WireShark data packet analysis data encapsulation, wireshark data packet
WireShark packet analysis data encapsulation
Data Encapsulation refers to the process of encapsulating a Protocol Data Unit (PDU) in a group of protocol headers and tails. In the OSI Layer-7 reference model, each layer is primarily responsible for communicating with the peer layer on other machines. This process is implemented in the Protocol Data Unit (PDU, the PDU at each layer are generally composed of the protocol header, protocol tail, and Data encapsulation at the current layer. This document selects WireShark for data packet analysis.
To help you better understand the data encapsulation process, we will use an instance to describe this process. Assume that a company's LAN uses Ethernet. When an employee downloads a file from the FTP server of the LAN, the file transfer process from the FTP server to the employee host 1.17 is shown in this article selected from WireShark data packet analysis practice Details Tsinghua University Press.
Figure 1.17 data transmission in TCP/IP
In Figure 1.17, the FTP server acts as the data sender and the employee host acts as the data receiver. The following describes the data sending and receiving processes.
1. data transmission and processing process data encapsulation protocol data unit encapsulation WireShark data packet analysis
(1) data is handed over to the transport layer. The control information (called the TCP Header) of TCP is added to the transport layer. This data unit is called a Segment ), the process of adding control information is called encapsulation. Then, the segment is handed over to the network layer.
(2) the network layer receives the segment and adds an IP header. This data unit is called Packet ). Then, the package is handed over to the data link layer.
(3) the data link layer receives the packet and adds the MAC header and tail. This data unit is called a Frame ). Then, the frame is handed over to the physical layer.
(4) the physical layer converts the received data into a bit stream and then transmits it in the network cable.
2. Data Reception and Processing Process Data encapsulation protocol data unit encapsulation WireShark data packet analysis
(1) the physical layer receives the bit stream and submits the data to the data link layer after processing.
(2) the data link layer converts the received data into a data frame, and removes the MAC header and tail. The process of removing control information is called unencapsulation, and then delivers the packet to the network layer.
(3) the network layer receives the packet, removes the IP header, and then delivers the segment to the transport layer.
(4) the transport layer receives the segment, removes the TCP header, and then delivers the data to the application layer.
The following points can be summarized from the above transmission process. As follows:
(1) The sender's data processing method is to encapsulate data layer by layer from the top to the bottom.
(2) receiver data processing is performed layer by layer from the bottom layer to the top layer.
(3) Each layer of the receiver only removes meaningful data from the layer, or each layer can only process data at the same layer of the sender, and then transmits the rest to the previous layer, this is the concept of peer-to-peer communication. This article selects WireShark for data packet analysis.