May the source be with you, but remember the KISS principle ;-)

Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Ethernet Protocol

(Adapted from Lecture notes for FDU students by Professor Nikolai Bezroukov)

News Recommended Links FAQs Reference Solaris ifconfig netstat
Autonegotiation ethtool Ethernet Codes: Vendor codes Quiz Humor Etc



CSMA/CD Access Method


Half-duplex and Full Duplex Mode

Ethernet Statistics

Ethernet Addresses

Ethernet frame format

Maximum Transfer Units

Ethernet Frame Errors

IP Configuration




At its most basic form, a network consists of two computers that connect to each other to collaborate on a particular task. These collaborative tasks range from simple file transfers to the complex tasks of distributed computing or clustering.

There are two basic parts to a network: the physical medium and the network protocol. The physical medium employed in a network varies, depending on how you need to connect your computers, and how much you are willing to spend. Some of the common methods used for computer connectivity include:

Ethernet is a baseband networking technology that has been defined by various standards. Ethernet is the most dominant LAN technology:

A baseband technology devotes the entire bandwidth of the media to one channel. Simplistically, bandwidth can be defined as a measure of network capacity - the greater the available bandwidth, the greater the network's resilience to loading. The inclusion of the word "base" in 10BaseT, 10Base5 etc., simply refers to Ethernet's baseband nature. The most common IEEE media identifiers are:

Ethernet was designed as a packet-switching LAN over broadcast technology. Devices connect to the network and compete for access to a shared communications channel. The IEEE 802.3 standard for Ethernet was defined in 1985. Ethernet standards are implemented at the Network Interface layer of the TCP/IP protocol model. The three major elements of Ethernet networks are:

There are no levels of priority for transmission. All computers on an Ethernet network are considered equal in terms of their access to the media. Unless it is switched :

Even if two networks are using the same medium, they can be using two completely different protocols or methods of communication. Some protocols used in today's networks include:

CSMA/CD Access Method

Partly derived from Federal Standard 1037C and Wikipedia Article

Carrier Sense Multiple Access With Collision Detection (CSMA/CD) is a network control protocol in which

CSMA/CD is a modification of pure Carrier Sense Multiple Access (CSMA). In CSMA/CD, sending nodes are able to detect when a collision occurs and stop transmitting immediately, backing off for a random amount of time before trying again. This results in much more efficient use of the media since the bandwidth of transmitting the entire frame is not wasted. However, it is not possible with all media (e.g., radio), and requires extra electronics (not an issue with today's technology, but one reason Apple used CSMA/CA-based LocalTalk instead of the then much more expensive Ethernet).

Collision detection is used to improve CSMA performance by terminating transmission as soon as a collision is detected, and reducing the probability of a second collision on retry.

Methods for collision detection are media dependent, but on an electrical bus such as Ethernet, collisions can be detected by comparing transmitted data with received data. If they differ, another transmitter is overlaying the first transmitter's signal (a collision), and transmission terminates immediately. A jam signal is sent which will cause all transmitters to back off by random intervals, reducing the probability of a collision when the first retry is attempted.

Ethernet is the classic CSMA/CD protocol. Non-switched Ethernet uses a broadcast delivery mechanism in which each frame that is transmitted is heard by every station. CSMA/CD is an arbitrary access method that provides a method to detect and recover from simultaneous transmissions. Each interface monitors the network for a carrier signal (Carrier Sense). During a gap between transmissions, each interface has an equal chance to transmit data (Multiple Access). If two interfaces try to transmit data at the same time, the transceiver circuitry detects a transmit collision (Collision Detection). Both interfaces must wait a short period of time before they attempt to resend data. The wait period is determined by using an exponential back-off algorithm.

Algorithms of CSMA/CD accesses the network was originally developed for the original Ethernet topology. Ethernet originally consisted of a single-wire, bidirectional backbone. The theory of operation is still the same today, but Ethernet topologies use more advanced components that allow a higher transmission rate.

  1. The host has a message
  2. Is there traffic on the network. If yes go to step 2 (loop until no traffic )
  3. The host sends the message
  4. Was there a collision ? If no -- success go to step 7.
  5. Send the jam signal
  6. Wait. Back off exponentially. Then go to step 2 (collision loop)
  7. Success

See also the similar Carrier sense multiple access with collision avoidance (CSMA/CA) protocol.

Half-duplex and Full Duplex Mode

A duplex communication system is a system composed of two connected parties or devices which can communicate with one another in both directions. (The term duplex is not used when describing communication between more than two parties or devices.)

Duplex systems are employed in nearly all communications networks, either to allow for a communication "two-way street" between two connected parties or to provide a "reverse path" for the monitoring and remote adjustment of equipment in the field.

Ethernet Statistics

Netstat command displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, netstat displays active TCP connections.

netstat [-a] [-i] [ -e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval]



Collision rates

A collision is the mechanism used by Ethernet to control access and allocate shared bandwidth among stations that want to transmit at the same time on a shared medium. Because the medium is shared, a mechanism must exist where two stations can detect that they want to transmit at the same time. This mechanism is collision detection.

Collision rates higher then 5% on 10-Mbps LAN and 10% on 100-Mbps LAN are first indications of the network overload.

Switches minimize collisions so this is not a problem in modern LAN.

Input/Output Errors

If netstat reports significant number of i/o errors this is usually indication of duplicate IP address on the network. Other possible reasons include faulty cable of RJ45 jack, a faulty port of the network switch or a faulty LAN card in the computer.

Ethernet Addresses

This material is partially copied from SA-300-S10 Sun Solaris network administration manual

An Ethernet address is the deviceís unique hardware address. An Ethernet address is sometimes referred to as a media access control (MAC) address. An Ethernet address is 48 bits long and is displayed as 12 hexadecimal digits (six groups of two digits) separated by colons. An example of an Ethernet address is  44-45-53-54-42-00

The IEEE specification enables the vendor to decide whether to use the host-based addressing approach or the port-based addressing approach. By default, Sun uses host-based addressing on its networks interface cards (NICs).

The network interface drivers in Sun systems obtain the Ethernet address for the Ethernet interface from a systemís hardware. For example, desktop systems use the address in the nonvolatile random access memory (NVRAM) chip, while some large server systems obtain their address from a special board installed in the system. By default, all interface addresses on a system use just one Ethernet address, either the NVRAM or the special board, even though each Ethernet interface controller has a built-in Ethernet address.

For systems configured to have more than one interface on the same physical subnet, you need a unique Ethernet address that is different from the primary host-based assigned Ethernet address.

There are three types of addresses: unicast, broadcast, and multicast.

Setting a Local Ethernet Address

In todayís network environments, many systems have multiple interfaces, often on the same subnet or collision domain. Because an Ethernet address targets systems, each interface on the same network or subnet on a multi-interface system must have a unique Ethernet address. Sun network adapters have local Ethernet addresses encoded in their programmable read-only memories (PROMs).

To view the current host-based Ethernet address, perform the command at the ok prompt:

ok banner
Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 360MHz), No Keyboard
OpenBoot 3.19, 128 MB (50 ns) memory installed, Serial #12153379.
Ethernet address 8:0:20:b9:72:23, Host ID: 80b97223.

To display the Ethernet address assigned to each interface, perform the command:

# ifconfig -a

lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet netmask ff000000

hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet netmask ffffff00 broadcast
ether 8:0:20:b9:72:23

qfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet netmask ffffff00 broadcast
ether 8:0:20:b9:72:23

Set the local-mac-address? variable in the systemís electrically erasable programmable read-only memory (EEPROM) to enable the use of port-based Ethernet addresses.

To view the contents of the EEPROM for the definition of the local-mac-address? variable, perform the command:

# eeprom local-mac-address?

You can set the local MAC address to true, which enables network drivers to use their own port-based addresses after reboot and not the system default host-based addressing by performing the command:

# eeprom local-mac-address?=true

The ifconfig ether command can also configure port-based addressing. This might be necessary if the interface card cannot supply its own unique Ethernet address. You can change the interface Ethernet address of 8:0:20:f0:ac:61 from a globally assigned Ethernet address to a locally assigned address of 0a:0:20:f0:ac:61 by changing the seventh bit to 1, and assigning a local unique number to the last 3 bytes.

To change the Ethernet address, perform the command:

# ifconfig hme1 ether 0a:0:20:f0:ac:61

To verify a change in the Ethernet address, perform the command:

# ifconfig hme1
hme1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet netmask ffffff00 broadcast
ether a:0:20:f0:ac:61

This change of the Ethernet address is effective until you reboot the system. To make the change permanent, modify the /etc/rc2.d/S72inetsvc script by using the ifconfig command with the correct Ethernet address.

Ethernet frame format

This material copied from IBM Redbook

Know how to interpret the data contained in your Ethernet frames by understanding the frame formatting.

While tracing LAN communications, you might need to look at the transmitted frames. To understand the data that is contained in the frame, you must know how it is formatted. The figures below show the frame format of two Ethernet standards: IEEE 802.3 and Ethernet version 2.

The Frame Check Sequence (FCS) is a part of the frame put in place to verify that the information each frame contains is not damaged during transmission. If a frame is corrupted during transmission, the FCS on the frame will not match with the recipient's calculated FCS. Any frames that do not match the calculated FCS will be discarded.

IEEE 802.3 frame format

Starting Delimiter (1 byte) Destination Address (6 bytes) Source Address (6 bytes) Length (2 bytes) LLC header and Information field (46 - 1500 bytes) Frame Check Sequence (4 bytes)

Ethernet version 2 frame format

Starting Delimiter (1 byte) Destination Address (6 bytes) Source Address (6 bytes) Type (2 bytes) Information field (46 - 1500 bytes) Frame Check Sequence (4 bytes)

Ethernet version 2 supports SNA by placing the IEEE 802.2 LLC header and data into the information field. It also puts value X'80D5' into the Type field. This shows the frame format.

Starting Delimiter Destination Address Source Address Type (80D5) Information field (Length, Padding, LLC header, Data) Frame Check Sequence

Maximum Transfer Units

The maximum transfer unit (MTU) is the largest amount of data that can be transferred across a physical network. The Ethernet MTU is hardware  specific. For a physical Ethernet interface, the MTU is 1500 bytes, while the MTU is 8232 bytes for a loopback interface. The loopback interface is a pseudo device that communicate or loops back to the host itself.

Ethernet Frame Errors

Ethernet frames can be significantly damaged when they traverse a network. When a host receives a frame, the Ethernet interface performs integrity checking to verify Ethernet frame validity. Some of these error conditions are:

Our scenario assumes a second NIC is being installed into a previously configured networked system. Before installing the new hardware, save the current system configuration by running prtconf -vD. The output of this command can be extensive on larger systems, so it's best to direct the output of prtconf to a file.

After physically installing the new hardware, boot the system with the -r option from the OK prompt. This will have the system scan for new hardware and build the device driver directories accordingly. When that has been completed, run prtconf -vD again and compare its content to the previous execution's results. If a new device doesn't show up, consult the instruction manual for that device as it may require a new driver to be installed or some other special action specific to that hardware.

The name of a NIC is the driver abbreviation with the instance number (a consecutive number starting from 0 counting each device that uses that driver). If you cannot tell which driver runs your hardware, consult the NIC card's manual.

The results of an ifconfig -a show us the current state of the network devices:

lo0: flags=1000849 mtu 8232 index 1
        inet netmask ff000000 
hme0: flags=1000843 mtu 1500 index 2
        inet netmask ffffff00 broadcast

The built in NIC (instance #0) had previously been configured, and lo0 is an instance of the local loopback address. Since hme1 doesn't show up, it means it has yet to be initialized and configured.

IP Configuration

Persistent IPv4 Configuration

In order to have the system configure our NIC at boot, the first step is to get an IP address and subnet mask. In our case, we are going to put this second NIC into a different IP range than the original NIC. Our first NIC is in the 192.168.1.x network, so we will put the new NIC into the 192.168.2.x network. Both of these networks have a subnet mask of Note: Always make sure the assigned IP is not already taken up by another machine; to do so, use ping from a machine already configured in that network.

Next we add a line to the /etc/hosts file for our new card:		host2

Now, we create a file in /etc that is named hostname. For example, our first NIC's file is /etc/hostname.hme0. Our new device, hme1, will need the file /etc/hostname.hme1. In this file, we will put the name associated with the IP (as found in the /etc/hosts file). It should be the first name in the /etc/hosts file. In our scenario, /etc/hostname.hme1 should contain:

Then we edit the /etc/netmasks file for our new network:

Reboot the system, and your network card has been configured for the new network with the proper subnet mask. You can check it by running an ifconfig -a again:

lo0: flags=1000849 mtu 8232 index 1
        inet netmask ff000000 
hme0: flags=1000843 mtu 1500 index 2
        inet netmask ffffff00 broadcast
hme1: flags=1000843 mtu 1500 index 3
        inet netmask ffffff00 broadcast

Non-Persistence IPv4 Configuration

To configure the NIC without having to reboot (having previously installed the hardware), you first need to initialize or plumb the network card:

	ifconfig hme1 plumb

Then you configure the device:

	ifconfig hme1 netmask

Now, you just bring the NIC online.

	ifconfig hme1 up

Your network card is now up and running. You will still need to make the preceding file modifications or your card will not be configured upon reboot.

IPv6 Configuration

Almost everything with IPv6 is designed to be automatic. All that is needed is to tell the system that IPv6 is to be used, and it will handle the rest. To configure it at boot (persistent), execute the following command:

	touch /etc/hostname6.interface 

To enable IPv6 at the command line (which will be lost when the system reboots), run the following commands:

	ifconfig  inet6 plumb
	ifconfig  inet6 up


The following is a collection of tools that might be useful for troubleshooting of  networking problems:

 /bin/netstat: Many netstat options are useful in troubleshooting. Some examples

/usr/sbin/snoop: Root can run snoop to capture network traffic and display packet content on the screen. Snoop is useful for finding malfunctioning NICs flooding the network or for ensuring that DHCP is working properly. Before you configure a NIC, you can run snoop to verify that you are seeing packets flowing through your NIC that is, the cable/NIC/switch port are working), and the IP addresses of those packets are consistent with what is expected for the NIC's new network. Some examples:

/sbin/ifconfig:  An ifconfig -a will give you information about all NIC, including IP address (inet), subnet mask (netmask), and if run as root, the MAC address (ether). Please note that only root gets full information from this command.

/usr/sbin/arp: arp allows you to view that table to see what kind of information your computer has cached, as well as to input or delete entries, in case of problems. When having DNS issues, an arp command with the -an option will list the entire table without resolving IP address to host names. arp is one way to get the MAC address of the NIC answering for a host.

Recommended Links

Softpanorama hot topic of the month

Softpanorama Recommended



Ethernet Codes - Michael A Patton's list of IEEE OUIs

OUI and Company ID Assignments - used to generate Universal LAN MAC addresses.



Q1. Fast Ethernet : Max distance for UTP and Fiber ?

a. 200m, 1000m

b. 1000m, 2000m

c. 100m, 1000m

d. 100m, 2000m

A:  D

Q2. How long is MAC address (bytes) ? How may bytes identifies the vendor?

a. 8,2

b. 6,3

c. 8,4

d. 6,2

A: B

Q3. What is a "preamble" in IEEE 802.3 frame?

a. an indication of the end of a frame

b. an indication of the start of a new frame

c. an indication of congestion

d. an indication of a corrupted frame

A: B

Q4. What does a "preamble" consist of ?

a. all 0s

b. all 1s

c. a 1 in the beginning and rest 0s

d. alternating 0s and 1s

A: D

Q5.  The two most popular carrier sensing schemes are Token passing and ""_______""".

A: CSMA/CD  (Carrier-Sense Multiple Access with Collision Detection)

Q6. This type of access method is generally used by Ethernet to regulate network traffic on a main cable segment.


Q7. Which network conforms to IEEE 802.3 specs and is currently is considered to be "standard Ethernet" ?

A: 100BaseTX

Q8: A frame greater than the MTU is known as:

a. runt

b. overhead

c. jabber

d. fragment

A: c 

Q9. ""______" is a device which  provide communication between the computer and the LAN cable and is directly connected to the vampire tap to which the cable is attached.

A: Transceiver


FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  


Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy


War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes


Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law


Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least

Copyright © 1996-2016 by Dr. Nikolai Bezroukov. was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case is down you can use the at


The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: July 07, 2013