Protocol Learning Vamei Blog Series 02 Small speakers start Broadcasting (Ethernet and WiFi protocol)

Vamei Source: Http://www.cnblogs.com/vamei Welcome reprint, Please also keep this statement. Thank you!

"The trumpet starts to broadcast", if you know this, you must be the older generation. "Little Horn" is a radio program for children from the 50 's to the 80 's. At the beginning of the program, there will be a kind of broadcast: "Children, small speakers began to broadcast!" "Hearing here, the children in front of the radio get excited and ready to listen to the program: This issue is the Ethernet (Ethernet) protocol and WiFi.

We said in the postman and post Office that Ethernet and WiFi are the two protocols of the connection layer. At the connection layer, the information is transmitted in frames (frame) . The frame wraps the data (payload) in the same way as an envelope and indicates the address and delivery address of the message. The connection layer enables the communication of the "local community". Let's take a look at the Ethernet frames first.

frame format for Ethernet

head, data (Payload) and

preamble

sfd

dst

SRC

type

payload (Data)

pad

fcs

extension

The frames are sent/received from beginning to end in the order above. We further explain the areas below.

Head

The first 7 bytes of the frame are called Preamble (Preamble). Each byte of it is 0xAA (this is hexadecimal, which is the binary 10101010). Usually, we are scheduled to send 0/1 sequences at a certain frequency (e.g. 10bit per second). If the receiving device is received at a different frequency (e.g. 5bit per second), then the 0/1 messages that should be received will be missed. However, because of the different network cards, both the sender and the receiver may be biased for physical reasons even if the booking is the same frequency. It's like two people meet at 10, and the result is a person who watches quickly, a person who watches slowly as well. The preamble is to allow the receiving device to adjust the frequency of reception so that it is consistent with the frequency of the transmitting device, which is called the Clock Recovery (recover).

(Just like before you listen to the radio, adjust the knob until the sound is clear.) The network card will continuously fine-tune its receiving frequency in the process of receiving the preamble until it "hears" it ... 1010 ...)

After the clock is adjusted, we wait for the starting signal of the frame (SFD, start frame delimiter). SFD is a fixed value of 0xAB. This 0xAB is like "The trumpet starts to broadcast", reminding us that the show is going to be staged.

Preamble and SFD

Immediately following the SFD is the destination of 6 byte ( DST, Destination) and 6 byte of the place (SRC, source). That's what we do in the postman and the Post office, and write the destination and the place for the envelope. Note that what is written on the envelope here is the "local description" of the address, which is the MAC address . The MAC address is the serial number that comes with the physical device and can only be identified in the same Ethernet (just as the postman is only familiar with his community).

The last area of the head is type, which describes the types of data parts. (for example, 0x0800 is ARP for ipv4,0x0806)

Data

Data typically contains data that conforms to higher-level protocols, such as IP packets. The connection layer protocol itself does not care what the data is, it is only responsible for transmission. Note that the tail of the data may be populated with a string of 0 (pad area). The reason is that the data needs to exceed a certain minimum length.

Tail

Following the data is the checksum sequence (FCS, Frame Check Sequence). The checksum sequence is to verify that the transmission of the data has occurred incorrectly. At the physical level, we use some physical signals to represent 0/1 sequences (such as high/low voltage, high frequency/low frequency, etc.), but these physical signals may be affected during transmission so that errors occur. How to find out if our data is correct?

One way to do this is to send the data two times and then compare the same. However, this greatly reduces the efficiency of the network. The FCS uses the CRC (Cyclic redundancy Check) algorithm. It was as if the owner of a restaurant had hired a cashier, but he was worried about the cashier's money. But every day the turnover is very big, the boss even if sits in the side to look, also cannot use remembers receives the total number. So he took a clever approach: just remember the last one to receive the money (for example, $19, the boss remembers 9). When new receipts (such as 13 and Mantissa are 3) are added, he adds the new mantissa and the old mantissa, remembering the mantissa (i.e. 2). When the cashier gives money to the boss, the boss can tell whether the cashier is honest by only looking at the last one in the sum. If our data is the total amount of the cashier, our FCS is the mantissa of the boss's record. If the two do not match, we know that the data in the process of transmission errors, can not be used.

There's FCS staring at the

The above analogy is actually the total amount of business divided by 10, to obtain the final mantissa. The CRC algorithm is similar. The N-bit CRC algorithm takes an n-bit factor, such as the following 1011. The end of the data series is increased by n-1 0. The factor and the data sequence are continuously XOR until the remainder of the n-1 bit is obtained, which is 100. The remainder is reversed (011) and stored in the FCS location.

11010011101100000<---Add 3 bits to the end of the data series 01011<---Factor01100011101100000<---XOR results1011<---Factor00111011101100000101100010111101100000101100000001101100000101100000000110100000101100000000011000  1011 00000000001110 000 1011 00000000000101 000 101 1-----------------00000000000000 100 < ---3-bit remainder        

The above example uses a 4-bit CRC. The factors used in the Ethernet are 32-bit, to achieve better detection results.

Hub vs. switch (switch)

Ethernet uses a hub or a switch to transfer frames from the emitted to the destination. There are multiple ports on a hub or switch, and each port can connect to a single computer (or other device).

Hubs like a radio station. One computer sends frames to a hub, and the hub forwards the frames to all other ports. Each computer checks that its MAC address is not compliant with DST. If not, keep silent. Hubs are relatively early Ethernet devices. It has obvious flaws:

1) The communication of any two computers is public on the same ethernet. All devices connected to the same hub can hear what others are transmitting, which is not safe. You can improve security by encrypting information.

2) multi-channel simultaneous communication is not allowed . If both computers send a message to the hub at the same time, the hub sends "conflicting" messages to all devices, alerting the conflict. The conflict detection algorithm can be added on the device (collision detection): Once the device is found to be in conflict, it is randomly waiting for some time to resend.

The exchanger overcomes the defect of the hub. The Exchanger records the MAC address of each device. When a frame is sent to a switch, the switch checks DST and then sends the frame only to the corresponding port. The switch allows simultaneous communication of multiple routes . Because of the advantages of the exchanger, the exchanger basically replaces the hub. But older Ethernet may also be using hubs.

Here's a video from Cisco that explains both of these devices more visually

Http://v.youku.com/v_show/id_XNDgwNTQ5OTI4.html?firsttime=0

WiFi

WiFi works like Ethernet under a hub connection. One WiFi device sends frames to all WiFi devices, and other WiFi devices check if they are compliant with DST. Because WiFi takes radio signals, it's hard to send it like a switch, so the security of WiFi is worth paying attention to. WiFi uses an encryption method to achieve the security of information.

(The early WEP encryption method is very fragile and it is recommended to use WPA or WPA2 encryption methods.) The method of hiding the WiFi device ID is not very useful. )

Summary

We went into some details of the connection layer protocol. The connection layer is a physical and logical interface that is designed to take into account physical requirements (such as clock recovery, CRC) and logical requirements (such as address, data). Because the connection layer is at the bottom of the network logic, there are many attack methods based on the connection layer, which requires us to have some understanding of the working mode of the connection layer in order to design a better network security policy.

Welcome to the "Protocol Forest" series

Protocol Learning Vamei Blog Series 02 Small speakers start Broadcasting (Ethernet and WiFi protocol)