📔
Defense
  • Defense
  • Getting Started
    • Introductory Networking
      • Introduction
      • The OSI Model: An Overview
        • Answers
      • Encapsulation
        • Answers
      • The TCP/IP Model
        • Answers
      • Wireshark
        • Answers
      • Networking Tools - Ping
        • Answers
      • Networking Tools - Traceroute
        • Answers
      • Networking Tools - WHOIS
        • Answers
      • Networking Tools Dig
        • Answers
      • Further Reading
    • Network Services
      • Understanding SMB
        • Answers
      • Enumerating SMB
        • Answers
        • Untitled
      • Exploiting SMB
        • Answers
        • Untitled
      • Understanding Telnet
        • Answers
      • Enumerating Telnet
        • Answers
        • Untitled
      • Exploiting Telnet
        • Answers
        • Untitled
      • Understanding FTP
        • Answers
      • Enumerating FTP
        • Answers
        • Untitled
      • Exploiting FTP
        • Answers
        • Untitled
      • Expanding Your Knowledge
    • Network Services 2
      • Understanding NFS
        • Answers
      • Enumerating NFS
        • Answers
        • Untitled
      • Exploiting NFS
        • Answers
        • Untitled
      • Understanding SMTP
        • Answers
      • Enumerating SMTP
        • Answers
        • Untitled
      • Exploiting SMTP
        • Answers
        • Untitled
      • Understanding MYSQL
        • Answers
      • Enumerating MYSQL
        • Answers
        • Untitled
      • Exploiting MYSQL
        • Answers
        • Untitled
      • Further Learning
    • Wireshark 101
      • Introduction
      • Installation
      • Wireshark Overview
      • Collection Methods
      • Filtering Packets
      • Packet Dissection
      • ARP Traffic
        • Answers
      • ICMP Overview
        • Answers
      • TCP Traffic
      • DNS Traffic
        • Answers
      • HTTP Traffic
        • Answers
      • HTTPS Traffic
        • Answers
      • Analyzing Exploit PCAPS
      • Conclusion
    • !Intro to Windows
    • Active Directory Basics
      • Introduction
      • Physical Active Directory
        • Answers
      • The Forest
        • Answers
      • Users + Groups
        • Answers
      • Trusts + Policies
        • Answers
      • Active Directory Domain Services + Authentication
        • Answers
      • AD in the Cloud
        • Answers
      • Hands-On Lab
        • Answers
        • Untitled
      • Conclusion
    • !Windows Core Processes
    • !SysInternals
  • Threat and Vulnerability Management
    • !Nessus
      • Introduction
      • Installation
      • !Navigation and Scans
        • Answers
      • !Scanning
      • !Scanning a Web Application
    • MITRE
      • Introduction to Mitre
      • Basic Terminology
      • ATT&CK Framework
        • Answers
      • CAR Knowledge Base
        • Answers
      • Shield Active Defense
        • Answers
      • ATT&CK EmulationPlans
        • Answers
      • ATT&CK® and Threat Intelligence
        • Answers
      • Conclusion
    • Yara
      • Introduction
      • What is Yara?
        • Answers
      • Installing Yara (Ubuntu/Debian & Windows)
      • Deploy
      • Introduction to Yara Rules
      • Expanding on Yara Rules
      • Yara Modules
      • Other Tools and Yara
      • Using LOKI and its Yara rule set
        • Answers
        • Untitled
      • Creating Yara rules with yarGen
        • Answers
        • Untitled
      • Valhalla
        • Answers
      • Conclusion
    • Intro to ISAC
      • Introduction
      • Basic Terminology
      • What is Threat Intelligence?
      • What are ISACs?
      • Using Threat Connect to create a Threat Intel dashboard
      • Introduction to AlienVault OTX
      • Using OTX to gather Threat Intelligence
      • Creating IOCs
      • Investigating IOCs
        • Answers
    • Zero Logon
      • The Zero Day Angle
      • Impacket Installation
      • The Proof of Concept
        • Answers
      • Lab it up!
        • Answers
        • Untitled
    • !OpenVAS
    • !MISP
  • Security Operations and Monitoring
    • Splunk
    • Windows Event Logs
    • Sysmon
    • Suricata
    • Osquery
    • Graylog
    • OpenEDR
  • Threat Emulation
    • Attacktive Directory
    • Attacking Kerberos
    • Atomic Red Team
  • Incident Response and Forensics
    • Volatility
    • Forensics
    • Investigating Windows
    • Windows Forensics
    • Redline
    • Autopsy
  • Malware Analysis and Reverse Engineering
    • History of Malware
    • Malware Introductory
    • Researching
    • Strings
    • Basic Malware RE
    • REMnux: The Redux
    • Reversing .NET Apps
Powered by GitBook
On this page

Was this helpful?

  1. Getting Started
  2. Introductory Networking

Encapsulation

PreviousAnswersNextAnswers

Last updated 4 years ago

Was this helpful?

As the data is passed down each layer of the model, more information containing details specific to the layer in question is added on to the start of the transmission. As an example, the header added by the Network Layer would include things like the source and destination IP addresses, and the header added by the Transport Layer would include (amongst other things) information specific to the protocol being used. The data link layer also adds a piece on at the end of the transmission, which is used to verify that the data has not been corrupted on transmission; this also has the added bonus of increased security, as the data can't be intercepted and tampered with without breaking the trailer. This whole process is referred to as encapsulation; the process by which data can be sent from one computer to another.

Notice that the encapsulated data is given a different name at different steps of the process. In layers 7,6 and 5, the data is simply referred to as data. In the transport layer the encapsulated data is referred to as a segment or a datagram (depending on whether TCP or UDP has been selected as a transmission protocol). At the Network Layer, the data is referred to as a packet. When the packet gets passed down to the Data Link layer it becomes a frame, and by the time it's transmitted across a network the frame has been broken down into bits.

When the message is received by the second computer, it reverses the process -- starting at the physical layer and working up until it reaches the application layer, stripping off the added information as it goes. This is referred to as de-encapsulation. As such you can think of the layers of the OSI model as existing inside every computer with network capabilities. Whilst it's not actually as clear cut in practice, computers all follow the same process of encapsulation to send data and de-encapsulation upon receiving it.

The processes of encapsulation and de-encapsulation are very important -- not least because of their practical use, but also because they give us a standardised method for sending data. This means that all transmissions will consistently follow the same methodology, allowing any network enabled device to send a request to any other reachable device and be sure that it will be understood -- regardless of whether they are from the same manufacturer; use the same operating system; or any other factors.

How would you refer to data at layer 2 of the encapsulation process (with the OSI model)?

How would you refer to data at layer 4 of the encapsulation process (with the OSI model), if the UDP protocol has been selected?r

What process would a computer perform on a received message?

Which is the only layer of the OSI model to add a trailer during encapsulation?

Does encapsulation provide an extra layer of security (Aye/Nay)?

Answers