Lab 2 - The Data Link Layer

 

In this lab, you will be examining the data link properties of a typical networked computer.  Recall that this layer converts user messages to the "ones and zeroes" that will eventually flow through the media.

Data link layer messages (frames)

The data link layer performs three key functions: media access control, error detection and correction, and message delineation (identifying the start and end of the message). Each network adapter also has a unique hardware data link layer address. Because these addresses are set in hardware, each data link layer address is permanent. 

Each network adapter also has one or more network protocols for transferring data between like network adapters. The data link layer is connected to the media in one of two ways: multipoint connections (as is the case with LANs) and point to point connections (i.e., phone lines to an ISP). The most popular multipoint data link protocol is Ethernet. Computers basically listen for existing conversions and if the line if free, start their own conversation. Errors can occur if two or more computers try to send messages at the same time since all messages flow over the same bus (Errors can also be caused by external factors such as power fluctuations).

Ethernet frames have a format similar to the following:

 

Destination address

Source address

Message length Data and pad CRC-32
6 bytes 6 bytes 2 byte 46-1500 bytes 4 bytes


 

Recall that the lower layers "encapsulate" messages from higher level layers, treating the entire message from these layers as their own data. So in the case of a Web message using a TCP/IP and Ethernet network, we have:


 

      HTTP header User Data  
    TCP (UDP) header TCP "data"  
  IP header IP "data"  
Ethernet header Ethernet "data" Ethernet trailer

 

Initially, a computer only knows its own data link address. In order for two computers on the same Ethernet network to communicate, the sender must know the data link address of the receiving computer. In this case, the sender "looks up" the address by sending a message to everyone on the network called a broadcast message. The process is similar to that of an instructor taking roll on the first day of class. As he calls each name, everyone hears each name but only the person with the matching "address" responds. The instructor makes a notation in a log and from then on can "send messages" directly to the desired student by looking up the name in the table of addresses.  Each computer also builds a table of data link addresses for future reference in much the same way. 

 

Tools

Versions of the Windows operating system include a number of tools for examining data link layer properties and functions. Note that  some of these utilities are "command line" programs so you'll have to open a DOS window. You can use the Start | Run sequence then type "cmd". 

 

The Windows Control Panel (Windows XP)

 

 

Data Link Layer Exercise

  1. What is the data link address of your computer? (ipconfig /all)


     
  2. List other data link addresses known to your computer? (arp -a)


     
  3. Which data link layer protocols are in use on your computer? (Control Panel)


     
  4. Approximately how many bytes have been transferred by your computer this session? (netstat -e)


     
  5. How many errors has you computer encountered this session? (netstat -e)


     
  1. How many broadcast  (i.e., non-unicast) messages has your computer processed this session? (netstat -e)

 

 


 

Data Link layer thought exercise

Which are better, large frames or small frames? Why?

 

Data link layer references

Data link protocols reference page

 

Ethernet Reference (CISCO)

 

Security
Insecure.org's Top 11 Packet Sniffers (Wired and Wireless)