1 / 41

Ethernet Network Analysis and Troubleshooting

Ethernet Network Analysis and Troubleshooting. Housekeeping. Call the office Net Down!!!. BREAKS. LUNCH. TELEPHONES. BEEPERS IN SILENT MODE. CELL PHONES IN SILENT MODE. REST ROOMS. EMERGENCY INFORMATION. ?. QUESTIONS. Use Your Trace File CD for the exercises in this class.

plattl
Download Presentation

Ethernet Network Analysis and Troubleshooting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. EthernetNetwork Analysis and Troubleshooting

  2. Housekeeping Call the office Net Down!!! BREAKS LUNCH TELEPHONES BEEPERS IN SILENT MODE CELL PHONES IN SILENT MODE REST ROOMS EMERGENCY INFORMATION ? QUESTIONS

  3. Use Your Trace File CD for the exercises in this class Thank You!

  4. Sniffer University's Total Network Visibility Curriculum • Interconnection Concepts & Troubleshooting • Microsoft Windows NT & Windows 2000 Network Analysis & Troubleshooting • TCP/IP Applications: Concepts & Troubleshooting • TCP/IP Network Analysis & Troubleshooting • ATM Network Analysis & Troubleshooting  • WAN Analysis & Troubleshooting • Token Ring Network Analysis & Troubleshooting • Ethernet Network Analysis & Troubleshooting • Implementing Distributed Sniffer System / RMON Pro • Troubleshooting with the Sniffer Pro Network Analyzer • Sniffer Pro for DOS Sniffer Experts Upper-Layer Technologies Network Interfaces Tools & Systems

  5. Table of Contents • Course Overview Page 1-7 Day 1 • Ethernet Frame Formats Page 1-18 • Ethernet Sniffer Pro Hardware Page 2-1 • Ethernet Physical and Data Link Layers Page 3-1 • 10BASE5 and 10BASE2 Page 3-26 • Timing Specifications Page 3-32 • Troubleshooting Tips Page 4-1 • Ethernet Bridging and Switching Concepts Page 5-1 Day 2 • Bridges Page 5-3 • Switches Page 5-15 • VLAN Tagging Page 5-27 • 100 Mbps Fast Ethernet Page 6-1 • Full Duplex Ethernet Page 7-1 • Gigabit Ethernet Page 8-1 • Optional Technologies - LLC and Coax Page 9-1 • Glossary of Terms Page 9-41 • Student Exercises Page 10-1

  6. CourseOverview

  7. Course Objectives • Discuss the details of the Ethernet (802.3) specification • Effectively use the Sniffer Pro analyzer to manage and troubleshoot Ethernet LANs • Use practical hands-on troubleshooting methods and partner with the Network Associates Sniffer Pro Network Analyzer in Ethernet environments Upon completion of the course, you will be able to:

  8. Prerequisites • Basic LAN knowledge and experience using the Sniffer Pro Analyzer • TNV-101-GUI: Troubleshooting with the Sniffer Pro Network Analyzer or • TNV-112-GUI: Sniffer Pro for DOS Sniffer Experts

  9. OSI Functional Protocol Layers Ethernet Layers • The Session, Presentation, and Application layers are not clearly differentiated in most network protocols • The Transport layer provides for communications between programs • The Network layer provides for communications between devices The Data Link layer provides for communications between electrical end-points (network interface cards) The Physical layer provides the conductive path that includes media, connectors, electrical or optical signaling levels and coding characteristics

  10. IEEE 802 Standards 802.2 – Logical Link Control (LLC) describes peer-to-peer procedures for the transfer of information and control between any pair of Service Access Points on any 802.X LAN 802.10 LAN/MAN Security 802.1B – LAN/MAN Management 802.1D – MAC Bridging 802.1E – System Load Protocol 802.1F – Common Definitions & procedures 802.1G – Remote Media Access Control Bridging 802.1H – MAC Bridging of Ethernet in V2.0 in LANs Data Link Layer Physical Layer 802.3 CSMA/CD Medium Access 802.4 Token Passing Medium Access over bus 802.5 Token Passing Medium Access over ring 802.6 Dristrib-uted Queue Dual Bus Medium Access 802.9 Integra-ted Services at Medium Access 802.11 Wireless Medium Access 802.12 Demand Priority Medium Access Physical Layer Physical Layer Physical Layer Physical Layer Physical Layer Physical Layer Physical Layer

  11. Major IEEE Ethernet Standards 802.3 1985 Carrier Sense Multiple Access with Collision Detection (Original Ethernet Specification) 802.3u 1995 Media Access Control (MAC) Parameters, Physical Layer, Medium Attachment Units and Repeater for 100 Mb/s Operation, Type 100BASE-T 802.3x 1997 Specification for Full Duplex Operation 802.3z 1998 Media Access Control Parameters, Physical Layers, Repeater and Management Parameters for 1000 Mb/s (Gigabit) Operation 802.3ab1999 Physical Layer parameters for 1000 Mb/s Operation over 4-Pair Cat 5 Balanced Copper Cabling, Type 1000BASE-T 802.3ac 1998 Carrier Sense Multiple Access with Collision Detection (CSMA/CD) frame extensions for Virtual Bridged Local Area Networks (VLAN) tagging on 802.3 networks 802.3ad 2000 Carrier Sense Multiple access with Collision Detection (CSMA/CD) access method and physical layer specification- Aggregation of Multiple Link Segments (Parallel Point-to-Point link segments)

  12. Ethernet Evolution 1972 1982 1983 1985 1990 1993 1995 1996 1997 1998 2000 Work on Ethernet begins at Xerox PARC Novell NetWare Proprietary Frame 10Base-T Fast Ethernet (802.3u) Full Duplex (802.3x) Terabit stds in process Gigabit standard (802.3z) VLANs Ethernet Switching Gigabit Ethernet proposed. Switch sales exceed shared hubs V2 Ethernet Spec completed by DEC, Intel and Xerox IEEE 802.3 Design Goals: 1. Definition simplicity 2. Efficient use of shared resources 3. Ease of reconfiguration and maintenance 4. Compatibility 5. Low cost

  13. Media Evolution Thick Coax Thin Coax Twisted Pair Optical Fiber DB15 Connectors attaches to External transceiver with AUI cable RJ45 Connectors RJ45 Connectors BNC Connectors with T connectors & Twinax..

  14. Media Access Evolution Hub or Concentrator Dedicated RX/TX lines Shared media half-duplex with collisions Shared media half-duplex with collisions Switch Switch Dedicated RX/TX lines Dedicated media full-duplex without carrier sense or collision detection Dedicated RX/TX lines Dedicated media half-duplex with carrier sense and collision detection - (collisions avoided)

  15. Summary of Ethernet Features • Uses Carrier Sense Multiple Access/Collision Detection (CSMA/CD) for its media access control • Switches and faster technologies avoid collisions with dedicated and/or full-duplex connections • Original specifications defined as a bus technology • Usually installed as a star topology today • Variable size frames • Best effort delivery • Various data encoding techniques are used

  16. Digital Signal Encoding 0 1 0 0 1 1 TTL Manchester (10 Mbps Ethernet) Differential Manchester (Token Ring) • TTL is used on circuit boards • Manchester Encoding is used in 10 Mb/s Ethernet/802.3 • Differential Manchester Encoding is used by Token Ring/802.5 • Faster Technologies use different encoding schemes Bit Cell Bit Cell Bit Cell Bit Cell Bit Cell Bit Cell Bit Cell Boundaries

  17. Ethernet Frame Formats

  18. Section Objectives • Upon completion of this section, you will be able to: • Describe protocol concepts • Differentiate between Ethernet Frame Formats • Recognize network configuration issues with different frame formats • Identify frame format incompatibilities

  19. Ethernet Frame Formats Version 2 Ethertype Ethertype Novell Raw 802.3 length but no LLC header 802.3 802.3 802.3 length and LLC header 802.3 802.3 SNAP SAP = AA, then SNAP Header 802.3 Frame Type Detail Window Label Expert DLC Label

  20. Ethernet Version 2 Frame Preamble Dest Source Type Data CRC • Preamble: 64 bits (8 bytes) of synchronization • Destination: (6 bytes) address of destination node • Source: (6 bytes) address of source node • Type: (2 bytes) specifies upper-layer protocol • Data: Data link layer views all information handed to it by higher layers as data, whether it is protocol information or user data • CRC: Cyclic Redundancy Check Frame Check Sequence (FCS), or checksum value 6 2 46 - 1500 8 6 4 1010...10101011 Sniffer Pro Capture Range

  21. Ethernet Version 2 Data Link Layer Network Layer • Pre-dates IEEE specs • Identifies the hardware address of the adapters for both receiving and sending stations • Identifies the receiving process with a two byte Type field in the DLC header • Requires the Network Layer to ensure a minimum packet size of 46 bytes of data • Only provides connectionless services Data Link Control Layer Physical Layer Non-IEEE Networks (e.g., Ethernet, ARCNET, Local Talk)

  22. Novell NetWare 802.3 “Raw” Frame • Preamble: 64 bits (8 bytes) of synchronization • Destination: (6 bytes) address of destination node • Source: (6 bytes) address of source node • Length: (2 bytes) specifies the number of bytes (46-1500) in the data field • Data: IPX Header starting with 2 bytes checksum (usually FFFF) followed by NetWare higher layers (‘data’) • CRC: Cyclic Redundancy Check Frame Check Sequence (FCS), or checksum value CRC Preamble Dest Source Length Data 4 8 6 6 2 FFFF 1010...10101011 Sniffer Pro Capture Range

  23. 802.3 “Raw” Data Link Layer Network Layer • Only uses the bottom half of the DLC Layer • MAC layer contains hardware addresses of destination and sending stations • Uses a two byte length identifier • Does not use LLC • Specified while IEEE was formulating 802.3 specs • MAC Layer ensures minimum frame length Data Link Layer Media Access Control Sublayer Physical Layer IEEE Networks (e.g., 1BASE5, 802.3, 802.5)

  24. IEEE 802.3 Frame Logical Link Control (LLC) 802.2 Preamble DA SA Length DSAP SSAP Control Data +Pad CRC SFD • Preamble: 56 bits (7 bytes) of synchronization • SFD: (1 byte) start frame delimiter (transition from synch to DA) • DA: (6 bytes) Destination Address: address of destination node • SA: (6 bytes) Source Address: address of source node • Length: (2 bytes) specifies the number of bytes (3-1500) in the LLC and data fields • DSAP: (1 byte) Destination Service Access Point; receiving process at destination • SSAP: (1 byte) Source Service Access Point; sending process in source • Control: (1 byte) Various control information (2 bytes for connection-oriented LLC) • Data/Pad: The upper-layer protocol information, if any. The MAC layer pads the field to ensure overall 64-byte minimum frame size requirement • CRC: Cyclic Redundancy Check Frame Check Sequence (FCS), or checksum value 7 6 6 2 4 1 1 1 or 2 42 - 1497 1 1010...10101011 Sniffer ProCapture Range

  25. IEEE 802.3 Data Link Layer Network Layer • Splits the DLC layer into two distinct sublayers • MAC layer contains hardware addresses of destination and sending stations • Provides LLC services • Receiving and sending processes identified by SAP addressing • Accommodates both connectionless and connection oriented implementations • Provides for the use of SNAP • MAC Layer ensures minimum frame length Logical Link Control Sublayer Data Link Layer Media Access Control Sublayer Physical Layer IEEE Networks (e.g., 1BASE5, 802.3, 802.5)

  26. IEEE 802.3 SNAP Frame Logical Link SNAP Header Control (LLC) 802.2 SFD Preamble DA SA Length Control CRC Type • Preamble: 56 bits (7 bytes) of synchronization • SFD: (1 byte) start frame delimiter • DA: (6 bytes) Destination Address: address of destination node • SA: (6 bytes) Source Address: address of source node • Length: (2 bytes) specifies the number of bytes (3-1500) in the LLC and data fields • DSAP: (1 byte) Destination Service Access Point; receiving process at destination • SSAP: (1 byte) Source Service Access Point; sending process in source • Control: (1 byte) Various control information • SNAP: (5 bytes) First three bytes identify the vendor. Last two bytes identify the protocol • Data: The data link layer views all information handed to it by higher layers as data, whether it is protocol information or user data • Pad: Pads frame to minimum of 46 bytes total for the data and LLC (so collisions can be detected) • CRC: Cyclic Redundancy Check Frame Check Sequence (FCS), or checksum value 7 1 6 6 2 4 AA AA 1 3 2 38 - 1492 DSAP SSAP Vndr Code Data +Pad 1010...10101011 Sniffer Pro Capture Range

  27. IEEE 802.3 SNAP Data Link Layer Network Layer SNAP • SNAP (Sub-Network Access Protocol) • SNAP is a sub-set of LLC • Allows Protocols without an assigned IEEE SAP to implement an IEEE compliant MAC layer • Provides for an additional 5 byte header to specify the receiving process (three bytes identify the vendor and two bytes identify the protocol) • MAC layer contains hardware addresses of destination and sending stations • MAC Layer ensures minimum frame length LLC Data Link Layer Media Access Control Sublayer Physical Layer IEEE Networks (e.g., 1BASE5, 802.3, 802.5)

  28. IEEE Ethernet Frame Evolution X Length/Type • Version 2 was historically not an IEEE recognized frame • As of 1997, it is a part of the Ethernet frame formats • The field formerly called the “length” field by IEEE is now labeled “length/type” field • This provides backward compatibility for version 2 • 0-1500 = Length • 1536 - 65,535 = Type • 1501-1535 reserved Preamble DA SA Length DSAP SSAP Control Data +Pad CRC SFD 2 7 6 6 4 1 1 1 or 2 42 - 1497 1 +

  29. Ethertypes and SAPs E-Type Value NetWare 8137 XNS 0600, 0807 IP 0800 IP (VINES) 0BAD, 80C4 ARP 0806 RARP 8035 DRP 6003 LAT 6004 LAVC 6007 ARP (ATalk) 80F3 • SAP Value • NetWare E0 • XNS 80 • NetBIOS F0 • IP 06 • BPDU 42 • SNA 04, 05, 08, 0C • X.25 7E • ISO 20, 34, EC, • FE, 14, 54 • SNAP AA

  30. Determining Ethernet Frame Types Start here Observe the hex value of the field following the DLC source address You have just determined that the frame is an Ethernet version 2 frame STOP Look at the Ethertype values to determine what ULP the frame is carrying YES Is the value of the field greater than Ø5DC hex? NO Look at the 2 bytes atoffset ØE STOP You have just determined that the frame is a Novell 802.3 raw frame YES NO Are the 2 bytes equal to FF FF hex? STOP You have just determined that the frame is an 802.3 SNAP frame Look at the Ethertype values to determine what ULP the frame is carrying YES Are the 2 bytes at offset ØE equal to AA AA hex? NO You have just determined that the frame is a standard 802.3 frame Look at the SAP values to determine what ULP the frame is carrying STOP +3

  31. Expert Shows Frame Types • The DLC Layer Objects show the frame types received and transmitted • Shows only as Ethertype or 802.3

  32. Examine the DLC Details 802.3 Frame Version 2 Frame

  33. Examine the DLC Details NetWare “Raw” Frame SNAP Frame

  34. Sniffer Pro Filter Elimination Patterns • To filter Version 2, use the Ethertype • To filter 802.3, use the SAP • To filter NetWare, use the FFFF checksum bytes • If the checksum is in use, use the IPX Packet Type (but be careful, because a one-byte pattern match may be ambiguous) • To filter SNAP, use DSAP and SSAP equal to AA • By determining what frame formats are in use on the network, you can make sure no incompatibilities exist

  35. So How Does This Matter? • Devices using different frame formats will not be able to communicate directly • They must send their frames to a translating bridge or router which converts and forwards the frames • This creates a local router situation which doubles the traffic • Devices configured with multiple unnecessary frame formats load the network • NetWare servers RIP and SAP for each frame type • Upper Layer Protocols expect a certain frame type and may not be able to communicate if the wrong frame type is in use

  36. Exercise: Which Frames Are on the Network? Turn to the lab section to complete this exercise

  37. If • you have no questions about the previous exercise • then • continue with the next exercise • or • if you need a demonstration or explanation • ask your instructor to help you now

  38. Exercise: A Surprise at 23:00 Turn to the lab section to complete this exercise

  39. Summary In this section, you learned how to: • Differentiate between Ethernet Frame Formats • Ethernet Version 2 • Novell 1983 proprietary frame format • IEEE 802.3 • IEEE 802.3 SNAP • Recognize network configuration issues with different frame formats • Identify frame format incompatibilities

More Related