Internet Protocol Analysis/Link Layer

This lesson introduces the Link layer and looks at a variety of link layer frame types. Activities include identifying MAC addresses and using Wireshark to examine Ethernet network traffic.

Readings

 * 1)  Link layer
 * 2)  MAC address
 * 3)  Organizationally Unique Identifier
 * 4)  Ethernet frame
 * 5)  EtherType
 * 6)  Wikipedia: Token Ring Frame Format
 * 7)  Wikipedia: Point-to-Point Protocol (PPP) Frame
 * 8)  Wikipedia: IEEE 802.11 Frames

Multimedia

 * 1) YouTube: MAC Address Formats - CompTIA Network+ N10-005: 1.3
 * 2) YouTube: Basics of ipconfig, ping, tracert, nslookup and netstat

Activities

 * 1)  Display MAC Addresses Using Getmac.
 * 2)  Display MAC Addresses Using Ipconfig.
 * 3)  Search for a MAC Address OUI.
 * 4) Compare  Ethernet and  Token Ring frame formats.  Which fields are included in both formats?  Which fields are unique to one format or the other?
 * 5) Compare  Ethernet and  Point-to-Point Protocol frame formats.  Which fields are included in both formats?  Which fields are unique to one format or the other?
 * 6) Review Wireshark: Ethernet.
 * 7) Use Wireshark to  capture and analyze Ethernet traffic.
 * 8) Review Wireshark: WLAN Capture Setup.
 * 9) If your wireless network adapter supports it, use Wireshark to capture and analyze 802.11 traffic.  Are you able to capture actual 802.11 traffic, or is it translated to Ethernet traffic before it can be captured and displayed?
 * 10) Link layer protocols have changed significantly since the introduction of the Internet protocol suite, while the core TCP/IP protocols have changed very little.  Consider possible explanations for the many changes and performance improvements in link layer protocols over time.
 * 11) Consider situations in which a packet analyzer might be used to troubleshoot link layer traffic.

Lesson Summary

 * The Link layer is the lowest layer in the Internet Protocol Suite. It implements the communication protocol necessary for a host to link to its directly-connected network.
 * TCP/IP's layers are descriptions of operating scopes (application, host-to-host, network, link) and not detailed prescriptions of operating procedures, data semantics, or networking technologies.
 * Layering in TCP/IP is not a principal design criterion and in general is considered to be harmful.
 * The standard (IEEE 802) format for printing MAC-48 addresses in human-friendly form is six groups of two hexadecimal digits, separated by hyphens (-) or colons, in transmission order.
 * The IEEE expects the MAC-48 space to be exhausted no sooner than the year 2100.
 * If the least significant bit of the most significant octet of an address is set to 0 (zero), the frame is meant to reach only one receiving NIC.
 * If the least significant bit of the most significant address octet is set to 1, the frame will still be sent only once; however, NICs will choose to accept it based on different criteria than a matching MAC address: for example, based on a configurable list of multicast MAC addresses.
 * Packets sent to the broadcast address, all one bits or hexadecimal FF:FF:FF:FF:FF:FF, are received by all stations on a local area network.
 * Packets sent to a multicast address are received by all stations on a LAN that have been configured to receive packets sent to that address.
 * Although intended to be a permanent and globally unique identification, it is possible to change the MAC address on most modern hardware.
 * An Organizationally Unique Identifier (OUI) is a 24-bit number purchased from the Institute of Electrical and Electronics Engineers, Incorporated (IEEE) Registration Authority and uniquely identifies the vendor or manufacturer of a network adapter.
 * An Ethernet frame includes destination and source MAC addresses, Ethertype, data, and a frame check sequence.
 * Ethertype is a two-octet field used to indicate which protocol is encapsulated in the payload of an Ethernet Frame.
 * A Token Ring frame includes access control, frame control, destination and source MAC addresses, data, and a frame check sequence.
 * A Point-to-Point Protocol (PPP) frame includes protocol and data information.
 * An IEEE 802.11 frame includes frame control, destination and source MAC addresses, data, and a frame check sequence.

Key Terms

 * 802.3
 * A set of IEEE standards for implementing wired Ethernet.


 * 802.5
 * A set of IEEE standards for implementing Token Ring.


 * 802.11
 * A set of IEEE standards for implementing wireless local area network (WLAN) communication.


 * Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
 * A Media Access Control (MAC) method in which a carrier sensing scheme is used, and a transmitting data station that detects another signal while transmitting a frame stops transmitting that frame, transmits a jam signal, and then waits for a random time interval before trying to resend the frame.


 * data transmission
 * The physical transfer of data (a digital bit stream) over a point-to-point or point-to-multipoint communication channel.


 * Ethernet
 * A family of computer networking technologies for local area networks (LANs) that was commercially introduced in 1980 and standardized in 1985 as IEEE 802.3.


 * Institute of Electrical and Electronics Engineers (IEEE)
 * A professional association headquartered in New York City that is dedicated to advancing technological innovation and excellence.


 * Local Area Network (LAN)
 * A computer network that interconnects computers in a limited area such as a home, school, computer laboratory, or office building using network media.


 * MAC spoofing
 * A technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device.


 * network segment
 * A portion of a computer network, sometimes used as a synonym for collision domain.


 * node
 * A connection point, either a redistribution point or a communication endpoint.


 * Organizationally Unique Identifier (OUI)
 * A 24-bit number purchased from the Institute of Electrical and Electronics Engineers, Incorporated (IEEE) Registration Authority and uniquely identifies the vendor or manufacturer of a network adapter.


 * Point-to-Point Protocol (PPP)
 * A data link protocol commonly used in establishing a direct connection between two networking nodes in a Wide Area Network (WAN) environment.


 * Token Ring
 * A data link protocol that uses a ring topology and was standardized as IEEE 802.5.


 * unique identifier (UID)
 * Any identifier which is guaranteed to be unique among all identifiers used for a given set of objects and for a specific purpose.


 * Wide Area Network (WAN)
 * A network that covers a broad area (i.e., any telecommunications network that links across metropolitan, regional, or national boundaries) using private or public network transports.

Assessments

 * /Lesson Flashcards/
 * /Terms Flashcards/
 * /Quiz/