethernet frame, IP packet, TCP segment, and finally the HTTP data.
Fragmentation is handled at Layer 3 (Network) by IP. When a packet exceeds the MTU of the outgoing interface, IP fragments it into smaller packets. The destination reassembles them. Note that IPv6 does not allow intermediate routers to fragment; only the source can fragment using fragmentation extension headers.
MTU (Maximum Transmission Unit) is the largest PDU that can be sent in a single frame at Layer 2. For Ethernet, the default MTU is 1500 bytes. If an IP packet is larger than the MTU, it must be fragmented at Layer 3. The TCP MSS is typically set to 1460 bytes to avoid fragmentation (1500 - 20 IP header - 20 TCP header).
A segment is the PDU for TCP (Layer 4). A datagram is the PDU for UDP (Layer 4). TCP is connection-oriented and reliable; UDP is connectionless and unreliable. The exam will test you on these terms: if a question mentions 'reliable delivery', it's TCP (segment); if 'best-effort', it's UDP (datagram).
No, the physical layer (Layer 1) does not add headers. It converts frames into bits for transmission over the medium. Headers are added at Layers 2 through 7. The physical layer defines hardware characteristics like voltage levels, cable types, and signal timing.
The presentation layer (Layer 6) is responsible for data translation, encryption, and compression. For example, TLS operates at this layer, encrypting data before it is passed to the session layer. It ensures that data from the application layer is in a format that the receiving system can understand.
You've just covered Encapsulation and PDU at Each OSI Layer — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?