Encapsulation is the computer-networking process of concatenating layer-specific headers or trailers with a service data unit (i.e. a payload) for transmitting information over computer networks.[2][3][4]Deencapsulation (or de-encapsulation) is the reverse computer-networking process for receiving information; it removes from the protocol data unit (PDU) a previously concatenated header or tailer that an underlying communications layer transmitted.[3][5][4]
Encapsulation and deencapsulation allow the design of modular communication protocols so to logically separate the function of each communications layer, and abstract the structure of the communicated information over the other communications layers.[2][4] These two processes are common features of the computer-networking models and protocol suites, like in the OSI model and internet protocol suite.[3] However, encapsulation/deencapsulation processes can also serve as malicious features like in the tunneling protocols.[6]
The physical layer is responsible for physical transmission of the data, link encapsulation allows local area networking, IP provides global addressing of individual computers, and TCP selects the process or application (i.e., the TCP or UDP port) that specifies the service such as a Web or TFTP server.[7]
For example, in the IP suite, the contents of a web page are encapsulated with an HTTP header, then by a TCP header, an IP header, and, finally, by a frame header and trailer. The frame is forwarded to the destination node as a stream of bits, where it is decapsulated into the respective PDUs and interpreted at each layer by the receiving node.[8]
The result of encapsulation is that each lower-layer provides a service to the layer or layers above it, while at the same time each layer communicates with its corresponding layer on the receiving node. These are known as adjacent-layer interaction and same-layer interaction, respectively.[8]
In discussions of encapsulation, the more abstract layer is often called the upper-layer protocol while the more specific layer is called the lower-layer protocol. Sometimes, however, the terms upper-layer protocols and lower-layer protocols are used to describe the layers above and below IP.[7]
↑Raman, D., Sutter, B. D., Coppens, B., Volckaert, S., Bosschere, K. D., Danhieux, P., & Buggenhout, E. V. (2012, November). DNS tunneling for network penetration. In International Conference on Information Security and Cryptology (pp. 65-77). Springer, Berlin, Heidelberg.