Softpanorama
May the source be with you, but remember the KISS principle ;-)

Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Ethernet Protocol

(Adapted from Lecture notes for FDU students by Professor Nikolai Bezroukov)

News Recommended Links FAQs Reference Solaris ifconfig netstat
Autonegotiation ethtool Ethernet Codes: Vendor codes Quiz Humor Etc

Summary

Introduction

CSMA/CD Access Method

 

Half-duplex and Full Duplex Mode

Ethernet Statistics

Ethernet Addresses

Ethernet frame format

Maximum Transfer Units

Ethernet Frame Errors

IP Configuration

Troubleshooting


Summary

Introduction

At its most basic form, a network consists of two computers that connect to each other to collaborate on a particular task. These collaborative tasks range from simple file transfers to the complex tasks of distributed computing or clustering.

There are two basic parts to a network: the physical medium and the network protocol. The physical medium employed in a network varies, depending on how you need to connect your computers, and how much you are willing to spend. Some of the common methods used for computer connectivity include:

Ethernet is a baseband networking technology that has been defined by various standards. Ethernet is the most dominant LAN technology:

A baseband technology devotes the entire bandwidth of the media to one channel. Simplistically, bandwidth can be defined as a measure of network capacity - the greater the available bandwidth, the greater the network's resilience to loading. The inclusion of the word "base" in 10BaseT, 10Base5 etc., simply refers to Ethernet's baseband nature. The most common IEEE media identifiers are:

Ethernet was designed as a packet-switching LAN over broadcast technology. Devices connect to the network and compete for access to a shared communications channel. The IEEE 802.3 standard for Ethernet was defined in 1985. Ethernet standards are implemented at the Network Interface layer of the TCP/IP protocol model. The three major elements of Ethernet networks are:

There are no levels of priority for transmission. All computers on an Ethernet network are considered equal in terms of their access to the media. Unless it is switched :

Even if two networks are using the same medium, they can be using two completely different protocols or methods of communication. Some protocols used in today's networks include:

CSMA/CD Access Method

Partly derived from Federal Standard 1037C and Wikipedia Article

Carrier Sense Multiple Access With Collision Detection (CSMA/CD) is a network control protocol in which

CSMA/CD is a modification of pure Carrier Sense Multiple Access (CSMA). In CSMA/CD, sending nodes are able to detect when a collision occurs and stop transmitting immediately, backing off for a random amount of time before trying again. This results in much more efficient use of the media since the bandwidth of transmitting the entire frame is not wasted. However, it is not possible with all media (e.g., radio), and requires extra electronics (not an issue with today's technology, but one reason Apple used CSMA/CA-based LocalTalk instead of the then much more expensive Ethernet).

Collision detection is used to improve CSMA performance by terminating transmission as soon as a collision is detected, and reducing the probability of a second collision on retry.

Methods for collision detection are media dependent, but on an electrical bus such as Ethernet, collisions can be detected by comparing transmitted data with received data. If they differ, another transmitter is overlaying the first transmitter's signal (a collision), and transmission terminates immediately. A jam signal is sent which will cause all transmitters to back off by random intervals, reducing the probability of a collision when the first retry is attempted.

Ethernet is the classic CSMA/CD protocol. Non-switched Ethernet uses a broadcast delivery mechanism in which each frame that is transmitted is heard by every station. CSMA/CD is an arbitrary access method that provides a method to detect and recover from simultaneous transmissions. Each interface monitors the network for a carrier signal (Carrier Sense). During a gap between transmissions, each interface has an equal chance to transmit data (Multiple Access). If two interfaces try to transmit data at the same time, the transceiver circuitry detects a transmit collision (Collision Detection). Both interfaces must wait a short period of time before they attempt to resend data. The wait period is determined by using an exponential back-off algorithm.

Algorithms of CSMA/CD accesses the network was originally developed for the original Ethernet topology. Ethernet originally consisted of a single-wire, bidirectional backbone. The theory of operation is still the same today, but Ethernet topologies use more advanced components that allow a higher transmission rate.

  1. The host has a message
  2. Is there traffic on the network. If yes go to step 2 (loop until no traffic )
  3. The host sends the message
  4. Was there a collision ? If no -- success go to step 7.
  5. Send the jam signal
  6. Wait. Back off exponentially. Then go to step 2 (collision loop)
  7. Success

See also the similar Carrier sense multiple access with collision avoidance (CSMA/CA) protocol.

Half-duplex and Full Duplex Mode

A duplex communication system is a system composed of two connected parties or devices which can communicate with one another in both directions. (The term duplex is not used when describing communication between more than two parties or devices.)

Duplex systems are employed in nearly all communications networks, either to allow for a communication "two-way street" between two connected parties or to provide a "reverse path" for the monitoring and remote adjustment of equipment in the field.

Ethernet Statistics

Netstat command displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, netstat displays active TCP connections.

netstat [-a] [-i] [ -e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval]

Where:

Examples:

Collision rates

A collision is the mechanism used by Ethernet to control access and allocate shared bandwidth among stations that want to transmit at the same time on a shared medium. Because the medium is shared, a mechanism must exist where two stations can detect that they want to transmit at the same time. This mechanism is collision detection.

Collision rates higher then 5% on 10-Mbps LAN and 10% on 100-Mbps LAN are first indications of the network overload.

Switches minimize collisions so this is not a problem in modern LAN.

Input/Output Errors

If netstat reports significant number of i/o errors this is usually indication of duplicate IP address on the network. Other possible reasons include faulty cable of RJ45 jack, a faulty port of the network switch or a faulty LAN card in the computer.

Ethernet Addresses

This material is partially copied from SA-300-S10 Sun Solaris network administration manual

An Ethernet address is the deviceís unique hardware address. An Ethernet address is sometimes referred to as a media access control (MAC) address. An Ethernet address is 48 bits long and is displayed as 12 hexadecimal digits (six groups of two digits) separated by colons. An example of an Ethernet address is  44-45-53-54-42-00

The IEEE specification enables the vendor to decide whether to use the host-based addressing approach or the port-based addressing approach. By default, Sun uses host-based addressing on its networks interface cards (NICs).

The network interface drivers in Sun systems obtain the Ethernet address for the Ethernet interface from a systemís hardware. For example, desktop systems use the address in the nonvolatile random access memory (NVRAM) chip, while some large server systems obtain their address from a special board installed in the system. By default, all interface addresses on a system use just one Ethernet address, either the NVRAM or the special board, even though each Ethernet interface controller has a built-in Ethernet address.

For systems configured to have more than one interface on the same physical subnet, you need a unique Ethernet address that is different from the primary host-based assigned Ethernet address.

There are three types of addresses: unicast, broadcast, and multicast.

Setting a Local Ethernet Address

In todayís network environments, many systems have multiple interfaces, often on the same subnet or collision domain. Because an Ethernet address targets systems, each interface on the same network or subnet on a multi-interface system must have a unique Ethernet address. Sun network adapters have local Ethernet addresses encoded in their programmable read-only memories (PROMs).

To view the current host-based Ethernet address, perform the command at the ok prompt:

ok banner
Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 360MHz), No Keyboard
OpenBoot 3.19, 128 MB (50 ns) memory installed, Serial #12153379.
Ethernet address 8:0:20:b9:72:23, Host ID: 80b97223.
ok

To display the Ethernet address assigned to each interface, perform the command:

# ifconfig -a


lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000


hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.30.31 netmask ffffff00 broadcast 192.168.30.255
ether 8:0:20:b9:72:23


qfe0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
ether 8:0:20:b9:72:23

Set the local-mac-address? variable in the systemís electrically erasable programmable read-only memory (EEPROM) to enable the use of port-based Ethernet addresses.

To view the contents of the EEPROM for the definition of the local-mac-address? variable, perform the command:

# eeprom local-mac-address?
local-mac-address?=false

You can set the local MAC address to true, which enables network drivers to use their own port-based addresses after reboot and not the system default host-based addressing by performing the command:

# eeprom local-mac-address?=true

The ifconfig ether command can also configure port-based addressing. This might be necessary if the interface card cannot supply its own unique Ethernet address. You can change the interface Ethernet address of 8:0:20:f0:ac:61 from a globally assigned Ethernet address to a locally assigned address of 0a:0:20:f0:ac:61 by changing the seventh bit to 1, and assigning a local unique number to the last 3 bytes.

To change the Ethernet address, perform the command:

# ifconfig hme1 ether 0a:0:20:f0:ac:61

To verify a change in the Ethernet address, perform the command:

# ifconfig hme1
hme1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.30.31 netmask ffffff00 broadcast 192.168.30.255
ether a:0:20:f0:ac:61

This change of the Ethernet address is effective until you reboot the system. To make the change permanent, modify the /etc/rc2.d/S72inetsvc script by using the ifconfig command with the correct Ethernet address.

Ethernet frame format

This material copied from IBM Redbook

Know how to interpret the data contained in your Ethernet frames by understanding the frame formatting.

While tracing LAN communications, you might need to look at the transmitted frames. To understand the data that is contained in the frame, you must know how it is formatted. The figures below show the frame format of two Ethernet standards: IEEE 802.3 and Ethernet version 2.

The Frame Check Sequence (FCS) is a part of the frame put in place to verify that the information each frame contains is not damaged during transmission. If a frame is corrupted during transmission, the FCS on the frame will not match with the recipient's calculated FCS. Any frames that do not match the calculated FCS will be discarded.

IEEE 802.3 frame format

Starting Delimiter (1 byte) Destination Address (6 bytes) Source Address (6 bytes) Length (2 bytes) LLC header and Information field (46 - 1500 bytes) Frame Check Sequence (4 bytes)

Ethernet version 2 frame format

Starting Delimiter (1 byte) Destination Address (6 bytes) Source Address (6 bytes) Type (2 bytes) Information field (46 - 1500 bytes) Frame Check Sequence (4 bytes)

Ethernet version 2 supports SNA by placing the IEEE 802.2 LLC header and data into the information field. It also puts value X'80D5' into the Type field. This shows the frame format.

Starting Delimiter Destination Address Source Address Type (80D5) Information field (Length, Padding, LLC header, Data) Frame Check Sequence

Maximum Transfer Units

The maximum transfer unit (MTU) is the largest amount of data that can be transferred across a physical network. The Ethernet MTU is hardware  specific. For a physical Ethernet interface, the MTU is 1500 bytes, while the MTU is 8232 bytes for a loopback interface. The loopback interface is a pseudo device that communicate or loops back to the host itself.

Ethernet Frame Errors

Ethernet frames can be significantly damaged when they traverse a network. When a host receives a frame, the Ethernet interface performs integrity checking to verify Ethernet frame validity. Some of these error conditions are:

Our scenario assumes a second NIC is being installed into a previously configured networked system. Before installing the new hardware, save the current system configuration by running prtconf -vD. The output of this command can be extensive on larger systems, so it's best to direct the output of prtconf to a file.

After physically installing the new hardware, boot the system with the -r option from the OK prompt. This will have the system scan for new hardware and build the device driver directories accordingly. When that has been completed, run prtconf -vD again and compare its content to the previous execution's results. If a new device doesn't show up, consult the instruction manual for that device as it may require a new driver to be installed or some other special action specific to that hardware.

The name of a NIC is the driver abbreviation with the instance number (a consecutive number starting from 0 counting each device that uses that driver). If you cannot tell which driver runs your hardware, consult the NIC card's manual.

The results of an ifconfig -a show us the current state of the network devices:

lo0: flags=1000849 mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
hme0: flags=1000843 mtu 1500 index 2
        inet 192.168.1.100 netmask ffffff00 broadcast 192.168.1.255
        ether 

The built in NIC (instance #0) had previously been configured, and lo0 is an instance of the local loopback address. Since hme1 doesn't show up, it means it has yet to be initialized and configured.

IP Configuration

Persistent IPv4 Configuration

In order to have the system configure our NIC at boot, the first step is to get an IP address and subnet mask. In our case, we are going to put this second NIC into a different IP range than the original NIC. Our first NIC is in the 192.168.1.x network, so we will put the new NIC into the 192.168.2.x network. Both of these networks have a subnet mask of 255.255.255.0. Note: Always make sure the assigned IP is not already taken up by another machine; to do so, use ping from a machine already configured in that network.

Next we add a line to the /etc/hosts file for our new card:

192.168.2.100		host2.mydomain.com		host2

Now, we create a file in /etc that is named hostname. For example, our first NIC's file is /etc/hostname.hme0. Our new device, hme1, will need the file /etc/hostname.hme1. In this file, we will put the name associated with the IP (as found in the /etc/hosts file). It should be the first name in the /etc/hosts file. In our scenario, /etc/hostname.hme1 should contain:

host2.mydomain.com

Then we edit the /etc/netmasks file for our new network:

192.168.2.0	255.255.255.0

Reboot the system, and your network card has been configured for the new network with the proper subnet mask. You can check it by running an ifconfig -a again:

lo0: flags=1000849 mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
hme0: flags=1000843 mtu 1500 index 2
        inet 192.168.1.100 netmask ffffff00 broadcast 192.168.1.255
        ether 
hme1: flags=1000843 mtu 1500 index 3
        inet 192.168.2.100 netmask ffffff00 broadcast 192.168.2.255
        ether 

Non-Persistence IPv4 Configuration

To configure the NIC without having to reboot (having previously installed the hardware), you first need to initialize or plumb the network card:

	ifconfig hme1 plumb

Then you configure the device:

	ifconfig hme1 192.168.2.100 netmask 255.255.255.0

Now, you just bring the NIC online.

	ifconfig hme1 up

Your network card is now up and running. You will still need to make the preceding file modifications or your card will not be configured upon reboot.

IPv6 Configuration

Almost everything with IPv6 is designed to be automatic. All that is needed is to tell the system that IPv6 is to be used, and it will handle the rest. To configure it at boot (persistent), execute the following command:

	touch /etc/hostname6.interface 

To enable IPv6 at the command line (which will be lost when the system reboots), run the following commands:

	ifconfig  inet6 plumb
	ifconfig  inet6 up

Troubleshooting

The following is a collection of tools that might be useful for troubleshooting of  networking problems:

 /bin/netstat: Many netstat options are useful in troubleshooting. Some examples

/usr/sbin/snoop: Root can run snoop to capture network traffic and display packet content on the screen. Snoop is useful for finding malfunctioning NICs flooding the network or for ensuring that DHCP is working properly. Before you configure a NIC, you can run snoop to verify that you are seeing packets flowing through your NIC that is, the cable/NIC/switch port are working), and the IP addresses of those packets are consistent with what is expected for the NIC's new network. Some examples:

/sbin/ifconfig:  An ifconfig -a will give you information about all NIC, including IP address (inet), subnet mask (netmask), and if run as root, the MAC address (ether). Please note that only root gets full information from this command.

/usr/sbin/arp: arp allows you to view that table to see what kind of information your computer has cached, as well as to input or delete entries, in case of problems. When having DNS issues, an arp command with the -an option will list the entire table without resolving IP address to host names. arp is one way to get the MAC address of the NIC answering for a host.

Recommended Links

Softpanorama Top Visited

Softpanorama Recommended

FAQs

Reference

Ethernet Codes - Michael A Patton's list of IEEE OUIs

OUI and Company ID Assignments - used to generate Universal LAN MAC addresses.

 

Quiz

Q1. Fast Ethernet : Max distance for UTP and Fiber ?

a. 200m, 1000m

b. 1000m, 2000m

c. 100m, 1000m

d. 100m, 2000m

A:  D

Q2. How long is MAC address (bytes) ? How may bytes identifies the vendor?

a. 8,2

b. 6,3

c. 8,4

d. 6,2

A: B

Q3. What is a "preamble" in IEEE 802.3 frame?

a. an indication of the end of a frame

b. an indication of the start of a new frame

c. an indication of congestion

d. an indication of a corrupted frame

A: B

Q4. What does a "preamble" consist of ?

a. all 0s

b. all 1s

c. a 1 in the beginning and rest 0s

d. alternating 0s and 1s

A: D

Q5.  The two most popular carrier sensing schemes are Token passing and ""_______""".

A: CSMA/CD  (Carrier-Sense Multiple Access with Collision Detection)

Q6. This type of access method is generally used by Ethernet to regulate network traffic on a main cable segment.

A: CSMA/CD

Q7. Which network conforms to IEEE 802.3 specs and is currently is considered to be "standard Ethernet" ?

A: 100BaseTX

Q8: A frame greater than the MTU is known as:

a. runt

b. overhead

c. jabber

d. fragment

A: c 

Q9. ""______" is a device which  provide communication between the computer and the LAN cable and is directly connected to the vampire tap to which the cable is attached.

A: Transceiver




Etc

Society

Groupthink : Understanding Micromanagers and Control Freaks : Toxic Managers : BureaucraciesHarvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Two Party System as Polyarchy : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

Skeptical Finance : John Kenneth Galbraith : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Oscar Wilde : Talleyrand : Somerset Maugham : War and Peace : Marcus Aurelius : Eric Hoffer : Kurt Vonnegut : Otto Von Bismarck : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Oscar Wilde : Bernard Shaw : Mark Twain Quotes

Bulletin:

Vol 26, No.1 (January, 2013) Object-Oriented Cult : Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks: The efficient markets hypothesis : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

 

The Last but not Least


Copyright © 1996-2014 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine. This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting hosting of this site with different providers to distribute and speed up access. Currently there are two functional mirrors: softpanorama.info (the fastest) and softpanorama.net.

Disclaimer:

The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: July 07, 2013