Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
Share on:

How Does Encapsulation in Networking Work?

Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

Data encapsulation in networking has a crucial role to play in enabling effective communication between the source and the destination computer.

And its reverse process, de-encapsulation, is also essential for the same purpose. These two processes work simultaneously to ensure proper communication and data flow over a network.

When users want to access some data on their computers, all they do is enter a few keywords, and the result is displayed in a few moments.

But a lot of things are happening behind the scenes and with exceptional speed. Their network and its components are busy getting the information the users have asked for.

And yet most people have little idea about the mechanisms working in the background to get their job done. In reality, networks, components, and related concepts play an important role in modern users’ daily lives.

In this article, I’ll discuss encapsulation and de-encapsulation to get closer to networking concepts.

Let’s begin!

What Are Data Encapsulation and De-Encapsulation?

Data encapsulation: In networking, data encapsulation means adding more information to a data item when it’s traveling in the OSI or TCP/IP network model from a source to a destination in order to provide additional features to it.


Through data encapsulation, protocol information is added to the data’s header or footer to perform data transmission properly. It takes place on the sender’s end from the application layer to the physical layer. Here, each layer receives the encapsulated information from the previous one and adds more data to encapsulate it further, and sends it to the next layer.

This process might include error detection, data sequencing, congestion control, flow control, routing data, etc.

Data de-encapsulation: This is the reverse of data encapsulation. The encapsulated data is removed from the received data while traveling from the physical layer to the application layer on the receiver’s end to get the original information.

This process occurs at the same layer as the encapsulated layer on the sender’s side. The header and trailer information newly added is then eliminated from the data.  


Ultimately, data is encapsulated at the sender’s end in each layer and then de-encapsulated at the receiver’s side in the same layer of the TCP/IP or OSI network model.

What Is a Protocol Data Unit (PDU)?

Protocol Data Unit (PDU) refers to the control data attached to a data item at every layer of the OSI or TCP/IP model during data transmission. This information is added to the data item’s field header but at its end or trailer.

So, each layer in the network model utilizes the PDU to interact and exchange data with its neighboring layer. These PDUs are encapsulated by adding them at each layer to the data. Each of the PDU is given a name based on the data it contains. The neighbor layer situated at the destination can only read the data before it gets removed and handed to the next layer.

PDUs in OSI Model

As discussed above, the PDU in each OSI model layer is given a name. In fact, different terms are used for encapsulated data in different layers in different models, as listed in the table below.


In the Application layer of the TCP/IP network and the Application, Presentation, and Session Layers of the OSI model, it’s simply called “data”, but in other layers of both the models, it’s different.

Encapsulated termOSI LayersTCP/IP Layers

Let’s understand them one by one in detail and their importance in networking.

Transport Layer PDU

In the transport layer, the protocol data unit is called a “segment”. The layer creates the header and then attaches it with a data piece. Here, the data unit will contain the data that will be used by the remote host to reassemble all the data pieces.

So, a header with the data piece at the transport layer is called a segment that the layer will transfer to the next layer (Network layer) for more processing.

Network Layer PDU

The PDU in the network layer is called a “packet”. The network layer will similarly create a header for every segment that it receives from the transport layer. The header will contain the data about routing and addressing.


After the network layer creates the header, it then attaches it to the segment. This is where the data item becomes the packet, which then moves to the next layer.

Data Link Layer PDU

In this layer, the PDU is known as the “frame”. The Data Link layer will receive the packet from the previous layer and then creates a header and trailer for each packet received. This header will have the switching data like the source computer’s address, the destination computer’s address, etc. On the other hand, the trailer has data on corrupt data packages.

The Data Link layer will attach the header and trailer information to the packet. This is when the data unit becomes Frame which will be sent to the next layer (Physical layer).

Physical Layer PDU

The PDU in the Physical layer is known as “Bit”. The Physical layer gets the frame from the previous layer and then converts it into such a format that’s carriable by a transmission media. A bit is nothing but this format.

How Encapsulation Works

Encapsulation happens to a unit of data or packet where it starts and ends. Its beginning part is the header, while the end is the trailer. And the data between its header and trailer can be called payload.

A packet’s header contains data in its initial bytes, marking the beginning of the packet and identifying the carried information. Now, the packet moves from the source computer to the destination computer. Also, the header contains data based on the protocol used since every protocol has a definite format.

Furthermore, the packet’s trailer points to a receiving computer that has reached the packet’s end. It may have an error-check value used by the device to confirm whether it has received the complete packet or not.


The step-by-step encapsulation process:

Step 1: The OSI model’s Application, Presentation, and Session layer or the TCP/IP model’s Application layer take the user’s data as data streams. It then encapsulates the data and forwards it to the next layer, i.e., the Transport layer. However, this does not mean that it necessarily adds a header or footer to this data. It’s application specific and only adds a header or footer it requires.

Step 2: As the data moves to the Transport layer in both TCP/IP and OSI models, the layer uses the data stream coming from the higher layers and divides it into many pieces. This layer performs data encapsulation by adding a suitable header to each data piece called segments. The added header contains sequencing information, so the segments reassemble at the receiver’s side.

Step 3: Now, the data item with added header information goes to the subsequent layer called the Network layer (OSI model) or Internet layer (TCP/IP model). The layer takes the segments from the previous layer and performs encapsulation by adding the required routing information so that data delivers properly. After encapsulation, the data becomes a datagram or packet in this layer.

Step 4: The data packet now moves to the Data Link layer in the TCP/IP or OSI model. The layer takes the packet and encapsulates it by attaching a header and footer. At this point, the header will have switching information to ensure the data delivers properly to the receiving hardware component. In contrast, the trailer will have data related to error detection and mitigation. In this stage, the data becomes a frame, which goes to the final layer.

Step 5: The data frame coming from the Data Link layer now goes to the Physical layer in the TCP/IP or OSI model. The layer encapsulates it by converting the data into bits or data signals.

How De-Encapsulation Works

Decapsulation works in the reverse order of encapsulation, from the Physical layer to the Application Layer in the OSI or TCP/IP model. All the additional info added to the data piece during encapsulation on the sender’s end will be removed while traveling to the receiver’s end. 


Here’s the step-by-step process of how decapsulation works:

Step 1: The encapsulated data in the Physical layer, called bits or data signals, will be taken by the layer to de-encapsulate it. The data now becomes a data frame, which will be forwarded to the higher layer or the Data Link layer.

Step 2: The Data Link layer now takes these data frames and de-encapsulates them. The layer also checks if the data frame’s header is switched to the right hardware. If the data frame corresponds to a wrong or incorrect destination, it will be discarded. But it’s correct, the layer will check the data frame’s trailer for information.

On finding any error in the trailer or data, it will request data retransmission. But if the trailer has the correct information, the layer will de-encapsulate it to form a datagram or data packet and then forwards it to the higher layer.

Step 3: The data packet coming from the Data Link layer now goes to the Internet layer (TCP/IP model) or the Network layer (OSI model). The layer takes the packet to de-encapsulate it and form a data segment.

The layer checks the packet’s header for routing information if it’s routed to the right destination. If it’s not correctly routed, the data packet will be discarded. But if it has the right routing information, the layer will de-encapsulate it and send it to the upper layer, i.e., the Transport layer.

Step 4: The data segments coming from the Internet layer or Network layer go to the Transport layer in both the TCP/IP and OSI model. The Transport layer takes the segments and checks their header information, Next, it starts reassembling the segments and forming data streams, which then move to the higher layer(s).

Step 5: Data streams from the Transport layer reach the Application layer in the TCP/IP model. In the OSI model, it reaches the Session layer, the Presentation layer, and then finally to, the Application layer. The layer(s) will take the data streams and de-encapsulate them while forwarding only application-specific data to the receiver’s computer or applications.  

Advantages of Encapsulation

The advantages of encapsulation in networking are as follows:

#1. Data Security

Encapsulation helps increase data security and privacy from unauthorized access. And you know how important data protection is in the present scenario. Thus, you can avoid online risks like data theft, attacks, etc. In addition, you can give access to any specified level of users without complexity.

#2. Reliable Data


Encapsulation ensures the integrity of the core data so that it can’t be tampered with by any client code. It also decides whether the core information is visible to external objects. In the absence of data encapsulation, even a small change in the data may cause damage to the network.

#3. Added Features and Functionalities

In encapsulation, data is added in different layers. This adds more features and functionalities to the data transmission between the sender and receiver over a network. These features and functionalities could be data flow control, routing, error detection, data sequencing, and more. This also helps enable the data transmission to be proper and effective.

#4. Effective Communication

Encapsulation and de-encapsulation are running simultaneously in a network. Encapsulation is executed on the sender’s end, while de-encapsulation is done on the receiver’s end. This makes communication more effective, which is essential for both the receiver and the sender.

#5. Easy Maintenance


Errors can occur at any time for some reason, leading to interruption in data transmission between the two ends. But encapsulation performed on the data helps secure the connection and avoids tampering with the data. Hence, the core information stays secure, reducing the chances of errors, which promotes easy maintenance.  


Data encapsulation and de-encapsulation are important aspects of networking. These techniques ensure the proper flow of data within the network with better data security, privacy, reliability, and effective communication.

Thanks to our Sponsors
More great readings on Networking
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Semrush is an all-in-one digital marketing solution with more than 50 tools in SEO, social media, and content marketing.
    Try Semrush
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder