More Ethernet CSIT 220 (Blum) 1 Sniffer • A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network. – One does not need new hardware, a standard NIC can be put into promiscuous mode in which it copies all packets instead of only those sent to it. • It can be used as a legitimate network management tool, for instance, to troubleshoot network traffic problems. • It can also be used for stealing information off a network. CSIT 220 (Blum) 2 Good or Bad • A sniffer is one of the hacker’s favorite tools. It can be used to intercept all sorts of data not intended to be seen by any but the destination computer. Suppose for instance that password used to log on to some remote site was sent un-encrypted • A sniffer can be used to determine if network users are sending or receiving packets considered forbidden on the network, e.g. suppose the network administrator outlaws the use of Napster, a sniffer could be used to catch those still using it. CSIT 220 (Blum) 3 Another NIC slot type • The PCMCIA (Personal Computer Memory Card International Association) created standards for credit-card sized cards for memory, hard drive or I/O purposes (e.g. a NIC). • There are different types (I, II and III) having different thicknesses. CSIT 220 (Blum) 4 PCMCIA website CSIT 220 (Blum) 5 CSIT 220 (Blum) 6 CSIT 220 (Blum) 7 Some wireless specs CSIT 220 (Blum) 8 Standards • IEEE 802.3 are the standards for a wired Ethernet LAN. • IEEE 802.11 are the standards for a wireless LAN. – Varieties include 802.11a, 802.11b and 802.11g. • They differ in the carrier frequencies and encoding (modulation schemes). • They also differ in variations on spread spextrum (frequency hopping) they use. CSIT 220 (Blum) 9 Frames Revisited • The data portion of a frame (a.k.a. the payload) may take on many forms (it may be intended for any number of applications) and the receiving computer must know the “type” of data coming in. • Framing schemes fall into two categories – Explicit (self-identifying): the frame header has a type field explicitly announcing the type of data. – Implicit (not self-identifying): there is no information in the header, any data typing required must be contained in the payload itself. CSIT 220 (Blum) 10 General Frame Format Frame Header Frame Data Area or Payload Typically has fixed size Typically varies in size CSIT 220 (Blum) 11 Ethernet Frame Format Number of bytes Is self-identifying CSIT 220 (Blum) 12 Ethernet Frame Format (Cont.) • Preamble: a pattern of 64 1’s and 0’s that ensure that the transmitter and receiver are synchronized (at the bit level and the byte level). • Destination Address: the receiver’s physical (MAC) address from its NIC card. • Source Address: the transmitter’s physical (MAC) address (so an acknowledgement can be sent). CSIT 220 (Blum) 13 Ethernet Frame Format (Cont.) • Frame Type: two bytes that identify the format/protocol of the data that follows (what application will deal with it). • Data (Payload): 46 to 1500 bytes of the actual information one wanted to send in the first place. – Lower bound needed to guarantee reduce collisions. • CRC: A 32-bit cyclic redundancy check to ensure the information was not corrupted during transmission. CSIT 220 (Blum) 14 Some Ethernet Type Field Values Value Meaning 0800 6559 8008 8014 Internet IP Version 4 Frame Relay AT&T Corporation Silicon Graphics Corporation network games Apple Computer Corp. AppleTalk IBM Corporation SNA 809B 80D5 CSIT 220 (Blum) 15 Non Self-Identifying Frames • In protocols that don’t have Data Type fields, there is one of two options – Sender and receiver must agree ahead of time on the data type. – Sender and receiver must agree to use the first part of the payload to serve in place of the data type field, to make up for this missing data type in the protocol. CSIT 220 (Blum) 16 IEEE to the rescue • The IEEE stepped in and set up a standard way to announce the Type in a protocol that did not have a Type field. • LLC/SNAP Logical Link Control SubNetwork Attachment Point. CSIT 220 (Blum) 17 LLC/SNAP Octet = byte OUI: Organizationally Unique Identifier CSIT 220 (Blum) 18 Thick Ethernet Wiring • Known as Thick Coax, 10Base5 or “yellow cable” (because it was usually yellow in color) about ½” in diameter. • Not used much any more. • Pro: Less susceptible to interference, so it can be longer, the 5 in 10Base5 means a “segment” can be up to 500 meters – Segment: the cable measured from end to end (terminator to terminator) CSIT 220 (Blum) 19 Thick Ethernet Wiring (Cont.) • Con: expensive • Con: not flexible, does not bend around corners easily • Computers connected to Thick Ethernet bus by transceivers (a transmitter and receiver combined into one unit) – In more modern ways of connecting to an Ethernet, the transceiver is built into the NIC. CSIT 220 (Blum) 20 Thick Ethernet Wiring (Cont.) • Typically part of the transceiver is what is known as a vampire tap, a clamp that “bites” into the wire, providing a connection to the cable but not breaking it. – So one could add computers to the network without breaking any connections. CSIT 220 (Blum) 21 The Terminator • A device attached to the end-points of a bus network or daisy-chain. • It prevents a signal from reflecting when it reaches the end of the bus. • “That’s what it does, that’s all it does.” CSIT 220 (Blum) 22 AUI cable • The cable connecting the transceiver to the NIC is known as the Attachment Unit Interface cable. • It has a special 15-pin connector that attaches the AUI cable to the NIC (Ethernet card). – A connector is the part of a cable that plugs into a port or interface. – Typically categorized as • Male (containing one or more exposed pins) • Female (containing holes in which the male connector is inserted) CSIT 220 (Blum) 23 Thick Ethernet Wiring (Fig. 10.3) CSIT 220 (Blum) 24 Connection Multiplexor • A connection multiplexor (many-to-one) is a device used with thick Ethernet to connect a number of computers to one transceiver. • The device makes it seem as though each computer has its own transceiver. • The CSMA/CD (Carrier sense multiple access with collision detect) aspect of the protocol treats the signals identically whether the computer’s share a transceiver or not. CSIT 220 (Blum) 25 Thin Ethernet Wiring • Known as thin coax cable, 10Base2, or thinnet • Pro: less expensive than thick • Pro: more flexible than thick • Con: more susceptible to interference than thick (segment has to be shorter, up to 185m) • Pro: transceivers are built onto the card CSIT 220 (Blum) 26 Thin Ethernet Wiring (Cont.) • Con: while strictly speaking it has the bus topology and one should not have to disconnect the network to add a new computer, the way it is actually wired requires disconnecting the network. • A T-connector is used in conjunction with a BNC connector. CSIT 220 (Blum) 27 Thin Ethernet Wiring (Cont.) T connector Connected to bus Connected to bus Connected to computer CSIT 220 (Blum) 28 Thinnet (Fig. 10.5) CSIT 220 (Blum) 29 BNC Connector • Short for British Naval Connector or Bayonet Nut Connector or Bayonet Neill Concelman, the connector used with thin coaxial cable such as the RG-58 A/U cable used with the 10Base-2 Ethernet system. • A (male) BNC connector is mounted at both ends of a cable. • The connector has a center pin connected to the cable’s center wire and a metal tube connected to the cable’s outer shield. • A rotating ring outside the tube locks the cable to any female connector. CSIT 220 (Blum) 30 BNC Connector (Cont.) • BNC T-connectors are female devices for connecting two cables to a NIC. • A BNC barrel connector is used to connect two cables together. • BNC connectors are sometimes used to connect monitors, which increases the accuracy of the signals sent from the video adapter. CSIT 220 (Blum) 31 UTP Ethernet Wiring • Uses Unshielded Twisted Pair (twisting reduces interference but not as well as coaxial cable’s shielding) • Pro: Even cheaper than thinnet • Pro: More flexible than thinnet • Con: Even more susceptible to interference than thinnet, a segment can only stretch 100 m • The T in 10BaseT means twisted CSIT 220 (Blum) 32 RJ-45 • Registered Jack-45, an eight-wire connector used to connect computers to an Ethernet LAN using UTP wire. • RJ-45 connectors look similar to the RJ-11 connectors that are used for phones, but they are wider CSIT 220 (Blum) 33 RJ-45 (LAN) and RJ-11 (phone) CSIT 220 (Blum) 34 Hub • A common connection point for devices in a network. • Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports. • When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets. CSIT 220 (Blum) 35 Hub (Fig. 10.6) CSIT 220 (Blum) 36 Segment • With the introduction of a hub, the definition of segment changes somewhat. • It is a section of a network that is bounded by bridges, routers, hubs, or switches. (More on that another day.) • Having multiple segments allows a network to uses more fully the bandwidth it has available (i.e. makes it faster) CSIT 220 (Blum) 37 Patch panel • A patch panel is a mounted hardware unit holding a collection of port locations in a network. • Often the connection goes through a patch panel before getting to the hub. • Is more permanent than a hub and often higher quality (faster speed, etc.) • There may be more connections coming into the patch panel than go on to the hub, providing flexibility in which computers belong to the LAN at any one time CSIT 220 (Blum) 38 Patch panel CSIT 220 (Blum) 39 Logical Topology • The Ethernet protocol was designed for a bus topology, but the UTP wiring uses a hub which is part of the star topology • UTP Ethernet is thus physically a star (has the physical topology of a star) and is logically a bus (has the logical topology of a bus) CSIT 220 (Blum) 40 References • • • • • Computer Networks and Internets (Comer) Networking for Dummies (Doug Lowe) A+ Certification Training Kit (Microsoft) http://www.webopedia.com http://www.whatis.com CSIT 220 (Blum) 41