1 00:00:06,474 --> 00:00:07,524 - Alright, we're going to talk 2 00:00:07,524 --> 00:00:09,160 first a little bit about Ethernet. 3 00:00:09,160 --> 00:00:10,691 I'm going to give you a little bit of a history lesson 4 00:00:10,691 --> 00:00:12,541 for those of you who have not seen this before. 5 00:00:12,541 --> 00:00:14,648 It may be interesting to you, may not be. 6 00:00:14,648 --> 00:00:16,037 We'll just go into this. 7 00:00:16,037 --> 00:00:17,538 We all know Ethernet, right? 8 00:00:17,538 --> 00:00:18,517 We have these at home. 9 00:00:18,517 --> 00:00:20,168 We have our routers at home 10 00:00:20,168 --> 00:00:21,888 that you plug your connections into. 11 00:00:21,888 --> 00:00:23,637 You got your wi-fi router. 12 00:00:23,637 --> 00:00:27,597 Really what it was based on was all based on Ethernet. 13 00:00:27,597 --> 00:00:31,306 Ethernet was actually invented by Xerox 14 00:00:31,306 --> 00:00:35,378 at their Palo Alto research center, or PARC, in the 1970s. 15 00:00:35,378 --> 00:00:38,596 It used to run at three megabits per second. 16 00:00:38,596 --> 00:00:42,538 Then, Xerox, Digital Equipment, and Intel got together, 17 00:00:42,538 --> 00:00:43,637 that's the DIX standard, 18 00:00:43,637 --> 00:00:46,008 and they bumped the speed up to ten megabits. 19 00:00:46,008 --> 00:00:49,427 They actually standardized it in 1978. 20 00:00:49,427 --> 00:00:53,357 This was passed over in 1980 with the IEEE, 21 00:00:53,357 --> 00:00:54,828 that's the Institute of Electrical 22 00:00:54,828 --> 00:00:56,875 and Electronics Engineers. 23 00:00:56,875 --> 00:00:58,938 They released a compatible version 24 00:00:58,938 --> 00:01:01,869 of the standard that looks very much like Ethernet. 25 00:01:01,869 --> 00:01:03,648 There is a little bit of a difference in there 26 00:01:03,648 --> 00:01:06,876 and that they use a Link Field instead of a Type Field, 27 00:01:06,876 --> 00:01:07,749 which we'll get into. 28 00:01:07,749 --> 00:01:11,717 This version of the standard is what we all know as 802.3. 29 00:01:11,717 --> 00:01:13,138 Give a little bit of history. 30 00:01:13,138 --> 00:01:16,946 We're gonna talk about the original version of the standard, 31 00:01:16,946 --> 00:01:19,029 which was called 10Base5. 32 00:01:21,471 --> 00:01:23,342 That is 10 megabits per second, 33 00:01:23,342 --> 00:01:25,245 that's what the 10 stands for. 34 00:01:25,245 --> 00:01:26,653 Base is baseband. 35 00:01:26,653 --> 00:01:29,584 5 is the distance in meters. 36 00:01:29,584 --> 00:01:30,693 So that's 500 meters. 37 00:01:30,693 --> 00:01:33,533 Originally the way it was set up, 38 00:01:33,533 --> 00:01:37,763 is they had this very, very thick orange cable, 39 00:01:37,763 --> 00:01:40,714 very thick, with coaxial cable. 40 00:01:40,714 --> 00:01:44,005 On either side you had a terminator. A 50 Ohm terminator. 41 00:01:44,005 --> 00:01:47,573 That terminator sometimes was a source of problems 42 00:01:47,573 --> 00:01:50,354 if the terminator was not on correctly 43 00:01:50,354 --> 00:01:53,434 you have to ground one side, you don't ground both sides, 44 00:01:53,434 --> 00:01:55,672 you had to ground one side of the cable. 45 00:01:55,672 --> 00:01:59,834 Then attached to this, almost like this frozen garden hose, 46 00:01:59,834 --> 00:02:01,424 you have a transceiver. 47 00:02:01,424 --> 00:02:03,232 The transceiver attaches to the cable, 48 00:02:03,232 --> 00:02:05,514 and coming off of the transceiver 49 00:02:05,514 --> 00:02:08,365 is a Vampire Tap that attaches to the cable. 50 00:02:08,365 --> 00:02:12,144 Then you have an AUI, or an Attachment User Interface cable 51 00:02:12,144 --> 00:02:15,748 that goes to the NIC and onto the Host. 52 00:02:15,748 --> 00:02:19,713 Originally, you could have up to a hundred machines 53 00:02:19,713 --> 00:02:22,444 that were on a segment. 54 00:02:22,444 --> 00:02:25,572 If you wanted to add more users than a hundred, 55 00:02:25,572 --> 00:02:28,404 you would have to do some kind of a repeater 56 00:02:28,404 --> 00:02:30,223 or start setting up things, like bridges, 57 00:02:30,223 --> 00:02:31,432 which we'll get into. 58 00:02:31,432 --> 00:02:35,372 This is the original Ethernet device, or Ethernet design. 59 00:02:35,372 --> 00:02:38,873 It was usually run in a false ceiling. 60 00:02:38,873 --> 00:02:41,313 Then they had a transceiver that was connected 61 00:02:41,313 --> 00:02:42,730 down to the host. 62 00:02:44,712 --> 00:02:48,032 To put everything together, you have your 10Base5 LAN. 63 00:02:48,032 --> 00:02:50,824 You have your transceivers that are attached to the LAN. 64 00:02:50,824 --> 00:02:54,246 Then your Host that are attached to the transceivers. 65 00:02:54,246 --> 00:02:57,346 When a host wants to send, it will listen to the network 66 00:02:57,346 --> 00:03:00,453 to make sure that nobody else is sending at the same time. 67 00:03:00,453 --> 00:03:03,676 That method is called Carrier-Sense Multiple Access 68 00:03:03,676 --> 00:03:05,636 with Collision Detection. 69 00:03:05,636 --> 00:03:07,444 That's the Media Access Control method 70 00:03:07,444 --> 00:03:09,935 that is used in early Ethernet networks. 71 00:03:09,935 --> 00:03:13,026 It is a Broadcast Multiple Access network. 72 00:03:13,026 --> 00:03:15,493 Even when you're only sending from one device 73 00:03:15,493 --> 00:03:17,906 to another device, you're actually broadcasting 74 00:03:17,906 --> 00:03:19,778 across the entire network. 75 00:03:19,778 --> 00:03:23,266 And then each Host, we'll look in the frame 76 00:03:23,266 --> 00:03:26,726 and look at a field called the Destination Address. 77 00:03:26,726 --> 00:03:29,197 It will see whether or not that Destination Address 78 00:03:29,197 --> 00:03:30,768 matches up with that device. 79 00:03:30,768 --> 00:03:32,898 If it does, it takes the frame in 80 00:03:32,898 --> 00:03:35,218 and then interrupts the CPU on the Host 81 00:03:35,218 --> 00:03:39,256 and copies that frame across to the Host. 82 00:03:39,256 --> 00:03:42,288 Every Host on the Ether receives that same copy. 83 00:03:42,288 --> 00:03:44,498 If a Host wants to send to multiple destinations, 84 00:03:44,498 --> 00:03:48,165 we have a broadcast address that we can send. 85 00:03:48,165 --> 00:03:50,829 Every device that is attached to this 86 00:03:50,829 --> 00:03:53,618 has a Burned-In Address, 87 00:03:53,618 --> 00:03:56,077 it's called the Burned-In Address, 88 00:03:56,077 --> 00:03:58,298 that is burned into each Mac. 89 00:03:58,298 --> 00:04:00,157 That is usually called a Mac Address. 90 00:04:00,157 --> 00:04:02,928 This makes this whole network Half Duplex. 91 00:04:02,928 --> 00:04:06,669 Half Duplex meaning we can send or receive at the same time. 92 00:04:06,669 --> 00:04:08,589 This is called a Collision Domain. 93 00:04:08,589 --> 00:04:11,037 What a collision is, is when two devices listen 94 00:04:11,037 --> 00:04:13,192 to the medium at the same time 95 00:04:13,192 --> 00:04:15,069 and they realize that the medium is free 96 00:04:15,069 --> 00:04:17,971 then they will start sending at the same time. 97 00:04:17,971 --> 00:04:19,643 They will transmit over each other 98 00:04:19,643 --> 00:04:21,186 and that's called a Collision. 99 00:04:21,186 --> 00:04:24,877 The transceivers will detect that collision by more voltage, 100 00:04:24,877 --> 00:04:27,965 because that's additive between two devices 101 00:04:27,965 --> 00:04:29,973 and you'll get more voltage on the line 102 00:04:29,973 --> 00:04:30,925 than you should expect. 103 00:04:30,925 --> 00:04:33,489 And that's called a Collision. 104 00:04:33,489 --> 00:04:36,565 At the same time, we have a geographic distance. 105 00:04:36,565 --> 00:04:39,503 We're limited to no more than 500 meters. 106 00:04:39,503 --> 00:04:42,461 As a matter of fact, it's usually much less than that. 107 00:04:42,461 --> 00:04:44,264 And the Host count is much less than that. 108 00:04:44,264 --> 00:04:47,498 Because you have this huge cable that's snaking through 109 00:04:47,498 --> 00:04:49,732 the ceiling of your areas, so this short coming 110 00:04:49,732 --> 00:04:52,265 led to using RG-58/U cable. 111 00:04:52,265 --> 00:04:53,505 This is also a 50 cable. 112 00:04:53,505 --> 00:04:54,894 It's much, much thinner. 113 00:04:54,894 --> 00:04:56,311 It's the 10Base2. 114 00:04:57,205 --> 00:04:59,021 Finally, what we're all used to, 115 00:04:59,021 --> 00:05:03,629 which is our twisted pair 10BaseT and that's using hubs. 116 00:05:03,629 --> 00:05:06,458 Getting into Hubs, this is the repeater or a hub. 117 00:05:06,458 --> 00:05:10,200 This operates at Layer One of the OSI reference model. 118 00:05:10,200 --> 00:05:13,618 All it is, is whenever it gets a frame that comes in, 119 00:05:13,618 --> 00:05:15,509 it will repeat that frame at all ports 120 00:05:15,509 --> 00:05:18,229 except for the port that it came in on. 121 00:05:18,229 --> 00:05:20,908 They do not filter or modify the frames 122 00:05:20,908 --> 00:05:24,258 in any way other than just to regenerate the signals. 123 00:05:24,258 --> 00:05:26,387 It's still a Single Collision Domain. 124 00:05:26,387 --> 00:05:29,578 If you send and another station sends at the same time, 125 00:05:29,578 --> 00:05:30,909 you will have collisions 126 00:05:30,909 --> 00:05:33,648 except the hub now is responsible for detecting 127 00:05:33,648 --> 00:05:35,978 those collisions and sending the signal back. 128 00:05:35,978 --> 00:05:37,680 Usually the way it sends a signal back 129 00:05:37,680 --> 00:05:39,949 is it will repeat the frame back out on the same port 130 00:05:39,949 --> 00:05:41,618 that it came in on. 131 00:05:41,618 --> 00:05:45,096 At the same time you're sending and you're listening 132 00:05:45,096 --> 00:05:47,018 at the same time and if you get a frame that comes back, 133 00:05:47,018 --> 00:05:49,509 then you know you had a collision and you have to re-send. 134 00:05:49,509 --> 00:05:51,600 It's least secure, right? 135 00:05:51,600 --> 00:05:53,338 Hubs repeat frames to all ports. 136 00:05:53,338 --> 00:05:55,018 If you get a frame that comes in, 137 00:05:55,018 --> 00:05:57,808 it gets copied out to all destination ports 138 00:05:57,808 --> 00:06:00,618 regardless of the address that's on the frame. 139 00:06:00,618 --> 00:06:04,408 If you put your device into what's called Promiscuous Mode, 140 00:06:04,408 --> 00:06:07,258 then you will receive frames that are not addressed. 141 00:06:07,258 --> 00:06:08,908 The Host will actually receive that frame 142 00:06:08,908 --> 00:06:11,479 and it'll interrupt the CPU for frames 143 00:06:11,479 --> 00:06:12,617 that are not address to them, 144 00:06:12,617 --> 00:06:15,720 their burned-in address by using the promiscuous mode. 145 00:06:15,720 --> 00:06:18,235 Because of their short comings with collision domains, 146 00:06:18,235 --> 00:06:21,103 the single collision domain, 147 00:06:21,103 --> 00:06:24,056 The IEEE actually deprecated their use in 2011, 148 00:06:24,056 --> 00:06:25,672 which made them obsolete. 149 00:06:25,672 --> 00:06:27,899 So you don't see them very often any more. 150 00:06:27,899 --> 00:06:29,528 This is the Ethernet frame. 151 00:06:29,528 --> 00:06:31,267 We're still talking about the physical layer. 152 00:06:31,267 --> 00:06:33,147 This is the Bits and Layer Two, 153 00:06:33,147 --> 00:06:35,307 which is the Data Link Layer. 154 00:06:35,307 --> 00:06:38,088 Then we have the Ethernet Frame. 155 00:06:38,088 --> 00:06:42,299 We start out with the destination going all the way across. 156 00:06:42,299 --> 00:06:45,318 You might not have seen this terminology used before. 157 00:06:45,318 --> 00:06:47,166 Sometimes networking people, 158 00:06:47,166 --> 00:06:49,099 we tend to use our own little lingo. 159 00:06:49,099 --> 00:06:50,927 The lingo that networking people use 160 00:06:50,927 --> 00:06:52,299 when you're talking about bytes, 161 00:06:52,299 --> 00:06:56,469 what we normally think of a byte is they use octets. 162 00:06:56,469 --> 00:06:59,366 Octets are technically more correct. 163 00:06:59,366 --> 00:07:04,067 What they refer to are eight bits of data is an octet. 164 00:07:04,067 --> 00:07:06,118 A byte may be more ambiguous. 165 00:07:06,118 --> 00:07:08,286 There were some devices that they had, 166 00:07:08,286 --> 00:07:11,663 maybe had seven bit bytes or maybe they had five bit bytes. 167 00:07:11,663 --> 00:07:13,975 So Octet is eight bits. 168 00:07:13,975 --> 00:07:15,422 That's typically what we'll use 169 00:07:15,422 --> 00:07:17,486 when we're talking about networking. 170 00:07:17,486 --> 00:07:20,445 One of the things that you really want to understand 171 00:07:20,445 --> 00:07:24,184 is that you can't just continually transmit on a network. 172 00:07:24,184 --> 00:07:26,713 You have to limit on how much you can send. 173 00:07:26,713 --> 00:07:29,246 This is called the Maximum Transmission Unit. 174 00:07:29,246 --> 00:07:31,275 When you're talking about Ethernet, 175 00:07:31,275 --> 00:07:33,285 the limit for Ethernet 176 00:07:33,285 --> 00:07:36,618 is typically 1500 Octets, or 1500 Bytes. 177 00:07:37,590 --> 00:07:39,190 That is as much as you can send. 178 00:07:39,190 --> 00:07:40,537 If you want to send more than that, 179 00:07:40,537 --> 00:07:43,256 you have to break up your communication 180 00:07:43,256 --> 00:07:44,888 into multiple frames. 181 00:07:44,888 --> 00:07:46,779 Typically, your Layer Three protocols 182 00:07:46,779 --> 00:07:49,219 will take care of that for you. 183 00:07:49,219 --> 00:07:50,990 Starting with the Destination Mac Address, 184 00:07:50,990 --> 00:07:53,134 this is six octets. 185 00:07:53,134 --> 00:07:54,398 The Destination Mac Address 186 00:07:54,398 --> 00:07:58,546 indicates where this frame is being sent to. 187 00:07:58,546 --> 00:08:01,168 Six octets is 48 Bits. 188 00:08:01,168 --> 00:08:05,019 That's how large a Layer Two Mac Address normally is. 189 00:08:05,019 --> 00:08:05,852 48 Bits. 190 00:08:06,926 --> 00:08:09,057 We'll see how those are broken up later on. 191 00:08:09,057 --> 00:08:12,328 Every frame that's being sent has a source. 192 00:08:12,328 --> 00:08:16,507 The device will indicate where that frame is coming from. 193 00:08:16,507 --> 00:08:18,688 This information is used by Switches, 194 00:08:18,688 --> 00:08:19,987 which we'll get into later on, 195 00:08:19,987 --> 00:08:23,128 to figure where packets or frames, 196 00:08:23,128 --> 00:08:25,328 in this case, are actually coming from. 197 00:08:25,328 --> 00:08:28,350 Following that, we have a Type or a Length Field. 198 00:08:28,350 --> 00:08:30,390 Remember when I was telling you before, 199 00:08:30,390 --> 00:08:31,870 that a Type was Ether type. 200 00:08:31,870 --> 00:08:33,366 This was the original Ethernet. 201 00:08:33,366 --> 00:08:37,533 There are some cases where you may not have a protocol 202 00:08:38,830 --> 00:08:41,158 that can say exactly what it's length is. 203 00:08:41,158 --> 00:08:43,748 That's if you were doing Layer Three for instance. 204 00:08:43,748 --> 00:08:45,830 In those cases you may need a Length Field. 205 00:08:45,830 --> 00:08:47,975 The reason why is because Ethernet 206 00:08:47,975 --> 00:08:52,359 has a minimum payload size and that is 46 octets. 207 00:08:52,359 --> 00:08:55,528 If you have less than 46 octets to send, 208 00:08:55,528 --> 00:08:59,493 you have to pad that out to be able to send. 209 00:08:59,493 --> 00:09:02,400 The reason why they do that is so you can detect collisions. 210 00:09:02,400 --> 00:09:04,156 That's why it was there. 211 00:09:04,156 --> 00:09:06,680 That's called a Slap Time of Ethernet. 212 00:09:06,680 --> 00:09:10,389 In the cases where you have less then 46 Bites to send, 213 00:09:10,389 --> 00:09:11,490 you may need a length. 214 00:09:11,490 --> 00:09:14,439 That's what the length field in used for. 215 00:09:14,439 --> 00:09:16,814 We just usually use it as a Type Indicator that says 216 00:09:16,814 --> 00:09:19,356 "This payload is either going to be IP. 217 00:09:19,356 --> 00:09:22,246 "It can be IPV-6, it can be ARP." 218 00:09:22,246 --> 00:09:24,375 Which is the Address Resolution Protocol. 219 00:09:24,375 --> 00:09:27,695 Those are all indicated by their own Ethertypes. 220 00:09:27,695 --> 00:09:29,341 To follow that up, we've had the Payload, 221 00:09:29,341 --> 00:09:30,396 which we've talked about. 222 00:09:30,396 --> 00:09:32,866 Finally we have the Frame Check Sequence. 223 00:09:32,866 --> 00:09:34,615 This is a Cyclic Redundancy Check, 224 00:09:34,615 --> 00:09:37,375 which is kind of like a Check Sum, 225 00:09:37,375 --> 00:09:40,756 that says whether or not we had any errors in this frame. 226 00:09:40,756 --> 00:09:44,316 You send the frame with the payload with the FCS, 227 00:09:44,316 --> 00:09:47,746 and then the FCS is computed at the Destination Station. 228 00:09:47,746 --> 00:09:50,855 If they match, then you know that the packet 229 00:09:50,855 --> 00:09:53,115 was sent without any errors. 230 00:09:53,115 --> 00:09:55,644 Finally there's some things that you may not know 231 00:09:55,644 --> 00:09:58,015 is that there is something called a Preamble 232 00:09:58,015 --> 00:10:00,722 and Start Frame Delimiter in Ethernet. 233 00:10:00,722 --> 00:10:05,384 The Preamble is a one-zero-one-zero-one-zero pattern, 234 00:10:05,384 --> 00:10:08,583 and then the Start Frame Delimiter is two trailing ones. 235 00:10:08,583 --> 00:10:10,532 So it'll go one-zero-one-zero-one-one 236 00:10:10,532 --> 00:10:12,034 and that lets you know that the station 237 00:10:12,034 --> 00:10:13,353 that's receiving the packet, 238 00:10:13,353 --> 00:10:16,004 when the Destination Mac Address starts. 239 00:10:16,004 --> 00:10:18,503 They do this for syncing up timing. 240 00:10:18,503 --> 00:10:21,132 Finally we have the Interpacket Gap. 241 00:10:21,132 --> 00:10:24,434 Also called the Interframe Gap and this is 12 octets. 242 00:10:24,434 --> 00:10:27,314 You can't just also continuously blast frames 243 00:10:27,314 --> 00:10:28,183 out on the network. 244 00:10:28,183 --> 00:10:32,023 You have to have some kind of a pause, and that's 12 octets. 245 00:10:32,023 --> 00:10:34,203 So talking a little bit more about Layer Two addressing. 246 00:10:34,203 --> 00:10:38,223 Interfaces are configured with a Burned-In Mac Address. 247 00:10:38,223 --> 00:10:39,783 NICS will not interrupt the host for 248 00:10:39,783 --> 00:10:42,542 Destination Mac Addresses that do not match this interface, 249 00:10:42,542 --> 00:10:44,354 but there are some exceptions to this. 250 00:10:44,354 --> 00:10:46,260 We have a Broadcast Destination Mac Address. 251 00:10:46,260 --> 00:10:47,503 That's all ones. 252 00:10:47,503 --> 00:10:51,043 What they're signifying is ff-ff-ff all the way across. 253 00:10:51,043 --> 00:10:54,896 It's in hexadecimal format. That's why it's UCFs. 254 00:10:54,896 --> 00:10:57,463 There's also things called Multi-Cast Addresses, 255 00:10:57,463 --> 00:11:01,276 which as well will be forwarded to multiple devices. 256 00:11:01,276 --> 00:11:04,295 Remember this is a broadcast multiple access medium 257 00:11:04,295 --> 00:11:07,084 where you can send one frame and that ends up getting copied 258 00:11:07,084 --> 00:11:10,427 to multiple devices at the same time. 259 00:11:10,427 --> 00:11:12,535 If you wanted to receive frames 260 00:11:12,535 --> 00:11:14,895 that are not destined for an interface, 261 00:11:14,895 --> 00:11:17,495 you can set the interface to Promiscuous Mode. 262 00:11:17,495 --> 00:11:20,436 In this case, I'm using the IP Link Set Command, 263 00:11:20,436 --> 00:11:24,135 Ethernet 2, which is my interface, Promiscuous on. 264 00:11:24,135 --> 00:11:26,175 When I do IP Link show Ethernet 2, 265 00:11:26,175 --> 00:11:29,214 you can see that it's in Promiscuous Mode. 266 00:11:29,214 --> 00:11:30,916 Packet Capture Software like Wireshark 267 00:11:30,916 --> 00:11:33,647 or TShark that does this by default for you. 268 00:11:33,647 --> 00:11:34,887 You shouldn't have to worry 269 00:11:34,887 --> 00:11:37,102 about putting in interface in Promiscuous Mode. 270 00:11:37,102 --> 00:11:38,977 I will say, though, that when you put Interface 271 00:11:38,977 --> 00:11:42,128 in Promiscuous Mode, it will make an event 272 00:11:42,128 --> 00:11:44,220 in the Kernel Log. 273 00:11:44,220 --> 00:11:46,729 You will know from looking at the log of the system 274 00:11:46,729 --> 00:11:49,062 that you're currently on that you 275 00:11:49,062 --> 00:11:50,951 were going into promiscuous mode. 276 00:11:50,951 --> 00:11:52,969 If you were on a device that, 277 00:11:52,969 --> 00:11:54,620 maybe you don't completely control, 278 00:11:54,620 --> 00:11:56,810 maybe there's an administrator that is monitoring that, 279 00:11:56,810 --> 00:11:59,020 they could see that when you go in to Promiscuous Mode. 280 00:11:59,020 --> 00:12:02,322 Next slide, we'll talk a little bit about Mac Adresses. 281 00:12:02,322 --> 00:12:05,580 This is the 48 Bit hexadecimal format layer to address. 282 00:12:05,580 --> 00:12:09,029 The first 24 bits are the manufacture ID. 283 00:12:09,029 --> 00:12:11,140 This is signed by the IEEE. 284 00:12:11,140 --> 00:12:13,020 In this case I have an OUI. 285 00:12:13,020 --> 00:12:15,551 That's called the Organizational Unique Identifier, 286 00:12:15,551 --> 00:12:16,789 is the manufacture ID. 287 00:12:16,789 --> 00:12:18,362 In this case, I'm showing Cisco 288 00:12:18,362 --> 00:12:20,671 is one of their assigned identifiers 289 00:12:20,671 --> 00:12:22,140 that's all zeros with a C. 290 00:12:22,140 --> 00:12:23,687 That's pretty easy to remember. 291 00:12:23,687 --> 00:12:26,380 The second 24 bit is the specific interface 292 00:12:26,380 --> 00:12:28,530 that is assigned by the manufacturer. 293 00:12:28,530 --> 00:12:32,202 Keep in mind, this is not per host this is per interface. 294 00:12:32,202 --> 00:12:34,522 If you have a device with multiple interfaces, 295 00:12:34,522 --> 00:12:36,388 for instance a router, 296 00:12:36,388 --> 00:12:38,389 you will have multiple Mac Addresses 297 00:12:38,389 --> 00:12:41,279 that are assigned one to each interface. 298 00:12:41,279 --> 00:12:43,290 The Group Bit, which is a bit 299 00:12:43,290 --> 00:12:45,570 that is in the manufacturer ID. 300 00:12:45,570 --> 00:12:48,279 This indicates that it is a multicast frame. 301 00:12:48,279 --> 00:12:50,519 When you have a manufacturer ID 302 00:12:50,519 --> 00:12:51,957 that is assigned by the IEEE, 303 00:12:51,957 --> 00:12:53,590 you're actually being given a unicast 304 00:12:53,590 --> 00:12:58,180 and a multicast group of addresses that you can use. 305 00:12:58,180 --> 00:13:00,900 Finally all ones is broadcast. 306 00:13:00,900 --> 00:13:03,850 You'll notice that I'm using hyphens 307 00:13:03,850 --> 00:13:06,671 in between each individual eight bit piece 308 00:13:06,671 --> 00:13:07,911 of the Mac Address. 309 00:13:07,911 --> 00:13:10,111 This is called Canonical Format. 310 00:13:10,111 --> 00:13:11,380 It's not really important 311 00:13:11,380 --> 00:13:13,940 but sometimes you'll see the Mac Addresses 312 00:13:13,940 --> 00:13:15,669 indicated by colons. 313 00:13:15,669 --> 00:13:18,328 That is a non-canonical format. 314 00:13:18,328 --> 00:13:19,759 The difference between a canonical 315 00:13:19,759 --> 00:13:21,038 and the non-canonical format 316 00:13:21,038 --> 00:13:25,342 are for some of the other IEEE LANs like Token Ring. 317 00:13:25,342 --> 00:13:27,319 The hyphens are technically more correct, 318 00:13:27,319 --> 00:13:30,770 but if you see colons, it's usually just fine. 319 00:13:30,770 --> 00:13:33,290 That is the non-canonical format. 320 00:13:33,290 --> 00:13:34,359 Bridges and Switches. 321 00:13:34,359 --> 00:13:36,450 Switches create a broadcast domain 322 00:13:36,450 --> 00:13:39,278 from a collection of individual LAN segments. 323 00:13:39,278 --> 00:13:40,359 What does that mean? 324 00:13:40,359 --> 00:13:42,304 You have Collision Domains. 325 00:13:42,304 --> 00:13:43,896 These are where you would normally have 326 00:13:43,896 --> 00:13:46,446 your listening as you send. 327 00:13:46,446 --> 00:13:48,144 Switches actually break that up. 328 00:13:48,144 --> 00:13:50,744 In the case of a Switch, you could send 329 00:13:50,744 --> 00:13:52,376 and receive at the same time. 330 00:13:52,376 --> 00:13:54,424 They call this Full Duplex. 331 00:13:54,424 --> 00:13:56,166 What Switches do is they learn, 332 00:13:56,166 --> 00:13:59,204 filter and forward frames based on the source 333 00:13:59,204 --> 00:14:01,846 and destination Mac Address. 334 00:14:01,846 --> 00:14:04,424 Switches themselves can be internally partitioned 335 00:14:04,424 --> 00:14:06,675 using Virtual LANs or VLANs. 336 00:14:06,675 --> 00:14:08,382 These can be carried externally 337 00:14:08,382 --> 00:14:11,984 outside the switch using 802.1Q tagging. 338 00:14:11,984 --> 00:14:14,958 They call this tagging frames or tagged frames. 339 00:14:14,958 --> 00:14:16,970 Cisco sometimes calls these "Trunks". 340 00:14:16,970 --> 00:14:19,751 If you've ever heard of a trunk going between two Switches, 341 00:14:19,751 --> 00:14:22,573 you'll know that you have multiple VLANs 342 00:14:22,573 --> 00:14:25,733 that are being carried across that individual LAN segment. 343 00:14:25,733 --> 00:14:30,511 If you have a frame that's coming in on, let's say VLAN10, 344 00:14:30,511 --> 00:14:33,911 you can have a tag that goes out across that trunk saying 345 00:14:33,911 --> 00:14:35,932 "This is actually for VLAN10." 346 00:14:35,932 --> 00:14:39,271 So then the receiving Switch sees that tag, 347 00:14:39,271 --> 00:14:42,493 it will know that it needs to go only to VLAN10 348 00:14:42,493 --> 00:14:46,259 and not to any other VLANs that are on the switch. 349 00:14:46,259 --> 00:14:49,482 Keep in mind also that some Switches are routers as well. 350 00:14:49,482 --> 00:14:52,741 In this example, I'm using just Switching 351 00:14:52,741 --> 00:14:54,322 based on Layer Two. 352 00:14:54,322 --> 00:14:58,173 But some devices can do Switching at Layer Three. 353 00:14:58,173 --> 00:14:59,781 In those cases, they are routers. 354 00:14:59,781 --> 00:15:01,911 They do Layer Three routing. 355 00:15:01,911 --> 00:15:05,391 They have a routing protocol that they may speak. 356 00:15:05,391 --> 00:15:07,642 To learn routes we'll get into routers 357 00:15:07,642 --> 00:15:09,475 a little bit later on.