|
|
 Parent Directory
| OSI View of Ethernet, IP, TCP & other selected protocols
Brett Lee
================================================================================
I. Ethernet / IP Data Structures
-------------------------------------
(- TCP -) (- UDP -)
Application Layer = Stream Message
Transport Layer = Segment Datagram
Internet Layer = Datagram Datagram
Data Link Layer = Frame Frame
II. Summary of the OSI Model Layers
-------------------------------------
--------------------------
| Application Data |
--------------------------
Application -------------------------------
Layer | AH | Application Data |
-------------------------------
Presentation ------------------------------------
Layer | PH | |
------------------------------------
Session -----------------------------------------
Layer | SH | |
-----------------------------------------
Transport ----------------------------------------------
Layer | TH | |
----------------------------------------------
Network ---------------------------------------------------
Layer | NH | |
---------------------------------------------------
Data ---------------------------------------------------------------
Link | DLH | | DLT |
Layer ---------------------------------------------------------------
Physical ....................1010101010.................................
Layer
II. Inside the Layers / Headers
-------------------------------------
A. Physical Ones and Zeros in some Encoding Scheme
e.g. Manchester Encoding
- always changes the signal mid-bit, but
if the signal starts where it left off it is a ONE
if not, it is a ZERO
e.g. 2&3. Return to Zero (RZ) and non Return to Zero (NRZ)
B. Data Link Layer
1. 802.3 Ethernet Frames (pre-1987)
--------------------------
|Destination| Source | L |LLC - DATA |FCS|
| 6 | 6 | 2 | ? - ??-1500 | 4 | Total = 1518 bytes
* Contains an LLC in the IP datagram. LLC contains a DSAP value to
* "steer" the packet up the right protocol stack.
- Preamble (8 bytes)
- 7 bytes of 10101010
- 1 byte of 10101011 (SOFD - Start of Frame Delimiter)
- Destination Address (6 bytes)
- Source Address (6 bytes)
- Length (2 bytes)
- Length used in 802.3 Ethernet
- this specifies the packet length
- Data (46 bytes - 1500 bytes)
- Contain an 802.2 LLC header at the beginning of the IP Data
section to direct the payload up the proper network stack.
- Padding (hopefully ALL ZERO's) may be used to ensure the
minimum frame length of 64 bytes (including FCS).
Reason for this is to to ensure that the preamble travels
to the farthest node before the end of the FCS is transmitted.
- Checksum / FCS (4 bytes)
2. Ethernet II Frames
--------------------------
|Destination| Source | T | DATA |FCS|
| 6 | 6 | 2 | 46-1500 | 4 | Total = 1518 bytes
* Length field is replaced with type field. Length field is < 0x0600
whereas type field is >= 0x6000. Length field replaces DSAP value
and eliminates need for LLC.
- Preamble (8 bytes)
- 7 bytes of 10101010
- 1 byte of 10101011 (SOFD - Start of Frame Delimiter)
- Destination Address (6 bytes)
- Source Address (6 bytes)
- Type (2 bytes)
- Type (aka. Ethertype) used in Ethernet V2 Frame
- this field allows delivery of the frame to the proper
network protocol stack above the Data Link Layer,
thus, there is no 802.2 LLC header.
SNAP exists for the purpose of encapsulating Ethernet V2
frames into standard IEEE 802.2 frames.
- Data (46 bytes - 1500 bytes)
- 46 byte minumum (padding used to ensure that the preamble
travels to the farthest node before the FCS is transmitted).
- Checksum / FCS (4 bytes)
3. 802.1p/d/q Ethernet Frames
--------------------------
|Destination| Source |VLAN|T/L| DATA |FCS|
| 6 | 6 | 4 | 2 | 46-1500 | 4 | Total = 1522 bytes
* 802.1Q increased Max frame size to 1522 bytes - plus preamble
* Note that if the frame is 802.3, the "Length" field will still be
followed by the LLC.
- Preamble (8 bytes)
- 7 bytes of 10101010
- 1 byte of 10101011 (SOFD - Start of Frame Delimiter)
- Destination Address (6 bytes)
- Source Address (6 bytes)
- VLAN Tag (4 bytes)
- VLAN Protocol ID (1 byte)
- Tag Control Info (1 byte)
- Priority (3 bits)
- CFI (1 bit)
- indicates if Source Routing Information exists
- CFI=0 means NO, is the most common case
- VLAN Identifier (12 bits)
- Length / Type (2 bytes)
- Length used in 802.3 Ethernet
- this specifies the packet length
- Type (aka. Ethertype) used in Ethernet V2 Frame
- this field allows delivery of the frame to the proper
network protocol stack above the Data Link Layer,
thus, there is no 802.2 header.
SNAP exists for the purpose of encapsulating Ethernet V2
frames into standard IEEE 802.2 frames.
- Embedded Source Routing Information (2-30 bytes)
- Data (?? bytes - 1500 bytes)
- ?? byte minumum (padding used) to ensure that the preamble
travels to the farthest node before the FCS is transmitted.
- Checksum / FCS (4 bytes)
4. 802.11 Ethernet Frames
- Frame Control (2 bytes)
- Protocol Version (2 bits)
- Type (2 bits)
- Subtype (4 bits)
- To DS (1 bit)
- From DS (1 bit)
- More Frag (1 bit)
- Retry (1 bit)
- Power Mgt (1 bit)
- More Data (1 bit)
- WEP (1 bit)
- Order (1 bit)
- Duration / ID (2 bytes)
- depends on the type of frame
- see Section 7.2 of IEEE-802.11
- Address 1 (6 bytes)
- Destination address
- Address 2 (6 bytes)
- Source address
- Address 3 (6 bytes)
- Receiver address
- Sequence Control (2 bytes)
- Fragment number (4 bits)
- Sequence number (12 bits)
- Address 4 (6 bytes)
- Sender address
- Frame Body (0-2312 bytes)
- Checksum / FCS (4 bytes)
C. Network Layer
1. Internet Protocol Header (IP) - 24 bytes
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time to Live | Protocol | Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Example Internet Datagram Header
- Version Number (4 bits)
- Header Length / HLEN (4 bits)
- Type of Service (1 byte) (err... better check for the updates
to this. it's changed once or twice.)
- Precedence (3 bits)
- indicates priority 0=normal, 7=high
- Delay (1 bit)
- used to set low delay
- Throughput (1 bit)
- used to request high throughput
- Reliability (1 bit)
- used to indicate high reliability
** TOS, as defined in RFC 2474, has been updated
by RFC 2168 (ECN in IP and TCP)
- Total Length (2 bytes)
- indicates to total length of IP datagram
- Identification (2 bytes)
- used to determine which fragments belong together
- Flags (3 bits)
- first bit is reserved
- second bit set to indicate fragmentation allowed
- third bit set to 0 to indicate last fragment
- 1 means more on their way
- Fragment Offset (13 bits)
- contains the offset of the fragment from the original
datagram
- Time to Live (1 byte)
- "how long" to live (in seconds) or "hop count"
- Protocol (1 byte)
- which high level protocol was used to create the packet
- TCP = 6
- UDP = 17
- Header Checksum (2 bytes)
- Source IP Address (4 bytes)
- hexadecimal representation of the dotted quad IP address
- Destination IP Address (4 bytes)
- hexadecimal representation of the dotted quad IP address
- Options (Variable length)
- can be used to record the route taken, sepcify the route,
time stamp, security, etc.
- Padding (Variable length)
2. Address Resolution Protocol (ARP) - 28 bytes
- Hardware Type (2 bytes)
- Protocol Type (2 bytes)
- 0800H may indicate IP
- Hlen (1 byte)
- length of the hardware address
- Plen (1 byte)
- length of the (high level) protocol address
- Operation (2 bytes)
- specifies a request or a reply
- request = 1
- reply = 2
- Sender HA (6 bytes)
- senders MAC address
- Sender IP (4 bytes)
- senders protocol address
- Target HA (6 bytes)
- the targets MAC address
- will be placed here upon reply
- Target IP (4 bytes)
- targets protocol address
3. Internet Control Messaging Protocol (ICMP) - (Variable length)
* Used by a Router to communicate with a Host
- Type (1 byte)
- specifies the type of ICMP message
- Code (1 byte)
- further specifies the type of ICMP message
- Header Checksum (2 bytes)
- Message (Variable length)
- contains data specific to the message type indicated
4. Internet Group Management Protocol (IGMP)
* see http://www.networksorcery.com/enp/default0404.htm
D. Transport Layer
1. Transmission Control Protocol Header (TCP) - 24 bytes
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Destination Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Acknowledgment Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Urgent Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
TCP Header Format
- Source Port (2 bytes)
- Destination Port (2 bytes)
- Sequence Number (4 bytes)
- Acknowledgement Number (4 bytes)
- related to the Flags Field
- Data Offset / Header Length - HLEN (4 bits)
- indicates the number of words in the TCP header ?
- Reserved (6 bits)
- Flags (6 bits - one for each flag)
- URG (Urgent)
- ACK (Acknowledgement)
- indicates an ackowledgement is requested
- PSH (PuSH)
- tells sending TCP to deliver all its data NOW
- also tells receiving TCP to deliver "upward" NOW
- essentially performs a "buffer flush"
- RST (Reset)
- resets transport connection to original state
- SYN (Synchronize)
- creates a virtual connection between sender/receiver
- how it works is a sender sends a paket with the SYN
bit set and puts a number in the sequence number
field. the receiver returns a packet with the SYN
and ACK flags set, and bumps the sequence number by
1. the sender then sends a packet with only the ACK
flag set and bumps the sequence number again by 1.
this is the 3-way handshake that establishes a
connection.
- FIN (Finish)
- releases (ends) the virtual connection
- Window / Flow Control (2 bytes)
- indicates the number of bytes
the sender is prepared to receive
- Checksum (2 bytes)
- Urgent Pointer (2 bytes)
- an offset to where urgent data, if any, is in the packet
- Options (variable number of bytes)
- contains information such as maximum TCP segment size
- Padding (Variable length)
2. User Datagram Protocol Header (UDP) - (Variable, minimum of 8 bytes)
* used by TFTP, SNMP and should be used by NFS
* also used for Broadcast and Multicast transmissions
0 7 8 15 16 23 24 31
+--------+--------+--------+--------+
| Source | Destination |
| Port | Port |
+--------+--------+--------+--------+
| | |
| Length | Checksum |
+--------+--------+--------+--------+
|
| data octets ...
+---------------- ...
User Datagram Header Format
- Source Port (2 bytes)
- optional, may enter 0 for NULL (no reply)
- Destination Port (2 bytes)
- Length (2 bytes)
- length of header and encapsulated data
- Checksum (2 bytes)
- made from a pseudo-header
- pseudo-header includes source/destination address
- this gives protection against misrouted datagrams
|
|
|
|
|
|
|
|
![[ Statistics by AWStats ]](/local_icons/LAMP/awstats_logo.png)
|
|
|
|
|
|
|
In an effort to provide a service of value to the open source community, I've put together this website that containing many of my notes and references.
This website is not authoritative and it is certainly not without errors; it is a work in progress.
In addition to my contributions you will also find the work of others. Where the work is not mine, I have tried to indicate that, and to reference the source of the work: by citing the original author, retaining the authors' name and license wherever present, or by placing the work in a suitably named URL containg /external/ in the path. If you find any work here that should not be publically available, please send me a note and it will be removed.
As for my contributions, you are free to use any of *MY* notes or code from this website unless specifically instructed otherwise.
Brett Lee, Ph.D., President & CEO
Everything Penguin, Inc.
|
|
|
![[ Powered by Red Hat Linux ]](/local_icons/LAMP/redhat_pb.gif){kind=icon}
![[ Powered by Apache Server]](/local_icons/LAMP/apache_pb.gif){kind=icon}
![[ Powered by MySQL ]](/local_icons/LAMP/mysql_pb.gif){kind=icon}