This article is a revised sub-set of my post on the alt.certification.network-plus news group about how ARP works. In the original question there were some issues regarding having to explain how encapsulation worked (mainly confusion on layer 2 vs. layer 3 addressing). As a web article though, it made more sense to move this material into a separate article.

Every layer of the OSI model creates datagrams (the names for them change at different levels so we'll use the generic term). A datagram consists of data (gee, weren't expecting that were you!) and a header. If we start at the application layer, your computer program will have some data. That data is then has a header added to it and is sent to the presentation layer. The presentation layer will then take the complete datagram (including all of the header info) and put it into the data portion of it's own datagram (which will have a header added to it). That's passed down to the session layer which places the presentation layer datagram (which remember contains the application layer datagram within it) into the data portion of a session layer datagram (which will have a header added to it) and is passed down to the transport layer. This goes on all the way down to the data link layer (with each layer

taking the datagram from the layer above and using that as the data portion of it's own datagram) where the data link datagram (referred to as a frame) is based to the physical layer where it is sent out onto the physical network media. You might find it helpful to think of it like the Russian Matrioshka dolls (those dolls within dolls within dolls...). Hmmm, now I can say that my Russian Studies degree has helped me in the IT world!

For an analogy, let's look at the mail system. If you're in an office and want to send something to another office then you might just give the letter to your secretary (assuming you have one) and say "Send this to John Doe at Macrohard overnight". Your secretary might just put that letter in an interdepartmental envelope (encapsulates your data) to go to the mail room. At the mail room, the letter will get put into a courier envelope and put into the outgoing mail. The courier will then pick that mail up and put it in with a bag of mail going to the same city (this would actually be encapsulation and multiplexing), in the destination city, the whole process starts to unravel itself until John Doe at Macrohard gets your letter. Before he got it though it probably went to the mail room, then to his department, then to his secretary, then to him.

Now I've sort of made some assumptions here and it doesn't strictly follow the way data would flow on a network but it should give you the basic idea.

Encapsulation and Addressing

When your computer wants to send data (using TCP/IP) to another host, it will create an IP packet (this IP packet will actually contain headers and data from the higher levels). That packet is addressed with the destination IP. This all occurs at layer 3 (within the TCP/IP stack in this case). The packet is then passed down to layer 2 (data link), that layer maps to the driver (LLC sub-layer) and the physical hardware (MAC sub-layer). At this layer, data is addressed based on hardware address (MAC address). The IP packet is encapsulated within the data link frame and then sent out on the network. This is assuming that you are connected to a LAN. On a WAN connection, the Data Link layer will behave differently. For a WAN connection to a switched service (such as Frame Relay or ATM), the Data Link address will usually be a virtual circuit. For a point to point link, there doesn't need to be a Data Link address (because the data just needs to be sent onto the network, the host on the other end will be the only possible recipient).