Terms in this set (120)
Over the years, a number of protocols, standards, and products have been developed to cover technologies working at the physical and data link layers of the OSI model.
Perhaps the most important of these are IEEE 802 standards, published by the LAN/MAN Standards Committee of the Institute of Electrical and Electronics Engineers (IEEE)
There are a number of seperate working groups within the LAN/MAN Standards Committee developing different standards,
These are collectively known as 802.x. The most important of the working groups are listed below.
IEEE 802.2 (Logical Link Control)
IEEE 802.3 (Ethernet)
IEEE 802.2 (Logical Link Control)
The IEEE 802 standards subdivide the OSI data link layer into two sub-layers. The Logical Link Control (LLC) sub-layer is used with other 802 protocols, such as 802.3 and 802.11,
which are conceived as operating at a Media Access Control (MAC) sub-layer and the physical (PHY) layer.
The LLC protocol provides error control, flow control, and a standard network layer service interface regardless of lower level protocols.
IEEE 802.3 (Ethernet)
The IEEE 802.3 standard is based on the Ethernet networking product, developed by the DIX consortium (Digital Equipment Corporation [DEC], Intel, and Xerox).
While the product name is not used in the IEEE 802.3 standards documentation, it it otherwise universally referred to as Ethernet. Ethernet is now the only widely supported standard for cabled LANs.
IEEE 802.3 describes functions operating at the Media Access Control (MAC) sub-layer (principally frame format, contention, and addressing) and the physical layer (signaling and media specifications).
The original standard has been subject to a number of revisions, describing different signaling and media specifications.
Transmission media are the physical paths through which electromagnetic signals travel to allow nodes to communicate with one another. The electromagnetic signals used include electrical, radio, microwave, infrared, and visible light.
The transmission media used for a network can be classified as cabled or wireless:
a physical signal conductor is provided between two networked devices (for example, cable types such as twisted pair or fiber optic).
uses free space between networked devices (no signal conductor), such as microwave or radio links.
Both categories of media may be used in
LAN or WAN enviroments.
A signal can be either
analog or digital
The analog signal is characterized by a continually changing wave, while the digital signal has discrete states; digital signals are transmitted as a series of pulses.
When used for computer networking, both types of signa can be used to represent binary information (that is, when the only calues transmitted are 1s and 0s).
Digital signaling is obviously better suited to transmitting this type of data as it is easier to convert from the data to the signal and back again and conversion process suffers fewer errors from noise and interference.
The IEEE 802.3 and IEEE 802.11 standards both use digital signaling as do most current WAN protocols.
Analog signaling is used by computer modems
connecting over the telephone network.
"Bandwidth" has two distinct meanings.
The bandwidth of transmission media is the range of frequencies supported, measured in hertz (or more typically mega- or gigahertz [MHz/GHz])
There are two way of allocating bandwidth in a transmission media:
uses the complete bandwidth of the media as a single transmission path. LAN signaling normally uses this transmission method and it is also more reliable than the broadband method.
can divide the available media bandwidth into a number of transmission paths (or channels). WAN signalling generally uses this form of transmission. Multiplexing allows each channel to use a different range of frequencies or time slots.
The term "bandwidth" is also used to describe the amount of data that can be transferred through the media in a given amount of time (also referred to as bit rate or speed). For example, most Ethernet networks have a bandwidth of either 100 Megabits per second (Mbps) or 1000 Mbps (1 Gbps).
In the sense, the term "broadband" has also come to mean "high bandwidth" when speaking of WAN links.
Signaling speed is the rate at which information is sent over the media, measure in MHz (millions of clock cycles per second). If one bit of data can be sent per clock cycle then a signaling speed of 10 MHz: allows:
1 bit/cycle x 10,000,000 cycles/second = 10 Mbps
Different media are capable of handling different clock speeds.
When the upper signaling limit of a particular media is reached, the only means of increasing the data rate farther is to use a better encoding method.
Most networks use some form of digital signaling system. An encoding scheme (or line code) is applied to convert the binary data into representative electromagnetic signals. A symbol is some property of the signaling system that can be used to represent a value. One of the critical
problems of encoding digital signals is that of bit timing. The receiving computer must measure the signal at precise intervals to ensure that the values registered accurately represent the signal transmitted. A variety of methods are employed to ensure the signal is received without errors.
Each type of media can consistently support a given data rate only over a defined distance.
Some media support higher data rates over longer distances than others. Attenuation and noise affect the maximum supported distance of a particular media type.
Attenuation is the progressive loss of signal strength, measured in decibels (dB). it has different causes depending on the type of media but generally speaking attenuation is increased by using faster signaling and by poor quality media.
Noise is anything that gets transmitted within or close to the media that isn't the intended signal. This serves to make the signal itself difficult to distinguish. This causes errors in data, forcing it to be transmitted.
Media Access Control
A network has to be able to share the available communication capacity between the various devices that use it.
This means that networks need ways of determining when devices are allowed to communicate and to deal with possible problems, such as two devices attempting to communicate simultaneously.
Media Access Control (MAC)
is the methodology used to determine when devices are allowed to communicate using the network.
In a contention-based system, each network device within the same collision domain competes with the other connected devices for use of the transmission media. -When two devices transmit at the same time, the signals are said to collide and neither signal can reach its destination.
This means that they must be re-sent, reducing available bandwidth. The collisions become more frequent (geometrically) as more devices are added to the network and consequently the effective data rate (or throughput) reduces too.
To reduce collisions, protocols ensure devices listen to the media before transmitting and only transmit if the media is clear.
A device wanting to transmit, but detecting activity, must wait and try later.
These contention protocols are called Carrier Sense Multiple Access (CSMA) protocols:
detect activity on the media
multiple devices using the same media.
Use of these protocols enforces limitation on the minimum and maximum lengths of cable that can be used and the size of packets transmitted. Each packets must fill the cable segment before the end of transmission is reached
or a packet could be sent and involved in a collision and lost without the send node being aware of it.
There are two types of CSMA protocols: CSMA/CD - with collision detection - and CSMA/CA - with collision avoidance.
CSMA/CD - with collision detection
Ethernet's CSMA/CD protocol defines methods for detecting a collision on different types of media. In most cases this is when a signal is present on the adapter's transmit and receive lines simultaneously.
On detecting a collision, the adapter broadcasts a jam signal. Each node that was attempting to use the media then waits for a "random" period (backoff) before attempting to transmit again.
CSMA/CA - with collision avoidance
The CSMA/CA protocols use schemes such as time-sliced accessing or requests to send data to gain access to the media. This reduces the number of collisions but adds overhead in terms of extra control signaling. The IEEE 802.11 Wi-Fi standards uses CSMA/CA
Contention-based access methods do not scale to large number of nodes within the same collision domain. This problem is overcome by using switches as intranetworking devices. A switch establishes a "temporary circuit: between two nodes that are exchanging messages.
Using a switch means that each port is in a separate collision domain. This means that collision can only occur if the device attached to the port is operating in half duplex mode and that the collisions affect only that port.
Older hub-based networks operate half duplex transmissions. This means that a device (node) can transmit or receive, but cannot do both at the same time.
Newer network devices, such as switches, allow for full duplex transmissions, where a device can transmit and receive simultaneously.
Bonding refers to aggregating multiple links into a single high-speed connection.
For example, a single network adapter and cable segment might support 1 Gbps; bonding this with another adapter and cable segment gives a link of 2 Gbps (adapter teaming).
Bonding also proves redundancy; if one link is broken the connection is still maintained by the other (fail over).
It is also often cost-effective; a 4-port Gigabit Ethernet card might not match the bandwidth of a 10G port (4 Gbps compared to 10 Gbps) but it will cost considerably less. Bonding is governed by the Link Aggregation Control Protocol (LACP [IEEE 802.3ad/ 802.1ax])
When transmitting signals, it is useful to have a mechanism to transmit the same signal 10 times to each node in turn wastes bandwidth. Broadcast traffic refers to signals sent to all nodes within the same area (refereed to as a broadcast domain).
Conversely, signals intended for receipt by a single node are called unicast. Broadcast traffic introduces efficiencies in some circumstances but inefficiencies in others.
If the broadcast domain is very large, the amount of broadcast traffic will be correspondingly great and consume a disproportionate amount of bandwidth.
This becomes an important factor in designing a network that works efficiently.
Many technologies have been developed to enable LANs using different media and media access methods and subsequently fallen by the wayside. Ethernet is the "last man standing". Ethernet supports a variety of media options and is based upon inexpensive equipment.
It was created in the 1960s at the University of Hawaii and its ALOHA network and was first used commercially by DEC, Intel, and Xerox (DIX) in the late 1970s. It was standardized by IEEE as 802.3 in 1983.
Ethernet uses a logical bus topology wired as a star topology, baseband signaling,
and the CSMA/CD method for media access control.
The preamble is used for clock synchronization.
It consists of 8 bytes of alternating 1s and 0s with two consecutive 1s at the end. this is not technically considered to be part of the frame.
The destination and source address fields contain the MAC addresses of receiving and sending nodes.
Ethernet network adapaters have a unique hardware or physical address known as the Media Access Control (MAC) address. A MAC address consists of 48 binary digits (6 bytes)
Frame Length and Payload
The official 802.3 standard defines a 2-byte length field to specify the size of the data field (also called the payload).
This payload can normally be between 46 and 1500 bytes. The upper limit of the payload is also referred to as the Maximum Transmission Unit (MTU).
However, most Ethernet products follow the original DIX specification (referred to as Type 2 frames) and use the field to indicate the type of network layer protocol contained in the frame (IP or IPX for instance).
These Ethertypes are values of 1536 or greater (anything less than that is interpreted as the data length). For example, IPv4 is coded as the hex value 0800 (or 2048 in decimal) while IPv6 is 86DD.
802.3 Ethernet frames use a Logical Link Control (LLC) header to identify the protocol type. It can be further extended with a Subnetwork Access Protocol (SNAP) field to specify proprietary protocols.
These headers take up part of the space normally reserved for data (reducing it to up to 1492 bytes). Consequently these frame types are not widely used.
The maximum size of any type of Ethernet frame is normally 1518 bytes (excluding the preamble).
However, the 802.3ac standard specificies the use of a 4-byte tag inserted between the source address and length fields designed to identify the VLAN to which the frame belongs, making the maximum allowable frame size 1522 bytes.
To comply with CSMA/CD, the minimum length of an Ethernet frame is 64 bytes so the payload must be at least 46 bytes (if this is not the case it is automatically padded with redundant data).
Some Gigabit Ethernet products support jumbo frames with much larger MTUs. Such products are not standardized however making interoperatbility between different vendors problematic.
The error checking field contains a 4-byte (32-bit) checksum called a Cyclic Redundancy Check (CRC) or Frame Check Sequence. The CRC is calculated based on the contents of the frame; the receiving node performs the same calculations and, if it matches, accepts the frame.
There is no mechanism for retransmission if damage is detected nor is the CRC completely accurate at detecting damage; these are functions of error checking in protocols operating at higher layers.
Ethernet Media Specifications
Ethernet media specifications are named using a three-part convention. this describes:
The data rate (Mbps).
The signal mode (baseband or broadband).
A designator for the media type.
(For example, 10BASE-T denotes an implementation that works at 10Mbps, uses a baseband signal, and uses twisted-pair cabling.)
10BASE-T network systems use 4-pair unshielded or shielded twisted-pair copper wire cabling. A pair consists of two insulated wires wrapped around one another.
One pair is used to transmit, one pair to receive, while the other two pairs reduce crosstalk and interference.
10BASE-T networks are physically wired as a star. Each segment consists of a host and the hub or switch. The logical topology is a bus:
-When a hub is used the transmission media are shared between all nodes as all communications are repeated to each port on the hub (point-to-multipoint).
-When a switch is used, a temporary virtual circuit is created between each host utilizing the full bandwidth available (point-to-point).
With compatible network adapters and switches, 10BASE-T
also supports full duplex operation (hub-based Ethernet support half-duplex only).
The Ethernet specification imposes certain restrictions regarding the network design :
Maximum segment cable length 100m (328 feet)
Minimum cable length 0.5m(1.5 feet)
Maximum segments 1024
Maximum hubs between nodes 4
When it came to update the original Ethernet standard, the IEEE 802.3 committee decided on a approach that ensured backward compatibility.
Its discussions resulted in the 802.3u specification, with is know as Fast Ethernet.
Fast Ethernet is based on the same CSMA/CD protocols that define traditional Ethernet but reduces the duration of time each bit is transmitted by a factor of ten by using higher frequency signals and improved encoding methods.
This raises the packet speed from 10 Mbps to 100 Mbps.
Data can move between Ethernet and Fast Ethernet devices without requiring protocol translation, as Fast Ethernet maintains the old error control functions, frame format, and length.
Fast Ethernet can use twisted pair of fiber optic cable.
Fast Ethernet allows only one or two hubs, though this does not apply if the hubs are stacked using a proprietary backplane (the stack counts as one device). The standards documentation also defines two classes of hubs;
Class 1 hubs are used to connect different media (twisted-pair and fiber optic for instance) and only one device per network is allowed if this type of hub is used. In mose moden networks however the restriction is overcome by using switches in place of hubs.
Fast Ethernet also introduced an autonegotiation protocol to allow devices to choose
the highest supported connection parameters (10 or 100 Mbps and half- or full duplex).
10BASE-T Ethernet specifies that a node should transmit regular electrical pulses when it is not transmitting data to confirm the viability of the link (link Integrity Test).
Fast Ethernet codes a 16-bit data packet into this signal advertising its service capablilities (speed and half- or full- duplex). This is called a Fast Link Pulse.
Fast Link Pulse is backwards-compatible with 10BASE-t but not mandatory, as it is under Gigabit Ethernet and later.
A node that does not support autonegotiation can be detected by one that does and sent ordinary link integrity test signals (or Normal Link Pules).
Gigabit Ethernet builds on the standards defined for Ethernet and Fast Ethernet.
The speeds that can be utilized are 10 times faster than with Fast Ethernet.
In June 1998, the IEEE approved the Gigabit Ethernet standard over fiber (LX and SX) and shielded copper (CX) as IEEE 802.3z. The various fiber standards are collectively known as 1000BASE-X.
The following year, the IEEE approved 1000BASE-T, a standard utilizing Cat 5e or Cat 6 copper wiring. This is defined in IEEE 802.3ab.
The STP referred to above is a special type of shielded copper cable using DB-9 connectors rather than the familiar RJ-45.
Consequently 1000BASE-CX was not widely deployed.
Vendors often guarantee longer (10km) operation; this is sometimes referred to as 1000BASE-LH.
There is also a non-standard 70 km specification (1000BASE-ZX) operating with long wavelength lasers (1550 nm) over SMF.
In terms of network design, Gigabit Ethernet is implemented using switches,
so only the restrictions on cable length apply.
10G Ethernet multiplies the nominal speed of Gigabit Ethernet by a factor of 10.
10G is not deployed in many office networks however as the cost of equipment (10G network apadters and switches) is high.
The major applications of 10G Ethernet are:
Increasing bandwidth for server interconnections and network backbones (especially data centers and Storage Area Networks [SAN]).
Replacing existing switched public data networks based on proprietary technologies with simpler Ethernet switches (metro Ethernet).
10G Ethernet is standardized under a number of publications with letter designations (start with 802.3ae),
which are periodically collated (the current one being IEEE 802.3-2008).
10G works only with switches in full duplex mode.
The 10GBASE-"R" standards all have WAN specifications (10GBASE-SW, 10GBASE-LW, and 10GBASE-EW) that allow interoperability with existing SONET infrastructure.
Each Ethernet network adapter has a unique hardware address known as the Media Access Control (MAC) address. This may also be referred to as the Ethernet Address (EA) or (in IEEE terminology) the Extended Unique Identifier (EUI).
The IEEE deprecates use of the term "MAC address" as interfaces are increasingly likely not to be tied to a particular hardware adapter.
MAC Address Format
A MAC address typically consists of 48 binary digits (6 bytes). The format of the number differs depending on the system architecture.
An Ethernet card address is often displayed as 12 digits of hexadecimal with colon or hyphen separators or no separators at all (for example, 00:60:8c:12:3a:bc or 00608c123abc)
The IEEE gives each card manufacturer a range of numbers and they hard code every card produced with a unique muber from their range. This is called the "Burned In Address".
The first six hex digits (3 bytes or octets) represent the manufacturer (the Organizationally Unique Identifier [OUI]); the last six digits are a serial number.
An organization can decide to use locally administered addresses in place of the manufacturers' universal coding systems. This can be used to make MACs meaningful in terms of location on the networks but adds a significant administrative overhead.
A locally administered address is defined by changing the U/L bit from 0 to 1. The rest of the address is configured using the card driver or network management software. It becomes the network administrator's responsibility to ensure that all devices are configured with a unique MAC address.
The I/G bit of an Ethernet MAC address determines whether the frame is addressed to an individual node (0) or a group (1). The latter is used for multicast transmissions.
A MAC address consisting entirely of 1s the broadcast address and received by all nodes within the same broadcast domain.
In the figure following, computer A sends a frame of data to computer B. Computer B recognizes its own MAC address and copies the frame for processing.
Computers C and D ignore the frame, as the destination address does not match their own. This type of communication is know as unicast, as there is a single destination card.
Under certain circumstances, it is necessary for a computer to broadcast data to all computers on the network.
The computer broadcasting the data uses a broadcast address of ff:ff:ff:ff:ff:ff.
Whenever possible, broadcast traffic on a network should be avoided, as every machine on the network must process the broadcast frame.
This processing uses valuable CPU time and can result in the intermittent "freezing" of active applications.
When two machines communicate using TCP/IP, an IP address is used at the network layer to identify each machine. however transmission of data must take place at the physical and data link level, and for this purpose, the physical address of the machine must be used.
The TCP/IP suite includes the Address Resolution Protocol (ARP) to perform the task of resolving an IP address to a hardware address
Local Address Resolution
1) When the IP address has been determined to be a local address, the source host checks its ARP cache for the required hardware address (MAC address) of the destination host.
2) If not present in cache, ARP builds a request, which is then broadcast onto the network.
3)The broadcast is processed by all hosts on the local network (or subnet) but unless the request contains its own IP address, most hosts ignore the request.
Local Address Resolution (Continued)
4)If the target host recognizes its own address, it updates its cache with the MAC address of the source host. It then replies to the source host,
5)The source host receives the reply, updates its cache table, and communication is established.
If the host is on a remote network, then the local host must use a router (or default gateway) to forward the packet.
Therefore, it must determine the MAC address of the gateway using ARP.
Remote Address Resolution
1) The sending host determines the IP address of the default gateway (router). The host then examines its ARP cache for the necessary IP address/MAC address mapping of the gateway.
2) If the mapping for the gateway address is not located, then an ARP request is broadcast for the default gateway's IP address (but NOT the IP address of the remote destination host).
Remote Address Resolution (Continued)
3) Hopefully, the router will respond to the request by returning its hardware address. The sending host then sends the packet to the default gateway to deliver to the remote network and the destination host.
4) At the router, IP determines whether the destination is local or remote. If local, it uses ARP for the address resolution. If remote, it checks its route table for an appropriate gateway to the remote network.
Optimizing Address Resolution
ARP broadcasts can generate considerable traffic on a network , which can reduce performance.
To optimize this process, the results of an ARP broadcast are held in a cache initially. If the entry is used within the timeout period, the entry is held in the cache for a few minutes before it it deleted.
Entries in the ARP cache are
automatically timed out in case a hardware address changes (for example, if a network card is replaced).
The cache is an area reserved in memory that contains the IP address and the associated hardware address. Before an ARP broadcast is performed, the cache is always checked for the correct MAC address.
Broadcasting is reduced further as the host receiving an ARP request always extracts the IP address and hardware address of the source host and places this information in its ARP cache before transmitting an ARP reply.
The arp utility can be used to perform a number of functions related to the ARP cache, such as:
arp -a (or arp -g)
arp -s IPAddressMACAddress
arp -d *
arp -a (or arp -g)
views the ARP cache contents; use with IPAdress to view the ARP cache for the specified interface only.
arp -s IPAddressMACAddress
adds an entry to the ARP cache. Under Windows, MACaddress needs to be entered using hypens between each hex byte.
arp -d *
deletes all entries in the ARP cache; can also be used with IPAddress to delete one entry only.
The Reverse Address Resoltion Protocol resolves an IP address from a given MAC address. As such, it can be seen as a precursor to BOOTP and DHCP.
The component responsible for physically connecting the node to the transmission medium is called a network adapter, network adapter card or Network Interface Card / Controller (NIC).
This device is responsible for moving data from the computer to the network and also from the network to the computer.
The following steps take place when a network card transmits data:
-The data arrives at the The card's driver handles communication between data processed on the card (mostly layer 1 and 2) and the OS's protocol stack (typically layers 3 and up;network card via the computer's I/O bus.
an example being Windows' Winsock implementation of TCP/IP). Card drivers are usually based on one of two standard Application Programming Interfaces (API):
-Network Driver Interface Specification (NDIS)
-Open Data Link Interface (ODI)
-Network Driver Interface Specification (NDIS)
used mostly by Windows
-Open Data Link Interface (ODI)
used mostly by Novell and Apple
The following steps take place when a network card transmits data: (Continued)
-The data is placed in the buffer (memory) where it can be stored if a bottleneck builds up because the network card is unable to process the data quickly enough.
-The transceiver converts the bit stream used by the computer to the required format for the transmission media (for example, electrical, light, or radio).
- The media connector (Media Device Interface[MDI]) physically joins the network card to the transmission media to allow the data to depart.
The other function performed by the network card is to
address data to other network cards and recognize data destined for it.
Features of Network Adapters
There are many models of network adapter designed for different network and computer applications. The following represent the main features differentiating models.
Almost all adapters are now desinged to use Ethernet or Wi-Fi but given that there are still variations:
-Ethernet cards vary in terms of support for speed and media connector (UTP/RJ-45 or fiber optic).
-Wireless cards very in terms of support for specific Wi-Fi standards.
-Combi-cards are common for both types; Ethernet cards that support 10/100/1000 or Wi-Fi cards that support 802.11b/g/n for instance.
Form factor refers to the connection to the motherboard of the computer. The adapter is typically either integrated on the motherboard itself, added as a PCIe / PCI (or legacy ISA) adapter card, or connected as a USB device.
A multi-port card provides 2 or 4 links on a single interface card.
These links can each be configured as a seperate interface (in the normal way) or be teamed (bonded) into a single high-speed channel. Multi-port Gigabit Ethernet cards provide cost-effective performance at 2-4 Gbps compared to 10G technologies.
TCP Offload Engine
Server-class network adapters, especially those designed for Storage Area Networks (SAN), often feature TCP offload functions. These functions shift processing of the TCP network stack from the CPU to a processor (the TCP Offload Engine [TOE]) located on the card itself.
The sorts of operations that can be performed by TOE include:
-Checksum calculation (that is, of TCP and UDP packets; all NICs calculate the checksum of the frame).
-TCP segmentation - breaking a byte stream into packets that fir the MTU (and reassembling them).
-IPsec - performing the encryption calculation and storing keys.
TOE must be supported by the operating system.
While Windows Server 2003 SP1 and later support all the function of TOE, the Linux kernel supports only TCP segmentation offload, so additional software would be required.
Parallelization and Virtualization Support
High performance apadters come with features to support multiple processor cores, multiple traffice queues, and software running within a virtualized enviroment.
Desktop and server Virtualization Technologies (VT) allow a computer to run multiple operating systems simultaneously. This can leverage more performance out of hardware systems (utilization) and make the creation and distrubution of pre-configured server and client images simpler.
Adapter desinged for use in an enterprise enviroment will support an SNMP agent that can report the card status back to a management system.
Pre-boot Executiion Enviroment (PXE) means that a computer can boot from settings stored on a server rather than from disk. The network adapter and computer BIOS must support PXE (network will appear as a bott option in the computer's CMOS setup program).
PXE also supports Wake-on-LAN, which enables a remote administrator to switch on the PC via the network. There must be motherboard support as well as a compatible NIC.
Configuring a Network Adapter
PC hardware devices need to use certatin computer resources to function. These are generally the Interrupt Request Channed (IRQ), Input/output port (I/O port), and memory address.
Each operating system provides a method for instaling and configuring devices.
Generally, this takes place as part of the setup process for the operating system, but it is also possible to add drivers once the system has been installed.
Software configuration- Plug-and-Play compliant cards will install and configure themselves. if necessary, resources can be configured maually using Device Manager (or the equivalent).
For example, in Windows, locate the adapter in Device Manager, alt-click and select Properties, then update settings using the card's driver software.
In Linux you can either use a graphical utility to configure the adapter (YaST for instance) or the command-line tool ifconfig.
Vendor configuration - some older network cards, or network cards in operating systems which do not support Plug-and-Play configuration, will need to be configured using drivers from a vendor supplied utility disk.
A very common problem with older combi-cards is their occasional inability to determine the appropriate edia type - and the installer will have to set the media type (such as, RJ-45) manually.
Hardware configuration- some very old network adapters support configuration via switches and jumpers on the NIC, It is unlikely you will encounter many of these.
You must also configure the card with the appropriate network client software and protocol, including addressing information relevant to the protocol.
Most Ethernet networks use TCP/IP with a DHCP server, which means that the card receives address parameters automatically. In Windows, client and protocol configuration is done through the network adapter's property sheet in Network Connections.
A protocol analyzer (or packet sniffer or network analyzer) performs packet capture and analysis. The analyzer can be implemented on special hardware (as part of a cable tester for instance or installed as software on a PC host. There isn't really much of a distinction between a packet sniffer and protocol analyzer.
You can think of a packet sniffer as something that only captures frames (without decoding, filtering, or analysis) but almost all the tools available have some sort of analysis functionality built-in, making the terms pretty much interchangeable.
Protocol analyzers can decode a captured frame to reveal its contents in a readable format.
You can choose to view a summary of the frame or choose a more detailed view that provides information on the OSI layer, protocol, function and data.
The capabilities of different products vary widely, but in general terms protocol analyzers can perform the following functions:
-Identify the most active computers on the network, which aids in balancing traffic on networks.
-Isolate computers producing erroneous packets and rectify the problem.
-Filter traffic and capture packets meeting certain criteria (capturing traffic to and from a particular device for instance).
-Baselining - the activity on a network is sampled periodically to establish normal levels of activity. The baseline is then used to compare against activity when a problem is suspected or as a basis for network expansion plans.
-Generate frames and transmit them onto the network to test network devices and cabling.
-Monitor bandwidth utilization by hosts, applications, and protocols.
-Trigger alarms when certain network conditions fall outside "normal levels".
Promiscuous Mode and Sniffing Switched Ethernet
By default, a network card only receives packets that are directed to that card (unicast or multicast traffic) or broadcast messages.
Most packet sniffers can make a network adapter work in promiscuous mode, so that it receives all traffic within the Ethernet broadcast domain, whether it is intended for the host machine or not.
While this approach works for a hub, where all traffic is repeated on every port, on a switched network, the switch makes decisions about which port to forward traffic to, based on the destination address and what it knows about the machines connected to each port.
This means that to capture unicast traffic intended for other hosts, the sniffer needs to be connected to a suitable configured spanning port (mirrored port).