Ethernet frames - La Salle University

advertisement
Hardware Addressing and Frame
Type Identification
Some of Ch. 8, Ch. 9 and some of Ch. 10 in
Computer Networks and Internets, Comer
CSIT 220 (Blum)
1
Wireless Protocol: CSMA/CA
• Recall that part of the Ethernet protocol was
CSMA/CD (Carrier Sense, Multiple Access with
Collision Detection). In wireless, this is adapted to
CSMA/CA (Carrier Sense, Multiple Access with
Collision Avoidance).
• Unlike wired Ethernet in which every computer
can communicate with every other computer over
the bus or hub, in a wireless LAN two computers
may be too far apart to transmit data directly from
one to the other.
CSIT 220 (Blum)
2
Collision Detection versus Collision
Avoidance
• Suppose you had three computers: 1, 2 and
3. And Computers 1 and 3 are both sending
information to Computer 2.
• In a wired LAN, each computer is capable
of detecting a collision.
CSIT 220 (Blum)
3
Collision Detection versus Collision
Avoidance
• In a wireless LAN, Computer 1 may be out
of range for Computer 3 and vice versa.
Only Computer 2 would know about a
collision.
• But whereas Computers 1 and 3 are in a
position to correct the situation (retransmit),
Computer 2 is not in a position to do
anything.
CSIT 220 (Blum)
4
Collision Avoidance
• So before transmitting a large packet, Computer 1 issues a
small control packet indicating it will transmit a larger
packet.
• The Computer 2 issues a reply packet which is read by all
computers in its vicinity (including Computer 3) that it
expects to receive a message from Computer 1. Computer
3 holds off transmitting its signal.
• This is Collision Avoidance.
• It is still possible that the control packets collide, but this is
less likely (because control packets are small) and easier to
deal with.
CSIT 220 (Blum)
5
FDDI (Chapter 8 topic)
• Fiber Distributed Data Interface: a datatransmission standard on LANs connected by fiber
optic cable
• While officially a LAN (local area network)
technology, FDDI LANs can be fairly wide spread
(MAN): up to 100 km (62 miles).
• Can support thousands of users.
• The protocol is a variation of the token ring
protocol.
CSIT 220 (Blum)
6
FDDI (Cont.)
• Uses two rings (one for backup).
– Recall a ring-organized network goes down if
one cable is broken.
• The primary ring operates at a capacity of
100 Mbps.
– It is possible to use the secondary ring to
double the capacity instead of serving as
backup.
CSIT 220 (Blum)
7
FDDI (Cont.)
• FDDI standard was set up the American National
Standards Committee X3-T9 and conforms to the
Open Systems Interconnection (OSI) layering
model.
– (More on the OSI model later in the semester.)
• It can be used to connect two or more LANs that
use different protocols.
• An extension FDDI-II adds a circuit-switching
capability.
CSIT 220 (Blum)
8
Modem vs. NIC
• Often a home user will temporarily join a
network (probably a WAN) by means of a
modem (internal or external) and a phone
line (via ISP, Internet Service Provider).
• Those belonging to a LAN connect to the
network on a more permanent basis and
usually do so by means of a NIC card.
CSIT 220 (Blum)
9
NIC
• A expansion card is a circuit board, hardware
that extends the capabilities of the central parts of
a computer which are housed on the motherboard.
• A network interface card (NIC) allows a
computer to connect to a network.
– On some computers, the network circuitry is on the
motherboard.
• The NIC card must be compatible with the
network’s organization (Ethernet, token ring, etc.).
CSIT 220 (Blum)
10
Categorizing NIC’s
• By protocol
– Ethernet, Fast Ethernet, FDDI, etc.
• By expansion slot type
– ISA, EISA, PCI, MCA, etc.
• By manufacturer
– 3Com, Intel, SMC, Asante, Jaycor
CSIT 220 (Blum)
11
Freeing up the CPU
• The NIC processes as much incoming and
outgoing information as possible without troubling
the CPU
CSIT 220 (Blum)
12
NIC
• The Network Interface Card (NIC) is the
expansion (adapter) card responsible for a
computer’s interaction with a network
(LAN).
• The card is placed in an expansion slot, a
socket designed for circuit boards which
extend the hardware on the motherboard.
CSIT 220 (Blum)
13
CSIT 220 (Blum)
14
Physical address
• Recall that a manufacturer puts a unique
number on an Ethernet card, and it is used
as the computer’s physical (hardware,
MAC) address with the network.
– Vendor identified by upper portion of address.
• You can find your card’s MAC address by
running the ipconfig command with the /all
option.
CSIT 220 (Blum)
15
ipconfig /all
CSIT 220 (Blum)
16
Slots: PCI and (E)ISA
• The names PCI and EISA actually refer to types of
buses, a PCI card goes into a PCI slot that
connects to a PCI bus.
• (Extended) Industry Standard Architecture,
designed for PCs using an Intel 80386, 80486, or
Pentium microprocessor. EISA buses are 32-bit
wide and can operate at speeds up to 33 MHz (but
8 MHz is standard).
• Peripheral Component Interconnect: 64-bit
implemented as 32-bit bus operating at 33, 66,
100, and proposed 133 MHz.
CSIT 220 (Blum)
17
Speeds
• If the typical PC’s CPU had to continually
monitor all of the network traffic, it could
not keep up.
• A sniffer in full promiscuous mode could
overwhelm a CPU.
CSIT 220 (Blum)
18
Bringing in the data
• The NIC monitors the network traffic and
only passes onto the processor information
that
– Was intended for it (i.e. was unicast and
matches its address)
– Was intended for everybody (i.e. was
broadcast)
– Was intended for a group to which it belongs
(i.e. was multicast)
CSIT 220 (Blum)
19
Requesting an interrupt
• The data is not passed directly to the processor,
rather it is placed in a buffer/memory and the NIC
makes an interrupt request.
• The processor only allows itself to be interrupted
at certain times.
• All devices (NIC included) interrupt at the same
point, the processor must then trace back to find
out which device requested the interrupt.
CSIT 220 (Blum)
20
IRQ
• Devices that interrupt the processor are
assigned an IRQ (Interrupt Request Line).
• Typically a device has a set IRQ or finds an
available IRQ, occasionally two devices
want the same IRQ and a conflict arises.
• To find out the IRQ for your network
adapter card in Windows 2000, go to
Start/Settings/Control Panel.
CSIT 220 (Blum)
21
Double Click on System
CSIT 220 (Blum)
22
Click on Hardware
CSIT 220 (Blum)
23
Click on Device Manager
CSIT 220 (Blum)
24
Click on the + next to Network
Adapters
CSIT 220 (Blum)
25
Double Click on the card (or one
of the cards)
CSIT 220 (Blum)
26
Click on Resources
CSIT 220 (Blum)
27
Can examine IRQ being used
Using IRQ 9
CSIT 220 (Blum)
28
DMA
• Sometimes, the NIC can place information (from
packets) directly into the computer’s main
memory without going through the processor.
• In such a case, the NIC is said to have Direct
Memory Access (DMA).
• This direct route from device to memory is known
as the DMA channel.
• There can arise conflicts over which device is
using the DMA channel.
CSIT 220 (Blum)
29
Every NIC is unique
• Every Ethernet Network Interface Card is
given a unique address consisting of six
bytes (48 bits)
– How many such addresses are there?
• It is known as
– The hardware address
– The physical address
– The MAC (Media Access Control) address
CSIT 220 (Blum)
30
MAC Address
• On an Ethernet LAN, information packets travel
on the bus, and each NIC compares the bits in the
destination address field with its MAC address.
• If they don’t match, it ignores without troubling
the CPU.
– Sniffers are promiscuous
• If they match, it will make a copy of the packet
and pass it on to a higher layer for further
processing.
CSIT 220 (Blum)
31
Layers
• Communication between applications on different
computers is thought of as occurring in layers.
• The lowest layer is the physical layer consisting of
the actual materials and hardware: the cards, the
wire, the signals.
• The next higher layer is known as the data link
layer, which converts the signal into data or vice
versa (which includes timing (synchronization),
error checking, and so on).
CSIT 220 (Blum)
32
CSIT 220 (Blum)
33
Sublayers
• The data link layer is divided into two
sublayers:
– The MAC (Media Access Control) sublayer:
takes the signal from or puts the signal onto the
transmission line (“touches” physical layer)
– The LLC (Logical Link Control) sublayer:
starts to interpret the signal as data, includes
timing (synchronization) and error checking.
CSIT 220 (Blum)
34
Higher level
• At a higher level (layer), a computer on a TCP/IP
network is identified by an IP address, so there
must be a correspondence between IP addresses
(software) and MAC addresses (hardware)
• The correspondence is not permanent allowing
one to change one’s hardware (and thus hardware
or MAC address) without changing one’s IP
address (software).
• This independence of layers is the reason for
layering.
CSIT 220 (Blum)
35
Various Network Address forms
• Static: an address written into a NIC’s ROM
(read-only memory), the address is
nonvolatile (that is, is not lost when the
power is turned off) and permanent, set by
the manufacturer.
• Configurable: an address written in
EEPROM (Electrically Erasable
Programmable Read-Only Memory).
CSIT 220 (Blum)
36
Various Network Address forms
• Configuarble (Cont.)
– Programmable ROM can be written by user
instead of manufacturer, but is nonvolatile,
semi-permanent.
– Network addresses can be assigned, rather than
random MAC addresses.
• Dynamic: Network addresses set by
software when the system boots (volatile,
non-permanent).
CSIT 220 (Blum)
37
Pros and Cons
• Static
– Pro: ease of use and permanence
– Con: requires coordination among manufacturers
– Pro: LAN administrators do not have to set
• Dynamic
– Pro: one can choose “meaningful” addresses
– Con: lack of permanence and potential conflict.
CSIT 220 (Blum)
38
Pros and Cons (Cont.)
• Configurable
– Pro: addresses are semi-permanent, but
replacement hardware can be assigned MAC
address of old hardware
– Pro: address can be smaller since it is unique on
a specific LAN
– Con: LAN administrator has to set
CSIT 220 (Blum)
39
Broadcast
• In addition to bringing in messages whose
destination address matches its MAC
address, the NIC brings in messages that
were “broadcast.”
• In networking, a broadcast message should
be picked up by each node.
• A message with a single destination are said
to be “unicast.”
CSIT 220 (Blum)
40
Multicast
• Intermediate between unicast and broadcast is
multicast, in which a single message is transmitted
to select group of receivers.
– Source sends one message not N copies.
• On a different level, sending an e-mail message to
a mailing list would be an example of multicasting
• Teleconferencing and videoconferencing also use
multicasting, but require more robust protocols
and networks.
CSIT 220 (Blum)
41
Narrowcast
• A related term is “narrowcast.”
– Network TV broadcasts; anyone can receive their
signal.
– Cable television narrowcasts; it has subscribers.
– Push technologies also narrowcast.
• Allowing a company to send you email advertisements
is an example of a push technology. One does not
request (pull) each ad; rather it the company pushes the
message on one.
CSIT 220 (Blum)
42
A matter of interpretation
• At the physical layer, the transmission is simply a
signal.
• At the data link layer, the transmission is a string
of 1’s and 0’s (bytes) that did or did not arrive
error free.
• But the information is ultimately to be passed on
to and interpreted by some application many
layers higher in the communication protocol.
CSIT 220 (Blum)
43
Frames Revisited
• The data portion of a frame (a.k.a. the payload)
may take on many forms (it may be intended for
any number of applications) and the receiving
computer must know the “type” of data coming in.
• Framing schemes fall into two categories
– Explicit (self-identifying): the frame header has a type
field explicitly announcing the type of data.
– Implicit (not self-identifying): there is no information
in the header, any data typing required must be
contained in the payload itself.
CSIT 220 (Blum)
44
General Frame Format
Frame Header
Frame Data Area or Payload
Typically has
fixed size
Typically varies in size
CSIT 220 (Blum)
45
Ethernet Frame Format
Number of bytes
Is self-identifying
CSIT 220 (Blum)
46
Ethernet Frame Format (Cont.)
• Preamble: a pattern of 64 1’s and 0’s that
ensure that the transmitter and receiver are
synchronized (at the bit level and the byte
level).
• Destination Address: the receiver’s physical
(MAC) address from its NIC card.
• Source Address: the transmitter’s physical
(MAC) address (so an acknowledgement
can be sent).
CSIT 220 (Blum)
47
Ethernet Frame Format (Cont.)
• Frame Type: two bytes that identify the
format/protocol of the data that follows (what
application will deal with it).
• Data (Payload): 46 to 1500 bytes of the actual
information one wanted to send in the first place.
– Lower bound needed to guarantee reduce collisions.
• CRC: A 32-bit cyclic redundancy check to ensure
the information was not corrupted during
transmission.
CSIT 220 (Blum)
48
Some Ethernet Type Field Values
Value
Meaning
0800
6559
8008
8014
809B
80D5
Internet IP Version 4
Frame Relay
AT&T Corporation
Silicon Graphics Corporation network games
Apple Computer Corp. AppleTalk
IBM Corporation SNA
CSIT 220 (Blum)
49
Non Self-Identifying Frames
• In protocols that don’t have Data Type
fields, there is one of two options
– Sender and receiver must agree ahead of time
on the data type.
– Sender and receiver must agree to use the first
part of the payload to serve in place of the data
type field, to make up for this missing data type
in the protocol.
CSIT 220 (Blum)
50
IEEE to the rescue
• The IEEE stepped in and set up a standard
way to announce the Type in a protocol that
did not have a Type field.
• LLC/SNAP Logical Link Control
SubNetwork Attachment Point.
CSIT 220 (Blum)
51
LLC/SNAP
Octet = byte
OUI: Organizationally Unique Identifier
CSIT 220 (Blum)
52
Sniffer
• A sniffer, a.k.a. a network analyzer: A program
that monitors data traveling over a network.
– One does not need new hardware, a standard NIC can
be put into promiscuous mode in which it copies all
packets instead of only those sent to it.
• It can be used as a legitimate network
management tool, for instance, to troubleshoot
network traffic problems.
• It can also be used for stealing information off a
network.
CSIT 220 (Blum)
53
Hacker’s tool
• A sniffer is one of the hacker’s favorite
tools. It can be used to intercept all sorts of
data not intended to be seen by any but the
destination computer. Suppose for instance
that password used to log on to some
remote site was sent un-encrypted
CSIT 220 (Blum)
54
Policing the network
• A sniffer can be used to determine if
network users are sending or receiving
packets considered forbidden on the
network, e.g. suppose the network
administrator outlaws the use of Napster, a
sniffer could be used to catch those still
using it.
CSIT 220 (Blum)
55
Other References
• http://www.webopedia.com
• http://www.whatis.com
CSIT 220 (Blum)
56
Download