Everything Penguin

Focusing on Linux-based Operating Systems
htDig Search:

Operating Systems
  • /pub/OS/Linux

  • Storage
  • File Systems
  • HPC
  • /pub/Storage

  • Networking
  • /pub/Networking

  • Network Services
  • /pub/NetworkServices

  • Security
  • /pub/Security
  • Keytool/OpenSSL

  • Clustering
  • HA
  • DRM

  • Development
  • Design
  • C/C++
  • Java
  • Perl
  • Python
  • Shell
  • Web / J2EE

  • Not Linux ?
  • BSD
  • HP-UX
  • Mac
  • Solaris
  • VM
  • Windows
  • /pub/OS

  • Other
  • /pub
  • /pub/3rdParty
  •  Parent Directory

    OSI View of Ethernet, IP, TCP & other selected protocols
    Brett Lee
    ================================================================================
    
    
    I.  Ethernet / IP Data Structures
    -------------------------------------
    				(- TCP -)	(- UDP -)
    Application Layer	=	Stream		Message
    Transport Layer		=	Segment		Packet
    Internet Layer		=	Datagram	Datagram
    Data Link Layer		=	Frame		Frame
    
    	In short:
    	* TCP is sent in "segments"
    	* UDP is sent in "packets"
    
    	Is this important?
    	* No, not to most people.  But neither is the rest of this.  Stop
    	* now...
    
    
    
    II.  Summary of the OSI Model Layers
    -------------------------------------
    
                                                   --------------------------
                                                   |    Application Data    |
                                                   -------------------------- 
    Application                               -------------------------------
    Layer                                     | AH |    Application Data    |
                                              -------------------------------
    Presentation                         ------------------------------------
    Layer                                | PH |                             | 
                                         ------------------------------------
    Session                         -----------------------------------------
    Layer                           | SH |                                  | 
                                    -----------------------------------------
    Transport                  ----------------------------------------------
    Layer                      | TH |                                       | 
                               ----------------------------------------------
    Network               ---------------------------------------------------
    Layer                 | NH |                                            | 
                          ---------------------------------------------------
    Data            ---------------------------------------------------------------
    Link            | DLH |                                                 | DLT |
    Layer           ---------------------------------------------------------------
    
    Physical        ....................1010101010.................................
    Layer           
    
    
    
    
    II.  Inside the Layers / Headers
    -------------------------------------
    
    A.  Physical	Ones and Zeros in some Encoding Scheme 
                    e.g. Manchester Encoding 
    			- always changes the signal mid-bit, but
    			  if the signal starts where it left off it is a ONE
    			  if not, it is a ZERO
                    e.g. 2&3. Return to Zero (RZ) and non Return to Zero (NRZ)
    
    
    B.  Data Link Layer
    
       1. 802.3 Ethernet Frames (pre-1987)
          --------------------------
    
          |Destination|  Source  | L |LLC -     DATA      |FCS|
          |     6     |    6     | 2 | ?  -    ??-1500    | 4 |   Total = 1518 bytes
          
          * Contains an LLC in the IP datagram.  LLC contains a DSAP value to 
          * "steer" the packet up the right protocol stack.
    
    	- Preamble (8 bytes)
    		- 7 bytes of 10101010
    		- 1 byte of  10101011 (SOFD - Start of Frame Delimiter)
    
    	- Destination Address (6 bytes)
    
    	- Source Address (6 bytes)
    
    	- Length (2 bytes)
    
    		- Length used in 802.3 Ethernet
    			- this specifies the packet length
    	
    	- Data (46 bytes - 1500 bytes)
                    - Contain an 802.2 LLC header at the beginning of the IP Data
                      section to direct the payload up the proper network stack.
    		- Padding (hopefully ALL ZERO's) may be used to ensure the 
                      minimum frame length of 64 bytes (including FCS).
                      Reason for this is to to ensure that the preamble travels 
                      to the farthest node before the end of the FCS is transmitted.
    
    	- Checksum / FCS (4 bytes)
    
    
    
       2. Ethernet II  Frames 
          --------------------------
    
          |Destination|  Source  | T |     DATA        |FCS|
          |     6     |    6     | 2 |   46-1500       | 4 |   Total = 1518 bytes
          
          * Length field is replaced with type field.  Length field is < 0x0600 
            whereas type field is >= 0x6000.  Length field replaces DSAP value 
            and eliminates need for LLC.
    
            - Preamble (8 bytes)
                    - 7 bytes of 10101010
                    - 1 byte of  10101011 (SOFD - Start of Frame Delimiter)
    
            - Destination Address (6 bytes)
    
            - Source Address (6 bytes)
    
            - Type (2 bytes)
    
                    - Type (aka. Ethertype) used in Ethernet V2 Frame 
                            - this field allows delivery of the frame to the proper
                            network protocol stack above the Data Link Layer,
                            thus, there is no 802.2 LLC header.
                            SNAP exists for the purpose of encapsulating Ethernet V2
                            frames into standard IEEE 802.2 frames.
    
            - Data (46 bytes - 1500 bytes)
    
                    - 46 byte minumum (padding used to ensure that the preamble
                      travels to the farthest node before the FCS is transmitted).
    
            - Checksum / FCS (4 bytes)
    
    
    
       3. 802.1p/d/q Ethernet Frames 
          --------------------------
    
          |Destination|  Source  |VLAN|T/L|    DATA       |FCS|
          |     6     |    6     |  4 | 2 |   46-1500     | 4 |   Total = 1522 bytes
    
          * 802.1Q increased Max frame size to 1522 bytes - plus preamble
    
          * Note that if the frame is 802.3, the "Length" field will still be 
            followed by the LLC.
    
            - Preamble (8 bytes)
                    - 7 bytes of 10101010
                    - 1 byte of  10101011 (SOFD - Start of Frame Delimiter)
    
            - Destination Address (6 bytes)
    
            - Source Address (6 bytes)
    
            - VLAN Tag (4 bytes)
    		- VLAN Protocol ID (1 byte)
    		- Tag Control Info (1 byte)
    			- Priority (3 bits)
    			- CFI (1 bit)
    				- indicates if Source Routing Information exists
    				- CFI=0 means NO, is the most common case
    			- VLAN Identifier (12 bits)
    
            - Length / Type (2 bytes)
    
                    - Length used in 802.3 Ethernet
                            - this specifies the packet length
    
                    - Type (aka. Ethertype) used in Ethernet V2 Frame
                            - this field allows delivery of the frame to the proper
                            network protocol stack above the Data Link Layer,
                            thus, there is no 802.2 header.
                            SNAP exists for the purpose of encapsulating Ethernet V2
                            frames into standard IEEE 802.2 frames.
    
    		- Embedded Source Routing Information (2-30 bytes)
    
            - Data (?? bytes - 1500 bytes)
    
                    - ?? byte minumum (padding used) to ensure that the preamble
                      travels to the farthest node before the FCS is transmitted.
    
            - Checksum / FCS (4 bytes)
    
    
    
       4. 802.11 Ethernet Frames 
    
    	- Frame Control (2 bytes)
    
    		- Protocol Version (2 bits)
    		- Type (2 bits)
    		- Subtype (4 bits)
    		- To DS (1 bit)
    		- From DS (1 bit)
    		- More Frag (1 bit)
    		- Retry (1 bit)
    		- Power Mgt (1 bit)
    		- More Data (1 bit)
    		- WEP (1 bit)
    		- Order (1 bit)
    
    	- Duration / ID (2 bytes)
    		- depends on the type of frame
    		- see Section 7.2 of IEEE-802.11
    
    	- Address 1 (6 bytes)
    		- Destination address
    
    	- Address 2 (6 bytes)
    		- Source address
    
    	- Address 3 (6 bytes)
    		- Receiver address
    
    	- Sequence Control (2 bytes)
    
    		- Fragment number (4 bits)
    		- Sequence number (12 bits)
    
    	- Address 4 (6 bytes)
    		- Sender address
    
    	- Frame Body (0-2312 bytes)
    
    	- Checksum / FCS (4 bytes)
    
    
    
    C.  Network Layer 
    
       1. Internet Protocol Header (IP) - 24 bytes
                                        
        0                   1                   2                   3   
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |Version|  IHL  |Type of Service|          Total Length         |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |         Identification        |Flags|      Fragment Offset    |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |  Time to Live |    Protocol   |         Header Checksum       |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                       Source Address                          |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                    Destination Address                        |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                    Options                    |    Padding    |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    
                        Example Internet Datagram Header
    
    
    	- Version Number (4 bits)
    
    	- Header Length / HLEN (4 bits)
    
    	- Type of Service (1 byte)  (err... better check for the updates
                                         to this.  it's changed once or twice.)
    
    		- Precedence (3 bits)
    			- indicates priority 0=normal, 7=high
    		- Delay (1 bit)
    			- used to set low delay
    		- Throughput (1 bit)
    			- used to request high throughput
    		- Reliability (1 bit)
    			- used to indicate high reliability
    
    		** TOS, as defined in RFC 2474, has been updated
    			by RFC 2168 (ECN in IP and TCP)
    
    	- Total Length (2 bytes)
    		- indicates to total length of IP datagram
    
    	- Identification (2 bytes)
    		- used to determine which fragments belong together
    
    	- Flags (3 bits)
    
    		- first bit is reserved
    		- second bit set to indicate fragmentation allowed
    		- third bit set to 0 to indicate last fragment 
    			- 1 means more on their way
    
    	- Fragment Offset (13 bits)
    		- contains the offset of the fragment from the original 
    		  datagram
    
    	- Time to Live (1 byte)
    		- "how long" to live (in seconds) or "hop count"
    
    	- Protocol (1 byte)
    		- which high level protocol was used to create the packet
    			- TCP = 6
    			- UDP = 17
    
    	- Header Checksum (2 bytes)
    
    	- Source IP Address (4 bytes)
    		- hexadecimal representation of the dotted quad IP address
    
    	- Destination  IP Address (4 bytes)
    		- hexadecimal representation of the dotted quad IP address
    			
    	- Options (Variable length)
    		- can be used to record the route taken, sepcify the route,
    		  time stamp, security, etc.
    
    	- Padding (Variable length)
    
    
    
       2. Address Resolution Protocol (ARP) - 28 bytes
    
            - Hardware Type (2 bytes)
    
            - Protocol Type (2 bytes)
                    - 0800H may indicate IP
    
            - Hlen (1 byte)
                    - length of the hardware address
    
            - Plen (1 byte)
                    - length of the (high level) protocol address
    
            - Operation (2 bytes)
                    - specifies a request or a reply
                            - request = 1
                            - reply   = 2
    
            - Sender HA (6 bytes)
                    - senders MAC address
    
            - Sender IP (4 bytes)
                    - senders protocol address
    
            - Target HA (6 bytes)
                    - the targets MAC address
                    - will be placed here upon reply
    
            - Target IP (4 bytes)
                    - targets protocol address
    
    
    
       3. Internet Control Messaging Protocol (ICMP) - (Variable length)
    
    	* Used by a Router to communicate with a Host
    
    	- Type (1 byte)
    		- specifies the type of ICMP message
    
    	- Code (1 byte)
    		- further specifies the type of ICMP message
    
    	- Header Checksum (2 bytes)
    
    	- Message (Variable length)
    		- contains data specific to the message type indicated
    
    
    
       4. Internet Group Management Protocol (IGMP)
    
    	* see http://www.networksorcery.com/enp/default0404.htm 
    
    
    
    D.  Transport Layer
    
       1. Transmission Control Protocol Header (TCP) - 24 bytes
    
        0                   1                   2                   3   
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |          Source Port          |       Destination Port        |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                        Sequence Number                        |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                    Acknowledgment Number                      |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |  Data |           |U|A|P|R|S|F|                               |
       | Offset| Reserved  |R|C|S|S|Y|I|            Window             |
       |       |           |G|K|H|T|N|N|                               |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |           Checksum            |         Urgent Pointer        |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                    Options                    |    Padding    |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                             data                              |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    
                                TCP Header Format
    
    	- Source Port (2 bytes)
    
    	- Destination Port (2 bytes)
    
    	- Sequence Number (4 bytes)
    
    	- Acknowledgement Number (4 bytes)
    		- related to the Flags Field
    
    	- Data Offset / Header Length - HLEN (4 bits)
    		- indicates the number of words in the TCP header ?
    
    	- Reserved (6 bits)
    
    	- Flags (6 bits - one for each flag)
    		- URG (Urgent)
    		- ACK (Acknowledgement) 
    			- indicates that the ackowledgement is included
    		- PSH (PuSH)
    			- tells sending TCP to deliver all its data NOW
    			- also tells receiving TCP to deliver "upward" NOW
    			- essentially performs a "buffer flush"
    		- RST (Reset)
    			- resets transport connection to original state
    		- SYN (Synchronize)
    			- creates a virtual connection between sender/receiver
    			- how it works is a sender sends a paket with the SYN
    			  bit set and puts a number in the sequence number
    			  field.  the receiver returns a packet with the SYN
    			  and ACK flags set, and bumps the sequence number by
    			  1.  the sender then sends a packet with only the ACK
    			  flag set and bumps the sequence number again by 1.
    			  this is the 3-way handshake that establishes a
    			  connection.
    		- FIN (Finish)
    			- sends the other end to end virtual connection 
    
    	- Window / Flow Control (2 bytes)
    		- indicates the number of bytes 
    		  the sender is prepared to receive
    
    	- Checksum (2 bytes)
    
    	- Urgent Pointer (2 bytes)
    		- an offset to where urgent data, if any, is in the packet
    
    	- Options (variable number of bytes)
    		- contains information such as maximum TCP segment size
    
    	- Padding (Variable length)
    
    
       2. User Datagram Protocol Header (UDP) - (Variable, minimum of 8 bytes)
    
    	* used by TFTP, SNMP and should be used by NFS
            * also used for Broadcast and Multicast transmissions 
    
                                        
                      0      7 8     15 16    23 24    31  
                     +--------+--------+--------+--------+ 
                     |     Source      |   Destination   | 
                     |      Port       |      Port       | 
                     +--------+--------+--------+--------+ 
                     |                 |                 | 
                     |     Length      |    Checksum     | 
                     +--------+--------+--------+--------+ 
                     |                                     
                     |          data octets ...            
                     +---------------- ...                 
    
                          User Datagram Header Format
    
    	- Source Port (2 bytes)
    		- optional, may enter 0 for NULL (no reply)
    
    	- Destination Port (2 bytes)
    
    	- Length (2 bytes)
    		- length of header and encapsulated data
    
    	- Checksum (2 bytes)
    		- made from a pseudo-header
    			- pseudo-header includes source/destination address 
    			- this gives protection against misrouted datagrams
    
    

    Other Sites

    RFC's
  • FAQ's
  • IETF
  • RFC Sourcebook

  • Linux
  • Linux - Intro
  • Linux Kernel
  • Linux Kernel (LKML)
  • Bash - Intro
  • Bash - Advanced
  • Command Line
  • System Administration
  • Network Administration
  • Man Pages (& more)
  • More Guides
  • Red Hat Manuals
  • HOWTO's

  • Reference/Tutorials
  • C++ @ cppreference
  • C++ @ cplusplus
  • CSS @ echoecho
  • DNS @ Zytrax
  • HTML @ W3 Schools
  • Java @ Sun
  • LDAP @ Zytrax
  • Linux @ YoLinux
  • MySQL
  • NetFilter
  • Network Protocols
  • OpenLDAP
  • Quagga
  • Samba
  • Unix Programming



  • This site contains many of my notes from research into different aspects of the Linux kernel as well as some of the software provided by GNU and others. Thouugh these notes are not fully comprehensive or even completetly accurate, they are part of my on-going attempt to better understand this complex field. And, they are your to use.

    Should you wish to report any errors or suggestions, please let me know.

    Should you wish to make a donation for anything you may have learned here, please direct that donation to the ASPCA, with my sincere thanks.

    Brett Lee
    Everything Penguin

    The code for this site, which is just a few CGI scripts, may be found on GitHub (https://github.com/userbrett/cgindex).

    For both data encryption and password protection, try Personal Data Security (https://www.trustpds.com).


    "We left all that stuff out. If there's an error, we have this routine called 'panic', and when its called, the machine crashes, and you holler down the hall, 'Hey, reboot it.'"

        - Dennis Ritchie on Unix (vs Multics)


    Google
    [ Powered by Red Hat Linux ] [ Powered by Apache Server] [ Powered by MySQL ]

    [ Statistics by AWStats ]