Practical Computing Advice and Tutorials

Sun: 26 May 2019

Site Content


Technical Knowhow

Command Line Interface



Ethernet (conceived in May 1973) is the technology we use for computer-to-computer communication. While we're all aware (or we should be aware) of the possible insecurities of a WAN (Wide Area Network) such as the Internet, it's maybe less obvious, the insecurities, of a LAN (Local Area Network).

A family of standards defined by the IEEE (Institute of Electrical and Electronics Engineers) that, together, define the cabling, the connectors, the protocol rules, the physical and data link layers of the TCP/IP model, and everything else required to create an Ethernet LAN. This standard is prefixed with IEEE 802.3

As a solo user of a LAN, you only have to keep others from accessing your LAN, by being behind a NAT Router and by running a secure WAP, but very few people are 'solo users'. You should be able to trust other users on a home LAN, but what about in your office or at a Cafe? We're all so used to simply connecting to a network and just getting on with our business, we tend to disregard what's happening on the LAN side of things.

Ethernet was never designed to be a secure way of sending data across a computer network; it simply didn't occur to the inventors that it would ever need to be. Fast-forward to the 21st Century.

The issue is that it's possible to join a LAN without any authentication. You may believe that because you're using an encrypted connection to a WAP, that you're safe, in so much as nobody else will be able to 'see' what you're doing, but this perception is incorrect: The only data that's encrypted is the data flowing between your device and the WAP. The WAP is, in turn, connected to a Ethernet LAN, and anyone that has access to that LAN, has access to your data.

Although the Router, the Switch and the WAP are shown as separate devices, typically the devices are incorporated into the one unit, with a domestic or SOHO set-up. The ports on the back of a 'Internet Router' are in fact 'Switch Ports'.

As you'll see it doesn't take long, when explaining this kind of technology, before one starts to tumble down a deep rabbit hole; I'll try to be as brief as possible, while providing some detail.

The Networking Model

To fully understand what Ethernet is, you need to understand where it fits in to the networking model.

OSI Model TCP/IP Model Protocols & Specifications Devices
  L7: Application   L5: Application Telnet, HTTP, FTP, SMTP, POP3, VoIP, SNMP Hosts, Firewalls
  L6: Presentation
  L5: Session
  L4: Transport   L4: Transport TCP, UDP Hosts, Firewalls
  L3: Network   L3: Network IP Routers
  L2: Data Link   L2: Data Link Ethernet (IEEE 802.3) HDLC Switches, WAP, Cable Modems, DSL Modems
  L1: Physical   L1: Physical RJ-42 Ethernet (IEEE 802.3) Hubs, Repeaters, Cables

The entire world of computer networks is built on the concept of 'Layers'. In fact, you'll find that this concept is also applied to the design of applications; each layer being built on the last, passing data from one layer to the next.

Ethernet (L2) A.K.A: the Data Link layer sits between L1 (the Physical Layer, which moves data bits between devices, specifies voltage, wire speed and the 'pinout' of cables. It's the 'Physical topology' of the network) and L3 (the Network Layer, which provides logical addressing that Routers use for path determination and is where the 'IP' part of the 'TCP/IP' protocol sits). In fact, there are two sub-levels to L2, which are the LLC Layer and the MAC Layer, but this is where the rabbit hole takes you, if you follow it all the way.

The Application Layer is where data required by a client application is created by a host application (e.g. a web page), encapsulating that data with a layer header, if required, (e.g. in the case of a web page, the 'HTTP OK' message) together with the required data produced by the application, before passing all of it down to...

The Transport Layer, which, in turn, encapsulates that data inside a transport layer header (typically a TCP [Transmission Control Protocol] or UDP [User Datagram Protocol] header for end-user applications) forming a 'Segment'. This is again passed to the next layer down...

The Network Layer forms a 'Packet' by adding a IP Header, which identifies both originating and destination computers. The data Packet is then handed down to the Data Link Layer.

The Packet is now encapsulated by the Data Link Layer, with a Link Header and a Link Trailer, forming an Ethernet 'Frame' ready for transmission.

The Ethernet Frame is then transmitted as bits over whatever medium the Physical Interface supports, to be received at the destination, where the entire process is reversed.

Ethernet Data Frame

Ethernet Data Frame


Preamble: Informs the receiving system that a Frame is starting and enables synchronisation. This is a seven octet alternating bit pattern of zeros and ones and provides a 5 MHz synchronisation clock signal at the start of each packet, which allows the receiving devices to lock to the incoming bit stream.

Start Frame Delimiter (SFD): Signifies that the Destination MAC address begins with the next Byte. The SFD is 10101011, where the last pair of 1s allows the receiver to come into the alternating 1,0 pattern somewhere in the middle and still sync up to detect the beginning of the data.

Destination MAC (DA): Identifies the receiving system. This transmits a 48-bit value using the least significant bit (LSB) first. The DA is used by receiving stations to determine whether an incoming packet is addressed to a particular node. The destination address can be an individual address or a broadcast or multicast MAC Address.

Source MAC (SA): Identifies the sending system. The SA is a 48-bit MAC address used to identify the transmitting device, and it uses the least significant bit first. Broadcast and Multicast address formats are illegal within the SA field.

Type: Defines the type of protocol inside the Frame. E.g: In the case of the Ethernet Data Frame encapsulating an IP Data Packet the Type would be 0x0800 for IPv4 and 0x86DD for IPv6. If the Ethernet Data Frame is encapsulating an ARP request, the Type would be 0x0806.

Data and Pad: Contains the payload data. Padding is added to meet the minimum required length, 46-Bytes, the maximum size (MTU) being 1500-Bytes.


Frame Check Sequence (FCS): Contains a 32-bit Cyclic Redundancy Check (CRC) which allows detection of corrupted data. The CRC is a mathematical algorithm that's run when each frame is built based on the data in the frame (a 'finger print', if you will). When a receiving host receives the frame and runs the CRC, the answer should be the same. If not, the frame is discarded, assuming errors have occurred.

An illustration of a L3: Data Packet encapsulated in a L2: Data Frame

L2: Ethernet Data Frame
Preamble: 7 Bytes SFD: 1 Byte DA: 6 Bytes SA: 6 Bytes Type: 08|00
Data & Pad: 46 – 1500 Bytes
L3: IPv4 Data Packet
Priority and Type of Service (8-bits) Total Lenght (16-bits)
Identification (16-bits) Flags (3-bits) Fragmented Offset (13-bits)
Time To Live (8-bits) Protocol (8-bits) Header Checksum (16-bits)
Source IP Address (32-bits)
Destination IP Address (32-bits)
Options, if any (0 – 32-bits)
Data, if any (Variable)
FCS: 4 Bytes

Note: Ethernet defines the process of detecting errors (error detection), but not error recovery.