Outline
Ethernet Header and trailer
- Every piece of Ethernet hardware has a globally unique 48-bit (6-byte)
address
- this address is structured in two parts: a 24-bit Organizationally
Unique Identifier (OUI), and a 24-bit organization-assigned part
- IEEE assigns OUIs (only $1,650, unless you want privacy), i.e. blocks
of 224 = 16 million addresses
- an Ethernet header has the destination address, followed by the
source address, followed by an Ethernet Type field, which identifies
the next protocol header
- for example, the Ethernet Type for IP is 0x800 (2,048)
- the Ethernet payload (the entire IP header and payload) must be
between 46 and 1500 bytes long
- shorter payloads are padded to 46 bytes
- the Ethernet payload is preceded by the header and followed by the
32-bit CRC
- there is also an 8-byte preamble that is used for hardware
synchronization
- ethernet hardware can compare the first 6 bytes of the packet
to its own address, and only interrupt the OS if the six bytes match
- the Ethernet broadcast address, FF-FF-FF-FF-FF-FF, is also
received by every Ethernet interface
Ethernet Security
- every host on an Ethernet can receive every packet transmitted on
its Ethernet segment
- normally, hosts discard messages not for them
- however, any host can put its interface into promiscuous mode,
where all received packets are given to the operating system
- packet sniffers use this technique, and can be used by network
administrators and attackers alike
- a packet sniffer is simply an application that puts the interface
in promiscuous mode, then displays the packets that have been received,
e.g. tcpdump or wireshark
- while learning switches provide a level of isolation,
by only forwarding data to the intended destination,
- techniques have been developed to get switches to forward data to
nodes other than the intended destination
- it is safest to assume that all data on an Ethernet is readable
to all hosts on that same Ethernet
Address Resolution Protocol
- when sending an IP packet to the next hop, link-layer dependent
techniques are used
- when the link-layer is Ethernet, the packet could be broadcast, but
it would be better to find the MAC address of the next hop
- the IP address of the next hop is in the routing table (or, if this
network is connected to the destination, is simply destination address
of the IP packet)
- so the sender broadcasts a small packet requesting any recipient
to respond if they have the desired IP address
- this is an Address Resolution Protocol (ARP) request
- the response is unicast, and is an ARP reply (ARP response)
- ARP requests and responses are sent with Ethertype 0x806
- when a host gets an ARP response, it caches the information
for a time, typically 15 minutes
- any subsequent packets to the same IP address can be sent without
using ARP
802.11/WiFi
- IEEE working group 802.11 has produced standards for wireless
communication (Ethernet is 802.3)
- this has been conventionally known as WiFi, Wireless Fidelity, similar
to HiFi (High Fidelity, a marketing term for stereo equipment)
- a range of standards, using the 2.4GHz frequency band (used
by microwave ovens, and free to use worldwide without a license)
and the 5GHz frequency band
- the available frequency is split into overlapping channels, e.g.
channels 1-11 for 802.11b
- channels do not overlap if they are at least 4 apart
- higher frequency allows higher data rate, but has shorter range (for
a given power) and more multipath fading
- data rates available up to 54Mb/s
- data rates may be reduced to reach farther distances
802.11 architecture
- 802.11 can be used to have one computer directly communicate
with another: ad-hoc mode
- 802.11 is usually used in managed or infrastructure
mode, where computers only communicate with an access point (AP)
- a Basic Service Set is the area served by an AP, and is identified
by an SSID
- the function of an AP is similar to that of an Ethernet switch
- APs can be interconnected with each other (through wired or wireless
links) to form a mesh network
- APs broadcast their SSIDs
- a host associates with one AP by sending an association request
- the AP sends the corresponding association response
802.11 CSMA/CA
- Ethernet uses Carrier Sensing Multiple Access with Collision Detection:
CSMA/CD
- building radios that can send and receive at the same time
has been difficult, so sensing collisions is difficult
- also, two transmitters in range of the same receiver may not be
in range of each other -- the hidden terminal problem
- as in Ethernet, a sender remains quite while detecting a transmission:
Carrier Sense Multiple Access
- however, even while the medium is idle, a sender waits a random amount
of time before transmitting
- this way, most likely two senders will not start at the same
time (Collision Avoidance, CSMA/CA)
- a receiver that gets a correct frame sends an acknowledgement
- lack of acknowledgement causes the sender to back off and retransmit
- also, if the data to be sent is large, the sender first sends a
Request to Send (RTS) and only transmits if it gets a Clear To Send (CTS)
response from the receiver
- these two frames reserve the medium around both the sender and the
receiver
- ACK, RTS, and CTS are not used in broadcast mode
- if the receiver forwards a broadcast packet (e.g. in flooding), the
sender can overhear it, which is a form of passive ACK
802.11 addressing
- the 802.11 addresses are 6 bytes and are drawn from the same
space as Ethernet addresses
- the 802.11 header contains up to 4 MAC addresses:
- the "next wireless hop" address, the address of the wireless destination
- the "wireless sender" address, the address of the wireless sender
- optionally, the link-layer original sender or final receiver address
(e.g., the router Ethernet interface address) when a packet is being
forwarded by an AP
- optionally, the destination link-layer address, when a packet is being
forwarded between APs
Ethernet and 802.11 comparison
- in an Ethernet, either every node in the network gets a message,
or none do
- with Ethernet switches, the destination gets the message if anyone
does (and if the learning algorithm is working well)
- with 802.11, different nodes in the network get different subsets
of the message: the network is not a broadcast medium that can reach
all nodes
- there are many more sources of packet loss in 802.11 than in
Ethernet: interference from other wireless devices, more collisions
- laying wire is more expensive and less convenient, but results
in a dedicated channel