CCNA | Ethernet Lans Switching | 6

Ethernet Frame Details

Overview of Ethernet Frames

• Preamble and SFD are not considered part of the Ethernet header but are sent with every Ethernet frame.

• Ethernet Header Components:

  • Destination MAC Address: Identifies the intended recipient.

  • Source MAC Address: Identifies the sender.

  • Type: Indicates the protocol encapsulated in the frame.

• The size of the Ethernet header plus trailer is 18 bytes (preamble and SFD excluded).

Minimum Size Requirements

• Minimum Ethernet frame size is 64 bytes, including the encapsulated payload.

• This means the minimum payload of the packet is 46 bytes (64 bytes - 18 bytes header size).

• If the packet payload is less than 46 bytes, padding bytes (zeros) are added to meet the minimum size.

  • Example: A 34-byte packet requires 12 bytes of padding.

Network Topology Update

Modifications to the Network

• Updated interfaces from Fast Ethernet to Gigabit Ethernet (g00, g01, g02).

• More realistic MAC addresses used instead of generic examples:

  • Common OUI: 0C2F (indicates all PCs are from the same manufacturer).

  • Unique identifiers for each PC: e.g., PC1 = 9D00, PC2 = 6200.

IP Address Configurations

• Each PC is assigned an IP address:

  • PC1: 192.168.1.1

  • PC2: 192.168.1.2

  • PC3: 192.168.1.3

  • PC4: 192.168.1.4

Understanding ARP (Address Resolution Protocol)

ARP Functionality

• ARP is used to resolve layer three IP addresses into layer two MAC addresses.

• The ARP process includes:

  • ARP Request (broadcast): Sent when a device needs to find another device's MAC address.

  • ARP Reply (unicast): Sent in response to an ARP request, providing the necessary MAC address.

ARP Request Process

• When PC1 wants to send to PC3:

  1. PC1 does not know PC3's MAC address (only has IP: 192.168.1.3).

  2. PC1 broadcasts an ARP request with destination MAC set to FF:FF:FF:FF:FF:FF.

  3. Switch learns PC1's MAC address and adds it to its MAC address table.

  4. Other devices (e.g., PC2, PC4) ignore the request if their IP does not match.

  5. PC3 responds with an ARP reply directly to PC1 with its MAC address.

Frame Processing by Switches

• Switches forward frames (broadcast or unicast) based on MAC addresses:

  • When PC1 sends an ARP request:

    • Switch forwards it out of g01 and g02, except the interface it's received on.

  • When PC3 replies:

    • Switch sends the unicast frame back to PC1 based on the MAC address table.

ICMP and the Ping Utility

ICMP Overview

• ICMP (Internet Control Message Protocol) is used to send control messages, including echo requests and echo replies (ping).

• The ping command tests reachability between hosts in a network and measures round-trip time.

Ping Process

• When using ping:

  1. The source must have the destination MAC address (learned via ARP).

  2. Send an ICMP Echo Request to the destination IP.

  3. Receive an ICMP Echo Reply if the destination is reachable.

• Example ping command: ping 192.168.1.3.

Example Output from Ping

• The output shows:

  • Number of echoed requests sent/received.

  • Success rate of packets.

  • Round trip time statistics (minimum, average, maximum).

• Initial ping may fail if ARP hasn't resolved the MAC address yet.

Analyzing with Wireshark

Wireshark Integration

• Wireshark can capture and analyze packets in real-time to show ARP and ICMP traffic.

• Capture or PCAP. It listens to a network connection in real time and it grabs entire streams of traffic

• Filtering: Wireshark is cable of slicing and dicing all of this random data using filters. By applying a filter you can obtain just the information you need to see.

• Visualization: Dive right into the middle of a network packet. It also allows you visualize entire networks and conversatios.

MAC Address Table in Cisco Switches

• Command: show mac address-table to view the MAC addresses learned by the switch.

• Dynamic Entries: Entries learned through traffic (removed after 5 minutes of inactivity).

• Can clear entries with commands like:

  • clear mac address-table dynamic

  • clear mac address-table dynamic address [MAC]

  • clear mac address-table dynamic interface [interface]

Key Takeaways

• Understanding Ethernet frames and the role of ARP is crucial for effective LAN switching and communication.

• Ability to analyze network traffic with tools such as Wireshark is vital for troubleshooting.

• Using ping helps check connectivity in a network and is foundational for network administration.