5. 5
There are different types of networks:
● PAN (Personal Area Network)
● LAN (Local Area Network)
● WLAN (Wireless Local Area Network)
● MAN (Metropolitan Area Network)
● WAN (Wide Area Network)
6. 6
What is MAC
● Network assumption: Broadcast channel
○ One channel, many stations
○ Competition, interference among
stations
● MAC: Medium Access Control
○ Also known as Multiple-Access
Control
○ The protocol used to determine
who goes next on a shared
physical media
● Classification of MAC protocols
○ Channel allocation (centralized)
○ Contention based protocols
(distributed)
○ Contention-free protocols
(distributed)
7. 7
CSMA/CD (Carrier Sense Multiple Access with Collision Detection)
● Collisions detected within short time
● Colliding transmissions aborted, reducing channel wastage
● Easy in wired LANs: measure signal strengths, compare transmitted, received
signals
● Difficult in wireless LANs: receiver shut off while transmitting
CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance)
● Listens to determine how busy the shared media is
● Sends out a message telling all other nodes it is sending data
● All other nodes “back off” from sending data for a predetermined period of time
● Used in 802.11 WLANs
8. 8
CSMA/CD Algorithm
JAM Signal
● As soon as a collision is detected, the
sending devices transmit a 32-bit “Jam”
signal - simply a repeating 1, 0, 1, 0
pattern
● Less than 64 bytes (a runt frame)
● Avoids detection of the jam signal as a
frame
When a host has a packet to transmit:
1. Carrier sense: check that the line is quiet before
transmitting
2. Collision detection: detect collision as soon as
possible. If a collision is detected, stop transmitting;
wait a random time, than return to step 1
9. 9
CSMA/CA with RTS/CTS (Request To Send/Clear To Send)
● Station can send RTS with reservation parameter after waiting for DIFS (reservation
declares amount of time the data packet needs the medium)
● acknowledgement via CTS after SIFS by receiver (if ready to receive)
● sender can send data at once, acknowledgement via ACK
● other stations store medium reservations distributed via RTS and CTS
10. 10
Types of network devices:
● Hub
● Switch
● Router
● Bridge
● Gateway
● Modem
● Repeater
● Access Point
● Hubs do not perform packet filtering or addressing functions; they
just send data packets to all connected devices.
● Generally, switches can read the hardware addresses of incoming
packets to transmit them to the appropriate destination.
● Routers help transmit packets to their destinations by charting a
path through the sea of interconnected networking devices using
different network topologies.
● Bridges are used to connect two or more hosts or network
segments together.
● Gateways connect two or more autonomous networks, each with
its own routing algorithms, protocols, topology, domain name
service, and network administration procedures and policies.
● Modems (modulators-demodulators) are used to transmit digital
signals over analog telephone lines.
● A repeater is an electronic device that amplifies the signal it
receives.
● Access points use the wireless infrastructure network mode to
provide a connection point between WLANs and a wired Ethernet
LAN.
12. 12
The OSI Reference Model
▪ Application - contains protocols used for process-to-process
communications.
▪ Presentation - provides for common representation of the data.
▪ Session - provides services to the presentation layer to
organize its dialogue and to manage data exchange.
▪ Transport - defines services to segment, transfer, and
reassemble the data.
▪ Network - provides services to exchange the individual pieces
of data over the network between identified end devices.
▪ Data Link - provides methods for exchanging data frames
between devices over a common media.
▪ Physical - describes the mechanical, electrical, functional, and
procedural means to transmit bits across physical connections.
13. 13
The TCP/IP vs OSI reference model
● The TCP/IP model does not define additional layers
between the application and transport layers as in the
OSI model. According to the TCP/IP model, such
functions are the realm of libraries and application
programming interfaces. The application layer in the
TCP/IP model is often compared to a combination of the
session, presentation, and application layers of the OSI
model.
● The TCP/IP model transport layer corresponds roughly to
the transport layer in the OSI model. The protocols in this
layer may provide error control, segmentation, flow
control, congestion control, and application addressing
(port numbers).
● The internet layer provides an unreliable datagram
transmission facility between hosts located on potentially
different IP networks by forwarding datagrams to an
appropriate next-hop router for further relaying to its
destination.
● The network access layer in the TCP/IP model has
corresponding functions in Layer 2 of the OSI model. The
network access layer is used to move packets between
the Internet layer interfaces of two different hosts on the
same link.
15. 15
Standards organizations
• Institute of Electrical and Electronics Engineers (IEEE, pronounced “I-
triple-E”) - dedicated to creating standards in power and energy,
healthcare, telecommunications, and networking
○ IEEE 802.3 - working group defining layers 1,2 of Ethernet
○ IEEE 802.11 - working group defining layers 1,2 of WLAN
● Internet Engineering Task Force is an open standards organization,
which develops and promotes voluntary Internet standards.
○ RFC 791 - Internet Protocol (IP) specification
○ RFC 793 - Transmission Control Protocol (TCP) specification
• Internet Assigned Addresses Authority is the organization that
oversees the allocation of IP addresses to internet service providers
17. 17
TCP/IP Protocol Suite
● TCP/IP is the protocol suite used by the
internet and includes many protocols
● TCP/IP is:
○ An open standard protocol
suite that is freely
available to the public and
can be used by any vendor
○ A standards-based
protocol suite that is
endorsed by the
networking industry and
approved by a standards
organization to ensure
interoperability
18. 18
TCP/IP Protocol Example
● TCP/IP protocols operate at the
application, transport, and
internet layers.
● The most common network access
layer LAN protocols are Ethernet
and WLAN (wireless LAN).
19. 19
TCP/IP Communication Process
● A web server encapsulating and sending
a web page to a client.
• A client de-encapsulating the web page for
the web browser
20. 20
IoT Messaging Protocols
● Common IoT application layer protocols
in use today:
○ MQTT - Message Queueing
Telemetry Transport uses TCP and
requires a message broker
○ CoAP - Constrained Application
Protocol is a document transfer
protocol that uses UDP
● Important characteristics for IoT
protocols:
○ Power consumption
○ Speed
○ Latency
○ Security
21. 21
Protocol Data Units
● Encapsulation is the process where protocols
add their information to the data.
● At each stage of the process, a PDU has a
different name to reflect its new functions.
● There is no universal naming convention for
PDUs, in this course, the PDUs are named
according to the protocols of the TCP/IP suite.
● PDUs passing down the stack are as follows:
○ Data (Data Stream)
○ Segment
○ Packet
○ Frame
○ Bits (Bit Stream
23. 23
Addresses
● Both the data link and network layers use addressing to deliver data from source to destination.
● Network layer source and destination addresses - Responsible for delivering the IP packet from
original source to the final destination.
● Data link layer source and destination addresses – Responsible for delivering the data link frame
from one network interface card (NIC) to another NIC on the same network.
24. 24
IP Address and Subnet Mask
● An Internet Protocol address (IP address) is a numerical label such as 192.0.2.1 that is connected to a
computer network that uses the Internet Protocol for communication
● An IP address serves two main functions: host or network interface identification and location
addressing.
● Internet Protocol version 4 (IPv4) defines an IP address as a 32-bit number.
● Internet Protocol version 6(IPv6) defines an IP address as a 128-bit number.
● A subnet mask is a 32- or 128-bit number that segments an existing IP address in a TCP/IP network.
● Subnet mask divides the IP address into a network address and host address
● Subnet mask can be represented in the dotted decimal format, such as 255.255.255.0
● The binary number 1 reflects the network part of the IP address
● Subnet mask can be written as the number of bits set to 1, for example : 192.168.1.34/24
2001:1234:5678:1234:5678:ABCD:EF12:1234/64
25. 25
Role of the Data Link Layer Addresses: Different IP Networks
● When the final destination is remote, Layer 3
will provide Layer 2 with the local default
gateway IP address, also known as the router
address.
● The default gateway (DGW) is the router
interface IP address that is part of this LAN
and will be the “door” or “gateway” to all
other remote locations.
● All devices on the LAN must be told about this
address or their traffic will be confined to the
LAN only.
● Once Layer 2 on PC1 forwards to the default
gateway (Router), the router then can start the
routing process of getting the information to
actual destination.
27. 27
Ethernet Encapsulation
• Ethernet operates in the data
link layer and the physical
layer.
• It is a family of networking
technologies defined in the
IEEE 802.2 and 802.3
standards.
28. 28
Data Link Sublayers
The 802 LAN/MAN standards, including Ethernet,
use two separate sublayers of the data link layer
to operate:
• LLC Sublayer: (IEEE 802.2) Places information
in the frame to identify which network layer
protocol is used for the frame.
• MAC Sublayer: (IEEE 802.3, 802.11, or 802.15)
Responsible for data encapsulation and media
access control, and provides data link layer
addressing.
29. 29
Frame Fields
Field Description
Frame Start and Stop Identifies beginning and end of frame
Addressing Indicates source and destination nodes
Type Identifies encapsulated Layer 3 protocol
Control Identifies flow control services
Data Contains the frame payload
Error Detection Used for determine transmission errors
30. 30
Ethernet Frame Fields
• The minimum Ethernet frame size is 64 bytes and the maximum is 1518 bytes. The preamble
field is not included when describing the size of the frame.
• Any frame less than 64 bytes in length is considered a “collision fragment” or “runt frame”
and is automatically discarded. Frames with more than 1500 bytes of data are considered
“jumbo” or “baby giant frames”.
• If the size of a transmitted frame is less than the minimum, or greater than the maximum, the
receiving device drops the frame. Dropped frames are likely to be the result of collisions or
other unwanted signals. They are considered invalid. Jumbo frames are usually supported by
most Fast Ethernet and Gigabit Ethernet switches and NICs.
32. 32
Ethernet MAC Address
• In an Ethernet LAN, every network device is connected to the same, shared media. MAC
addressing provides a method for device identification at the data link layer of the OSI model.
• An Ethernet MAC address is a 48-bit address expressed using 12 hexadecimal digits. Because a
byte equals 8 bits, we can also say that a MAC address is 6 bytes in length.
• All MAC addresses must be unique to the Ethernet device or Ethernet interface. To ensure this,
all vendors that sell Ethernet devices must register with the IEEE to obtain a unique 6
hexadecimal (i.e., 24-bit or 3-byte) code called the organizationally unique identifier (OUI).
• An Ethernet MAC address consists of a 6 hexadecimal vendor OUI code followed by a 6
hexadecimal vendor-assigned value.
33. 33
Unicast MAC Address
In Ethernet, different MAC addresses are used for
Layer 2 unicast, broadcast, and multicast
communications.
• A unicast MAC address is the unique address that
is used when a frame is sent from a single
transmitting device to a single destination device.
• The process that a source host uses to determine
the destination MAC address associated with an
IPv4 address is known as Address Resolution
Protocol (ARP). The process that a source host
uses to determine the destination MAC address
associated with an IPv6 address is known as
Neighbor Discovery (ND).
Note: The source MAC address must always be a
unicast.
34. 34
Broadcast MAC Address
An Ethernet broadcast frame is received and
processed by every device on the Ethernet LAN.
The features of an Ethernet broadcast are as
follows:
• It has a destination MAC address of FF-FF-FF-
FF-FF-FF in hexadecimal (48 ones in binary).
• It is flooded out all Ethernet switch ports
except the incoming port. It is not forwarded
by a router.
• If the encapsulated data is an IPv4 broadcast
packet, this means the packet contains a
destination IPv4 address that has all ones (1s)
in the host portion. This numbering in the
address means that all hosts on that local
network (broadcast domain) will receive and
process the packet.
35. 35
Multicast MAC Address
An Ethernet multicast frame is received and processed by a
group of devices that belong to the same multicast group.
• There is a destination MAC address of 01-00-5E when the
encapsulated data is an IPv4 multicast packet and a
destination MAC address of 33-33 when the encapsulated
data is an IPv6 multicast packet.
• There are other reserved multicast destination MAC
addresses for when the encapsulated data is not IP, such as
Spanning Tree Protocol (STP).
• It is flooded out all Ethernet switch ports except the
incoming port, unless the switch is configured for multicast
snooping. It is not forwarded by a router, unless the router
is configured to route multicast packets.
• Because multicast addresses represent a group of
addresses (sometimes called a host group), they can only
be used as the destination of a packet. The source will
always be a unicast address.
• As with the unicast and broadcast addresses, the multicast
IP address requires a corresponding multicast MAC
address.
37. 37
Address Resolution Protocol
● The Address Resolution Protocol (ARP) is a
communication protocol used for discovering
the link layer address, such as a MAC address,
associated with a given internet layer address,
typically an IPv4 address.
● In Internet Protocol Version 6 (IPv6) networks,
the functionality of ARP is provided by the
Neighbor Discovery Protocol (NDP).
● The Address Resolution Protocol is a request-
response protocol whose messages are
encapsulated by a link layer protocol. It is
communicated within the boundaries of a single
network, never routed across internetworking
nodes. This property places ARP into the link
layer of the Internet protocol suite.
38. 38
ARP packet format
Hardware type
● This field specifies the network link protocol
type.
Protocol type
● This field specifies the internetwork protocol for
which the ARP request is intended
Hardware length
● Length of a hardware address.
Protocol length
● Length of internetwork addresses.
Operation Code
● Specifies the operation that the sender is
performing: 1 for request, 2 for reply.
Source MAC
● Media address of the sender
Source protocol address
● Internetwork address of the sender.
Target MAC
● Media address of the intended receiver.
Target protocol address
● Internetwork address of the intended receiver.
39. 39
ARP Tables on Networking Devices
• The show ip arp command displays the ARP table on a Cisco router.
• The arp –a command displays the ARP table on a Windows 10 PC.
• The arp -i enp0s31f6 command displays the ARP entries for a specific interface on a Ubuntu 20.04
LTS PC.
R1# show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.10.1 - a0e0.af0d.e140 ARPA GigabitEthernet0/0/0
C:UsersPC> arp -a
Interface: 192.168.1.124 --- 0x10
Internet Address Physical Address Type
192.168.1.1 c8-d7-19-cc-a0-86 dynamic
user@host ~ $ arp -i enp0s31f6
Address HWtype HWaddress Flags Mask
Iface
192.168.0.104 ether 4c:eb:bd:24:7a:29 C
enp0s31f6
_gateway ether 00:26:5a:c3:45:df C
40. 40
Homework #1
Install Wireshark, ifconfig, nmap utilities first:
sudo apt install wireshark-qt net-tools nmap -y
Add yourself to the wireshark group to run Wireshark as a non-root user:
Run nmap to show all available computers on your local network, for example:
nmap -sP 192.168.0.0/24
Launch ifconfig utility to discover network interfaces available on your PC. Run Wireshark, select one of the
available interfaces(Ethernet or WLAN) to capture network traffic.
Run arp -a to show ARP table then perform ping command with one of the available IP addresses on your
network. Run arp -a again
Enter ‘arp’ filter in Wireshark to see captured ARP packets, analyze them and find difference between the
Ethernet frame format and the captured frame.
sudo usermod -a -G wireshark $USER
sudo reboot