module 1 – Chapter 5 : ETHERNET





  • It operates in the data link and physical layer
  • It supports data bandwidth from 10mbps up to 10gbps
  • It relies on two layers of the data link Logical Layaer Control and Media Access Control.



  • Handles communication btwn the upper layer and lower layers
  • This is between networking software and device hardware
  • Considered as the driver software for the NIC (network Interface Card)



  • It is in the hardware
  • Component of te NIC
  • It is responsible for
  1. Data encapusulation
  2. Media access control

data encapasulation include

  • Frame assembling for transmission
  • Frame disassembling transmission
  • Adds head and tail to the network PDU

PDU -Protocol data unit

PDUs are relevant in relation to each of the first 4 layers of the OSI model as follows:[2]


  1. Frame delimiting
  • This identifies a group of bits that make up a frame
  • Provides a sync btwn transmitting and receiving nodes
  1. Addressing
  • It provides for data link layer addressing

3Error detection


MAC also places frames on the media and removes them off the media


  • The minimum frame size is 64 bytes (known as runt frame)
  • Maximum frame 1518 (giant frame)


An Ethernet frame starts with a header, which contains the source and destination MAC addresses, among other data. The middle part of the frame is the actual data. The frame ends with a field called Frame Check Sequence (FCS).
The Ethernet frame structure is defined in the IEEE 802.3 standard. Here is a graphical representation of an Ethernet frame and a description of each field in the frame:
ethernet frame
 Preamble – informs the receiving system that a frame is starting and enables synchronisation.
SFD (Start Frame Delimiter) – signifies that the Destination MAC Address field begins with the next byte.
Destination MAC – identifies the receiving system.
Source MAC – identifies the sending system.
Type – defines the type of protocol inside the frame, for example IPv4 or IPv6.
Data and Pad – contains the payload data. Padding data is added to meet the minimum length requirement for this field (46 bytes).
FCS (Frame Check Sequence) – contains a 32-bit Cyclic Redundancy Check (CRC) which allows detection of corrupted data

Unicast MAC address

  • This is the unique address used when a frame is sent froma single transmitting device to a single destination device

Broadcast MAC address

  • Contains a destination address that has all ones in the host portion
  • All host (end devices) on that local network will receive and process the packet
  • Broadcast MAC address is FF FF FF FF FF (48 ones in binary)

Multicast MAC address

-source device sends packet to a group are assigned a multicast group  ip address

Multi cast address is to



  • Layer 2 switches uses mac address to make forwading decsions
  • It uses MAC address to push the frame\
  • Hubs repeats bits out all ports except the source port
  • Switches uses a mac address table to make forwarding decisions
  • Mac address table is also known as content addressable table







Frame Forwarding methods

– A switch receives a frame from different devices and updates its mac address table
1. Stores and Forward

– Receive the whole frame and does the cyclic reducndancy check
– Whern crc is good, the switch checks the mac address table and forwards the frame
2. Cut through
– A cut throuhj switch forwards the frame before it is entirely received
– Router should have destination MAC before frame can be forwarded

Two types of the cut through

 Fast forward switching
 Fragment free switching

  1. Memory Buffering on Switches


  • It’s a method of storing frame before forading them
  • Used when the destination port is busy due to congestion and the switch stores frame until it can be transmitted
  • Port based
  • Shared Memory

Duplex and Speed Settings

  • Basic settings of a switch are bandwidth and speed
  • Done on individual port
  • It has to match between the switch port of both sender and receiver
  • Full duplex : both ends of the connection can send or receive at the same time
  • Half Duplex: only one end of the connection can send at a time
  • AUTO MDIX detects the type of connection required and figures the interface accordingly
  • Cables should be terminated correctly and te correct one for the devices e.g cross over or straight through

Address Resolution Protocol (ARP)

Address Resolution Protocol (ARP) is a network protocol used to find the hardware (MAC) address of a host from an IP address. ARP is used on Ethernet LANs because hosts that want to communicate with each other need to know their respective MAC addresses. It is a request-reply protocol; ARP request messages are used to request the MAC address, while ARP reply messages are used to send the requested MAC address.
Consider the following example:

how arp works
Host A wants to communicate with the host with the IP address of Host A doesn’t know the MAC address of the host with that IP address, so it will send an ARP request, requesting the MAC address. Because the ARP request is sent to the broadcast address, the switch will flood the request out all interfaces. Every device on the LAN will receive the request, but only the device with the IP address of will process it and send an ARP reply message, listing its MAC address. Host A will receive the reply and the communication between the two devices can be established.
ARP requests are sent to the Layer 2 broadcast address of FF:FF:FF:FF:FF:FF (all 1s in binary). The ARP reply is an unicast message sent only to the host that sent the ARP request.
Hosts store the ARP results, keeping the information in their ARP cache. Each time a host needs to send a packet to another host on the LAN, it first checks its ARP cache for the correct IP address and matching MAC address. The addresses will stay in the cache for a couple of minutes. On Windows, you can display the content of the ARP cache by using the arp -a command:
arp a command windows

Some sources mention ARP as a Layer 2 protocol, while other place ARP at Layer 3.


How ARP Works




-Your computer will have data that it needs to send (I’m assuming that we’re using TCP/IP from here on). When the data gets to the Network layer it will put on the destination IP address.

-All of this info (the network layer datagram, aka packet) is passed down to the data link layer where it is taken and placed within a data link frame.

-Based on the IP address (and the subnet mask), your computer should be able to figure out if the destination IP is a local IP or not.

-If the IP is local, your computer will look in it’s ARP table (a table where the responses to previous ARP requests are cached) to find the MAC address.

-If it’s not there, then your computer will broadcast an ARP request to find out the MAC address for the destination IP.

-Since this request is broadcast, all machines on the LAN will receive it and examine the contents. If the IP address in the request is their own, they’ll reply.

-On receiving this information, your computer will update it’s ARP table to include the new information and will then send out the frame (addressed with the destination host’s MAC address).


-If the IP is not local then the gateway (router) will see this (remember, the ARP request is broadcast so all hosts on the LAN will see the request). The router will look in it’s routing table and if it has a route to the destination network, then it will reply with it’s own MAC address.

-This is only the case if your own computer doesn’t know anything about the network topology.

-In most cases, your computer knows the subnet mask and has a default gateway set. Because of this, your own computer can figure out for itself that the packet is not destined for the local network.

-Instead, your computer will use the MAC address of the default gateway (which it will either have in it’s ARP table or have to send out an ARP request for as outlined above).

-When the default gateway (router) receives the frame it will see that the MAC address matches it’s own, so the frame must be for it. The router will un-encapsulate the data link frame and pass the data part up to the network layer.

-At the network layer, the router will see that the destination IP address (contained in the header of the IP packet) does not match it’s own (remember, the IP address has not been touched at all in this process since your computer created the IP packet).

-The router will realise that this is a packet that is supposed to be routed. The router will look in it’s routing table for the closest match to the destination IP in order to figure out which interface to send the packet out on.

-When a match is found, the router will create a new data link frame addressed to the next hop (and if the router doesn’t know the hardware address for the next hop it will request it using the appropriate means for the technology in question).

-The data portion of this frame will contain the complete IP packet (where the destination IP address remains unchanged) and is sent out the appropriate interface.

-This process will continue at each router along the way until the information reaches a router connected to the destination network.

-It will see that the packet is addressed to a host that’s on a directly connected network (the closest match you can get for an address, short of the packet being addressed to you). It will send out an ARP request for MAC address of the destination IP (assuming it doesn’t already have it in it’s table) and then address it to the destination’s MAC address.

– How the router does this will depend on what type of connection (and in some cases, what protocol and/or encapsulation is used on the connection).

-This is why the OSI model is good. It’s layered so that any layer can change and as long as it takes in information in a standard way (the way the layer above wants to send it) and spits out information in a standard way (the way the layer below wants to receive it), then it’s all good.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s