Data link layer

What is the data link layer?

The data link layer is the second layer in the Open Systems Interconnection (OSI) model, a conceptual framework for how networks function. In this model, the data link layer sits between the physical and network layers (Layers 1 and 3, respectively). It handles communication between devices on the same network link.

At its core, the data link layer packages data from the network layer and supports its reliable delivery across a physical link. It plays a vital role in maintaining orderly communication by handling error detection and flow control during data transmission.

How does the data link layer work?

The data link layer encapsulates data from the network layer into frames. Encapsulation means wrapping higher-layer data with additional control information as it moves down the networking stack. At the data link layer, this involves adding a frame header and trailer around the packet, which may already contain its own headers, such as IP or Transmission Control Protocol (TCP) headers.

Each frame’s header may include link-layer addressing information, such as Media Access Control (MAC) addresses of its source and its destination. The trailer typically contains an error-checking code that helps detect corruption.

In addition to framing and addressing, the data link layer also checks each frame for transmission errors. Corrupted frames are typically discarded, and some data link protocols use acknowledgments and retransmissions to improve link delivery, while others primarily rely on error detection and higher layers for recovery.

Some data link protocols also provide flow control to help prevent senders from overwhelming receivers. Finally, the data link layer governs how devices share a communication channel (for example, using technologies such as Ethernet for wired networks or Wi-Fi for wireless networks).

Sub-layers of the data link layer

In networks defined by the Institute of Electrical and Electronics Engineers (IEEE), such as Ethernet and Wi-Fi, the data link layer is usually further divided into sublayers: Logical Link Control (LLC) and MAC.

The LLC identifies network-layer protocols, handles error checking and flow control, and maintains data organization and synchronization between the sender and receiver. It serves as a bridge between the network and physical layers, preparing data for transmission as frames and ensuring the data link remains reliable.

The MAC manages how devices actually access the physical network medium, deciding when a device can send or receive data on a shared channel. It also handles link-layer addressing and helps coordinate access to reduce collisions/contention when multiple devices share the same medium.

Why is the data link layer important?

The data link layer converts raw signals from the physical medium (such as radio, optical fiber, or copper wires) into structured frames that higher layers can process. It’s essential for reliable communication between devices. Without a link/network-access layer underneath, higher-level protocols like TCP/IP could not function.

Security and privacy considerations

Though essential, the data link layer has certain vulnerabilities. Threat actors may use a number of methods to disrupt local networks at this level, including:

• MAC spoofing and Address Resolution Protocol (ARP) spoofing: Attackers can mimic a device’s MAC address or send fake ARP messages (ARP poisoning) to misdirect local traffic.
• Virtual local area network (VLAN) hopping and switch misconfiguration abuse: An attacker may exploit VLAN/trunking misconfigurations (e.g., switch spoofing or double-tagging) to bypass VLAN segmentation.
• Denial-of-service (DoS) attacks: Threat actors may flood local network devices or exploit link-layer behaviors to disrupt legitimate communication, for example, abusing Wi-Fi management frames.
• Link-layer traffic manipulation: On some networks, weaknesses in link-layer controls (including aspects of Wi-Fi MAC/management frames) can be abused to interfere with local traffic or force disconnections.

Examples of data link layer protocols

The data link layer relies on standardized technologies and protocols that define how devices format frames and share physical network links. Common examples include:

• Ethernet (IEEE 802.3): Defines how devices on a wired local area network (LAN) format data into frames and share the network cable.
• Wi-Fi (IEEE 802.11): Handles how multiple devices transmit data using the same wireless channel.
• Point-to-Point Protocol (PPP): Used for a direct connection between two routers or network nodes.
• High-level data link control (HDLC): A bit-oriented data link protocol designed for point-to-point or multipoint connections.
• Frame Relay: Handles frame-based data transport over wide area networks (WANs).

Further reading

• Network architecture: Building secure and modern networks
• What is Ethernet? A full guide for VPN and cybersecurity users
• Network connections: Everything you need to know