1
00:00:00,450 --> 00:00:04,880
So let's see what happens to a packet inside the network traffic.

2
00:00:04,970 --> 00:00:12,170
Please note the data unit transferred between two endpoints has different names in each layer.

3
00:00:12,170 --> 00:00:14,270
In layers 5, 6 and 7, application layers,

4
00:00:14,270 --> 00:00:18,170
, it’s called as “data”. In layer 4, transport layer,

5
00:00:18,200 --> 00:00:27,770
it’s called as “segment” for TCP and “datagram” for UDP. In layer 3, the network layer, it’s called “packet”.

6
00:00:27,770 --> 00:00:32,460
In layer 2, data link layer, the data unit is called “frame”.

7
00:00:32,479 --> 00:00:39,660
Now I usually use packet for the transfer data unit in each layer to make it less complicated for you. Make sense?

8
00:00:39,750 --> 00:00:45,860
Before looking at the road trip of a DNS query in detail , let's look at the relationship between

9
00:00:45,860 --> 00:00:49,070
the OS layers and computer systems.

10
00:00:50,020 --> 00:00:55,810
The packets layer 1 layer 2 are managed by network interfaces of your device for example by

11
00:00:55,810 --> 00:01:02,650
your ethernet card. And the packets from 3 to 7 are managed by the processing unit. In software detail,

12
00:01:02,650 --> 00:01:10,340
The layer 3 and layer 4 packets are managed by the operating system of your devices and the packets

13
00:01:10,340 --> 00:01:14,960
of layer 5 to 7 are managed by the related application or service.

14
00:01:14,960 --> 00:01:21,670
For example a web browser. When you write a URL in the address bar of your browser and hit enter.

15
00:01:21,780 --> 00:01:25,760
The first thing it sends is a DNS query. A DNS query.

16
00:01:25,760 --> 00:01:32,730
is the process of a computer networking device making an inquiry to get an IP address for a DNS name

17
00:01:32,730 --> 00:01:40,580
such as mail.yahoo.com. The client computer will send a DNS query to one of their Internet service

18
00:01:40,580 --> 00:01:48,950
provider's DNS servers. The DNS server looks in its DNS database to tell whether it can answer the query

19
00:01:49,010 --> 00:01:56,330
authoritatively. If the DNS server can answer authoritatively the DNS server answers the query and the

20
00:01:56,330 --> 00:01:59,460
DNS query process is complete.

21
00:01:59,480 --> 00:02:04,200
So let's see the road trip of a DNS query from your computer to a DNS server.

22
00:02:04,400 --> 00:02:10,580
When data is transmitted by the source toward a specific destination. It passes through the application,

23
00:02:10,850 --> 00:02:16,580
presentation and the session layers and the protocol data unit arrives at the Transport Layer. Layer

24
00:02:16,580 --> 00:02:24,090
4. Layers 5,6 and 7 are displayed as a single layer to simplify the presentation. At this layer,

25
00:02:24,240 --> 00:02:30,590
a 20-byte data header is placed in front of the data. A DNS query can also use TCP,

26
00:02:30,680 --> 00:02:37,850
but let's assume that it uses UDP at this time. The data and the layer 4 header, here it's UDP header,

27
00:02:38,300 --> 00:02:46,160
which together form a segment or datagram is passed down to layer 3, the network layer. The network layer

28
00:02:46,160 --> 00:02:51,890
places its layer 3 header, here the IP header in front of the received segment

29
00:02:51,890 --> 00:02:59,260
and this group becomes a packet. The layer 3 header contains important fields such as the logical address

30
00:02:59,350 --> 00:03:04,000
(the IP address) of both the source and the destination device.

31
00:03:04,820 --> 00:03:11,480
The newly formed packet is then passed down to layer 2 the data link layer creates a new data unit

32
00:03:11,540 --> 00:03:19,440
called a frame, by adding the layer 2 frame header which is ethernet header here. Like Layer 3 an

33
00:03:19,440 --> 00:03:26,160
addressing structure is also applied in the layer 2 header. That is the MAC address.

34
00:03:26,160 --> 00:03:28,720
The frame is then passed down to the physical layer,

35
00:03:29,710 --> 00:03:35,860
which converts the information into 0 and 1 bits that are sent over the physical media using electrical signals

36
00:03:35,860 --> 00:03:39,530
signals on a copper link for instance.

37
00:03:39,590 --> 00:03:46,730
Finally the data is sent over the wire using a wide variety of methods such as ethernet or Token Ring.

38
00:03:46,850 --> 00:03:52,850
The headers are a specific form of control information that allows the data to go through the network

39
00:03:52,850 --> 00:03:54,020
properly.

40
00:03:54,020 --> 00:04:00,050
Thus the data at each layer is encapsulated in the information appropriate for the specific layer

41
00:04:00,860 --> 00:04:09,150
including addressing and error checking. The overall size of the information increases as the data travels

42
00:04:09,150 --> 00:04:15,720
through the lower layers from layer 4 to layer 1. The destination device which is the DNS server here

43
00:04:16,260 --> 00:04:17,399
receives the data.

44
00:04:17,519 --> 00:04:25,350
And this additional information is analyzed and then is removed as the data passes through the higher

45
00:04:25,350 --> 00:04:29,760
layers, up to the application layer where the data is

46
00:04:29,790 --> 00:04:37,350
decapsulated . The physical address commonly the MAC address which is located in a special field in

47
00:04:37,350 --> 00:04:43,180
the data link layer header, changes as the packet passes from one device to another.

48
00:04:43,500 --> 00:04:50,490
For example from the source PC to a switch to a router to another switch and finally to the destination

49
00:04:50,490 --> 00:04:51,220
PC.

50
00:04:52,520 --> 00:04:59,330
However the original IP source and destination addresses do not change when transiting the network. Because

51
00:04:59,330 --> 00:05:05,460
the packet is stripped of its layer 3 header only when it goes beyond a router. When it stays within

52
00:05:05,460 --> 00:05:06,670
the same LAN

53
00:05:06,810 --> 00:05:12,050
It only passes through switches which decapsulated at the layer 2 header containing the MAC address.

54
00:05:13,430 --> 00:05:14,470
As a result,

55
00:05:14,720 --> 00:05:20,030
the header changes as the packet is re-encapsulated as does the MAC address fields.