In this lab, you will be examining the data link properties of a typical networked computer. Recall that this layer converts user messages to the "ones and zeroes" that will eventually flow through the media.
The data link layer performs three key functions: media access control, error detection and correction, and message delineation (identifying the start and end of the message). Each network adapter also has a unique hardware data link layer address. Because these addresses are set in hardware, each data link layer address is permanent.
Each network adapter also has one or more network protocols for transferring data between like network adapters. The data link layer is connected to the media in one of two ways: multipoint connections (as is the case with LANs) and point to point connections (i.e., phone lines to an ISP). The most popular multipoint data link protocol is Ethernet. Computers basically listen for existing conversions and if the line if free, start their own conversation. Errors can occur if two or more computers try to send messages at the same time since all messages flow over the same bus (Errors can also be caused by external factors such as power fluctuations).
Ethernet frames have a format similar to the following:
Destination address |
Source address |
Message length | Data and pad | CRC-32 |
6 bytes | 6 bytes | 2 byte | 46-1500 bytes | 4 bytes |
Recall that the lower layers "encapsulate" messages from higher level layers, treating the entire message from these layers as their own data. So in the case of a Web message using a TCP/IP and Ethernet network, we have:
HTTP header | User Data | ||||
TCP (UDP) header | TCP "data" | ||||
IP header | IP "data" | ||||
Ethernet header | Ethernet "data" | Ethernet trailer |
Initially, a computer only knows its own data link address. In order for two computers on the same Ethernet network to communicate, the sender must know the data link address of the receiving computer. In this case, the sender "looks up" the address by sending a message to everyone on the network called a broadcast message. The process is similar to that of an instructor taking roll on the first day of class. As he calls each name, everyone hears each name but only the person with the matching "address" responds. The instructor makes a notation in a log and from then on can "send messages" directly to the desired student by looking up the name in the table of addresses. Each computer also builds a table of data link addresses for future reference in much the same way.
Versions of the Windows operating system include a number of tools for examining data link layer properties and functions. Note that some of these utilities are "command line" programs so you'll have to open a DOS window. You can use the Start | Run sequence then type "cmd".
The Windows Control Panel (Windows XP)
Which are better, large frames or small frames? Why?
|
Security |
Insecure.org's Top 11 Packet Sniffers (Wired and Wireless) |