Segments, Packets & Frames

Data Encapsulation: Segments, Packets, and Frames

When you send an email or load a webpage, your computer doesn't send one giant block of data. Instead, it breaks the data down into much smaller, manageable pieces.

As data travels down the OSI model, headers and footers are attached to it. This process is called Encapsulation, and the name of the data changes depending on which layer it is currently passing through. These chunks are known as Protocol Data Units (PDUs).

The Data Encapsulation Process

1. Segments (Transport Layer - Layer 4)

When data reaches the Transport Layer, it is broken down into pieces called Segments.

• What is added: The layer adds a "Transport Header," which includes the Source and Destination Port Numbers.
• Purpose: Port numbers ensure the data goes to the correct application on the receiving computer (e.g., Port 80 for web traffic, Port 25 for email).
• If UDP is used instead of TCP, these pieces are called "Datagrams" instead of Segments.

2. Packets (Network Layer - Layer 3)

When the Segment moves down to the Network Layer, it gets encapsulated again and becomes a Packet.

• What is added: A "Network Header" is attached, which contains the Source and Destination IP Addresses.
• Purpose: IP Addresses allow routers to understand exactly which totally different network in the world this data needs to be sent to.

3. Frames (Data Link Layer - Layer 2)

Finally, when the Packet drops down to the Data Link Layer, it is packaged into a Frame.

• What is added: A "Frame Header" (containing Source and Destination MAC Addresses) and a "Frame Trailer" (used to check for errors).
• Purpose: MAC Addresses are used by switches to deliver the data directly to the correct physical hardware device on the local network.

4. Bits (Physical Layer - Layer 1)

Once the frame is fully built, it drops to the Physical Layer where it is converted into raw Bits (1s and 0s) and shot across a physical cable or wireless radio wave.

Summary Flow (Sender to Receiver)

Data (Application) → Segment (Add Ports) → Packet (Add IPs) → Frame (Add MACs) → Bits (Cables).

Deep Dive: MTU and Data Fragmentation

Why do we break data down into these tiny pieces in the first place? Why not just send the whole file at once?

The answer is the Maximum Transmission Unit (MTU). Network cables and routers have strict hardware limitations on the size of the packages they can carry. The standard MTU over a normal Ethernet network is exactly 1,500 bytes.

If a computer tries to send a large 5 Megabyte image file, it physically cannot fit through the cable. The Network Layer must perform Fragmentation—chopping the massive image into thousands of tiny 1,500-byte Packets.

Security Exploits (Fragmentation Attacks)

Cybercriminals frequently abuse this process to bypass firewalls in what is called a Fragmentation Attack (e.g., a Teardrop Attack).

Normally, a firewall inspects a packet to see if it contains malicious code. Hackers will intentionally slice a malicious virus into highly fragmented, overlapping packets. Because the firewall cannot see the whole picture in a single packet, it lets them through. Once all the tiny pieces pass the firewall and arrive at the victim's computer, the computer automatically reassembles them, accidentally reconstructing the virus inside the network walls!