【My Study Note】Dissecting an Ethernet Frame
Dissecting an Ethernet Frame
A data packet is an all-encompassing term that represents any single set of binary data being sent across a network link.
The term data packet isn’t tied to any specific layer or technology. It just represents a concept. It’s just one set of data sent from point A to Point B.
Ethernet Frames
Data packets at the Ethernet level are known as Ethernet frames.
An Ethernet frame is a highly structured collection of information presented in a specific order. This way network interfaces at the physical layer can convert a string of bits, traveling across a link into meaningful data or vice versa.
Almost all sections of an Ethernet frame are mandatory and most of them have a fixed size.
Preamble
The first part of an Ethernet frame is known as the preamble. A preamble is 8 bytes (64 bits) long and can itself be split into two sections.
The first seven bytes are a series of alternating ones and zeros. These act partially as a buffer between frames and can also be used by the network interfaces to synchronize internal clocks they use, to regulate the speed at which they send data.
This last byte in the preamble is known as the SFD (Start Frame Delimiter). This signals to a receiving device that the preamble is over and that the actual frame contents will now follow.
Mac Address
Immediately following the SFD, the destination MAC address comes. This is the hardware address of the intended recipient. Which is then followed by the source MAC address, or where the frame originated from.
Additionally, each MAC address is 48 bits (6 bytes) long.
EtherType Field
It’s 16 bits long and used to describe the protocol of the contents of the frame.
Instead of the EtherType field, you could also find what’s known as a VLAN header. It indicates that the frame itself is what’s called a VLAN frame. If a VLAN header is present, the EtherType field follows it.
VLAN (Virtual LAN)
VLAN (Virtual LAN) is a technique that lets you have multiple logical LANs operating on the same physical equipment. Any frame with a VLAN tag will only be delivered out of a switch interface configured to relay that specific tag.
This way you can have a single physical network that operates like its multiple LANs. VLANs are usually used to segregate different forms of traffic. So you might see a company’s IP phones operating on one VLAN, while all desktops operate on another.
Data Payload
After this, you’ll find a data payload of an Ethernet frame. A payload in networking terms is the actual data being transported, which is everything that isn’t a header.
The data payload of a traditional Ethernet frame can be anywhere from 46 to 1500 bytes long.
This contains all of the data from higher layers such as the IP, transport, and application layers that are actually being transmitted.
Frame Check Sequence
Following that data, we have what’s known as a frame check sequence. This is a 4-byte (32-bit) number that represents a checksum value for the entire frame.
This checksum value is calculated by performing what’s known as a cyclical redundancy check against the frame.
A CRC (Cyclical Redundancy Check) is an important concept for data integrity and is used all over computing, not just network transmissions. A CRC is basically a mathematical transformation that uses polynomial division to create a number that represents a larger set of data.
Anytime you perform a CRC against a set of data, you should end up with the same checksum number. The reason it’s included in the Ethernet frame is so that the receiving network interface can infer if it received uncorrupted data.
When a device gets ready to send an Internet frame, it collects all the information we just covered, like the destination and originating MAC addresses, the data payload, and so on. Then it performs a CRC against that data and attaches the resulting checksum number as the frame check sequence at the end of the frame.
This data is then sent across a link and received at the other end and the receiving side performs a CRC against that data.
If the checksum computed by the receiving end doesn’t match the checksum in the frame check sequence field, the data is thrown out.
This is because some amount of data must have been lost or corrupted during transmission. It’s then up to a protocol at a higher layer to decide if that data should be retransmitted. Ethernet itself only reports on data integrity. It doesn’t perform data recovery.