Background: Know: Recognize: Prerequisites - Link layer addresses, IP address, DHCP, promiscuous mode, Wireshark

Anticipates: inventory management (configuration management)




Addresses and filteringEdit

1. Addresses:

  • Link layer addresses (MAC addresses) which contains 48 bits (6 bytes) is layer 2 address of a device in the network. The MAC address is typically unique through the network (with minor exceptions, e.g. VRRP ). So equipment can be identified or managed by this address. This can bootstrap the management process: devices may be designed to obtain an IP address through DHCP, but NetOp can identify them in network through link layer address.

  • The following figure describes how 48bits are divided into groups (source: Wikipedia):

- The first three octets (high-order 24 bits) is assigned by the IEEE to an organisation and known as the Organizationally Unique Identifier (OUI).
- The b1 bit is the Individual/Group (I/G) bit. When its value is 0, the addresses is unicast address. When its value is 1, it represents a broadcast or multicast address.

- The b2 bit is the G/L (Global/Local) bit. When its value is 0, the address represents a globally administered address. When the bit is 1, it is locally governed address.

- For example, if the MAC address of a device is 8C-A9-82-41-0B-0C, the first octet is 8C (hexadecimal) can be represented in binary sequence by 10001100. In this case, the I/G bit =0 and G/L =0, so this is the unicast address and it is globally administered.

- The low-order 24bits of Link layer addresses is assigned by manufacturer to its devices.

2. Filtering:

Network node can receive or eliminate a frame based on frame's destination MAC address.

If destination address of a frame matches the address of the node, the frame will be received and transferred to upper (network) layer for next processing step. Other, it will be terminated.

However, if nodes operate in "promiscuous mode", such information which is useful for sniffing will be capture regardless destinations. For example, using Wireshark to capture all packets for analyzing purpose.

See alsoEdit

Corresponding TELE9752 lecture slide