Please enable JavaScript.
Coggle requires JavaScript to display documents.
2.3 Describe Ethernet and ARP - Coggle Diagram
2.3 Describe Ethernet and ARP
2.3.1 The Propose of ARP
Removing Entries from an ARP Table (Eric)
Every device has an ARP cache timer that removes ARP entries that have not been used for a specified period of time.
The times differ depending on the device’s operating system. As shown in the figure, some Windows operating systems store ARP cache entries for 2 minutes.
Can also manually remove all or some of the entries in the ARP table.
ARP Broadcasts (Eric)
an ARP request is received and processed by every device on the local network.
ARP requests can flood the local segment if a large number of devices were to be powered up and all start accessing network services at the same time.
ARP Spoofing (Eric)
Attackers can respond to requests and pretend to be providers of services.
One type of ARP spoofing attack used by attackers is to reply to an ARP request for the default gateway. In the figure, host A requests the MAC address of the default gateway. Host C replies to the ARP request. Host A receives the reply and updates its ARP table. It now sends packets destined to the default gateway to the attacker host C
Ethernet Encapsulation ( LYIANA )
DEFINITION
:In order to avoid altering the hardware of devices, the use of Ethernet with a different stacked protocol on top of it is possible by means of the EtherType field in the Ethernet frame.
IMPORTANT
: Remember that in case of non-real-time traffic the Ethernet layer will encapsulate a TCP/IP or UDP/IP packet. In case of real-time traffic though, the encapsulated packet will belong to a different protocol.
EXAMPLE
:
MAC sublayer ( LYIANA )
DEFINITION
: is a sublayer of the data link layer of the open system interconnections (OSI) reference model for data transmission. It is responsible for flow control and multiplexing for transmission medium. It controls the transmission of data packets via remotely shared channels.
EXAMPLE
:
Ethernet Evolution ( LYIANA )
DEFINITION
: is by far the most widely used local area networking (LAN) technology in the world today. Market surveys indicate that hundreds of millions of Ethernet network interface cards (NICs), repeater ports, and switching hub ports have been sold to date, and the market continues to grow. In total, Ethernet outsells all other LAN technologies by a very large margin.
EXAMPLE
:
Ethernet Frame Fields ( LYIANA )
DEFINITION
: is preceded by a preamble and start frame delimiter (SFD), which are both part of the Ethernet packet at the physical layer. Each Ethernet frame starts with an Ethernet header, which contains destination and source MAC addresses as its first two fields.
The minimum Ethernet frame size from Destination MAC address to FCS is 64 bytes and the maximum is 1518 bytes.
EXAMPLE:
Introduction to ARP(syairul)
It
contains
these two addresses:
-Destination MAC address
-Source MAC address
ARP provides two basic functions:
-Resolving IPv4 addresses to MAC addresses
-Maintaining a table of mappings
ARP Functions(syairul)
Ethernet devices refer to an ARP table in its memory (RAM) to find the MAC address that is mapped to the IPv4 address.
A device will search its ARP table for a destination IPv4 address and a corresponding MAC address.
2.3.3 Explain how network device use routing tables to direct packets to destination network
Next-Hop Address (Eric)
When a packet arrives at a router destined for a remote network, it will send the packet to the next hop address corresponding to the destination network address in its routing table.
For example, if the R1 router in the figure to the left receives a packet destined for a device on the 10.1.1.0/24 network, it will send it to the next hop address of 209.165.200.226.
Notice in the routing table, a default gateway address is not set. If the router receives a packet for a network that isn’t in the routing table, it will be dropped.
How a Host Routes
Using the Default Gateway
(syairul)
◦A host’s routing table usually includes a default gateway address which is the router IP address for the network that the host is on.
◦The host receives the IPv4 address for the default gateway from DHCP, or it is manually configured.
◦Having a default gateway configured creates a default route in the routing table of a host which is the route the computer will send a packet to when it needs to contact a remote network.
(syairul)
Host Routing Tables
-On a Windows host, you can display the routing table using:
:check:
route print
:check:
netstat-r
-Three sections will be displayed:
~Interface List - Lists the Media Access Control (MAC) address and assigned interface number of network interfaces on the host.
~IPv4 Route Table - Lists all known IPv4 routes
~IPv6 Route Table -Lists all known IPv6 routes.
EXAMPLE OF ROUTE PRINT:
EXAMPLE OF NETSTAT-R:
IPv4 Router Routing Table
On a Cisco IOS router, the show ip
route command is used to display the router’s IPv4 routing table. The routing table shows:
◦ Directly connected and remote route
◦ How each route was learned
◦ Trustworthiness and rating of the route
◦ When the route was last updated
◦ Which interface is used to reach the destination
A router examines an incoming packet’s header to determine the destination network. If there’s a match, the packet is forwarded using the specified information in the routing table.
When a router receives a packet
destined for a remote network, the router has to look at its routing table to determine where to forward the packet. A router’s routing table contains
Directly-connected routes – These routes come from the active router interfaces configured with IP addresses.
Remote routes – These routes come from remote networks connected to other routers. They are either configured manually or learned through a dynamic routing protocol.
Default route – This is where the packet is sent when a route does not exist in the routing table
2.3.2 Explain why the ipv4 protocol requires other layers to provide reliability.
Introducing IPv6 (Eric)
In the early ‘90s, the IETF started looking at a replacement for IPv4 – which led to IPv6.
Advantages of IPv6 over IPv4
Increased address space – based on 128-bit addressing vs. 32-bit with IPv4
Improved packet handling – fewer fields with IPv6 than IPv4
Eliminates the need for NAT – no need to share addresses with IPv6
There are roughly enough IPv6 addresses for every grain of sand on Earth.
Encapsulating IPv6 (Eric)
The IPv6 header is simpler than the IPv4 header
Advantages of IPv6 over IPv4 using the simplified header
Simplified header format for efficient packet handling
Hierarchical network architecture for routing efficiency
Autoconfiguration for addresses
Elimination of need for network address translation (NAT) between private and public addresse
IPv6 Packet Header (Eric)
IPv6 packet header fields
Version
Contains a 4-bit binary value set to 0110 that identifies it as a IPv6 packet
Traffic Class
8-bit field equivalent to the IPv4 Differentiated Services (DS) field.
Flow Label
20-bit field suggests that all packets with the same flow label receive the same type of handling by routers
Payload Length
16-bit field indicates the length of the data portion or payload of the packet
Next Header
8-bit field is equivalent to the IPv4 Protocol field. It indicates the data payload type that the packet is carrying
Characteristics of the IP Protocol
Characteristics of IP ( LYIANA )
Characteristics of IP
: ✑IP was designes as a protocol with low overhead. ✑it provides only the functions required to deliver a packet from the source to adestination.
Example :
IP -Connectionless(syairul)
connectionless protocol:
◦No dedicated end-to-end connection is created before data is sent.
◦Very similar process as sending someone a letter through snail mail.
◦Senders do not know whether or not the destination is present, reachable, or functional before sending packets.
◦This feature contributes to the low overhead of IP.
EXAMPLE:
IP –Best Effort Delivery(syairul)
Best Effort Delivery protocol:
◦IP is considered “unreliable” because it does not guarantee that all packets that are sent will be received.
◦Unreliable means that IP does not have the capability to manage and recover from undelivered, corrupt, or out of sequence packets.
◦If packets are missing or not in the correct order at the destination, upper layer protocols/services must resolve these issues
EXAMPLE:
IP –Media Independent ( LYIANA )
Media Independent
: ✑IP operates independently from the media that carries the data at lower layers of the protocol stack. ✑ it does not care if the media is copper cables,fiber optics or wireless.
Example:
Network Layer Protocol
The Network Layer
The network layer, which resides at OSI Layer 3, provides services that allow end devices to exchange data across a network
The network layer uses four processes in order to provide end-to-end transport
Addressing of end devices
IP addresses must be unique for identification purposes.
Encapsulation
The protocol data units from the transport layer are encapsulated by adding IP header information including source and destination IP addresses
Routing
The network layer provides services to direct packets to other networks. Routers select the best path for a packet to take to its destination network
De-encapsulation
The destination host de encapsulates the packet to see if it matches its own
Network Layer Protocols
There are several network layer protocols in existence
the most commonly implemented
Internet Protocol version 4 (IPv4)
Internet Protocol version 6 (IPv6)
Encapsulating IP
At the network layer, IP encapsulates the transport layer segment by adding an IP header for the purpose of delivery to the destination host.
The IP header stays the same from the source to the destination host
The process of encapsulating data layer by layer enables the services at different layers to scale without affecting other layers
Routers implement different network layer protocols concurrently over a network and use the network layer packet header for routing
IP – Media Independent
IP operates independently from the media that carries the data at lower layers of the protocol stack – it does not care if the media is copper cables, fiber optics or wireless
The OSI data link layer is responsible for taking the IP packet and preparing it for transmission over the communications medium
The network layer does have a maximum size of the PDU that can be transported – referred to as MTU (maximum transmission unit)
The data link layer tells the network layer the MTU
IPv4 Packet Header
An IP header is header information at the beginning of an Internet Protocol (IP) packet. An IP packet is the smallest message entity exchanged via the Internet Protocol across an IP network. IP packets consist of a header for addressing and routing, and a payload for user data.
An IPv4 header is a prefix to an IP packet that contains information about the IP version, length of the packet, source and destination IP addresses, etc. It consists of the following fields: Here is a description of each field: Version – the version of the IP protocol. For IPv4, this field has a value of 4.