Professional Documents
Culture Documents
Ethernet Frame................................................................................................2
ARP Protocol..................................................................................................3
TCP Protocol...................................................................................................4
IP Protocol.......................................................................................................5
UDP.................................................................................................................6
ICMP...............................................................................................................7
NetBIOS..........................................................................................................8
DNS.................................................................................................................9
DHCP............................................................................................................10
Kerberos........................................................................................................13
VLAN............................................................................................................14
VRRP............................................................................................................15
NTP...............................................................................................................16
SITE TO SITE VPN......................................................................................17
1
Ethernet Frame
7 1 6 6 2 46-1500bytes 4
Pre SFD DA SA Length Type Data unit + pad FCS
• Preamble (PRE)- 7 bytes. The PRE is an alternating pattern of ones and zeros
that tells receiving stations that a frame is coming, and that provides a means to
synchronize the frame-reception portions of receiving physical layers with the
incoming bit stream.
• Start-of-frame delimiter (SFD)- 1 byte. The SOF is an alternating pattern of
ones and zeros, ending with two consecutive 1-bits indicating that the next bit is
the left-most bit in the left-most byte of the destination address.
• Destination address (DA)- 6 bytes. The DA field identifies which station(s)
should receive the frame..
• Source addresses (SA)- 6 bytes. The SA field identifies the sending station.
• Length/Type- 2 bytes. This field indicates either the number of MAC-client data
bytes that are contained in the data field of the frame, or the frame type ID if the
frame is assembled using an optional format.
• Data- Is a sequence of n bytes (46=< n =<1500) of any value. (The total frame
minimum is 64bytes.)
• Frame check sequence (FCS)- 4 bytes. This sequence contains a 32-bit cyclic
redundancy check (CRC) value, which is created by the sending MAC and is
recalculated by the receiving MAC to check for damaged frames.
2
ARP Protocol
16 32 bit
Hardware Type Protocol Type
HLen Plen Operation
Sender Hardware Address
Sender Protocol Address
Target Hardware Address
Target Protocol Address
• Hardware type - Specifies a hardware interface type for which the sender requires
a response.
• Protocol type - Specifies the type of high-level protocol address the sender has
supplied.
• Hlen - Hardware address length.
• Plen - Protocol address length.
• Operation - The values are as follows:
1. ARP request.
2. ARP response.
3. RARP request.
4. RARP response.
5. Dynamic RARP request.
6. Dynamic RARP reply.
7. Dynamic RARP error.
8. InARP request.
9. InARP reply.
• Sender hardware address -HLen bytes in length.
• Sender protocol address - PLen bytes in length.
• Target hardware address - HLen bytes in length.
• Target protocol address - PLen bytes in length
3
TCP Protocol
16 32 bit
Source port Destination port
Sequence number
Acknowledgement number
Offset Reserved U A P R S F Window
Checksum Urgent pointer
Option + Padding
Data
• Source port -- Identifies points at which upper-layer source process receives TCP
services.
• Destination port -- Identifies points at which upper-layer Destination process
receives TCP services.
• Sequence number -- Usually specifies the number assigned to the first byte of data
in the current message. In the connection-establishment phase, this field also can
be used to identify an initial sequence number to be used in an upcoming
transmission.
• Acknowledgment number - It contains the sequence number of the next byte of
data the sender of the packet expects to receive. Once a connection is established,
this value is sent.
• Data offset -- 4 bits. The number of 32-bit words in the TCP header indicates
where the data begins.
• Reserved -- 6 bits. Reserved for future use. Must be zero.
• Control bits (Flags) -- 6 bits. It carries a variety of control information.
• Window -- 16 bits. It specifies the size of the sender's receive window, that is, the
buffer space available in octets for incoming data.
• Checksum -- 16 bits. It indicates whether the header was damaged in transit.
• Urgent Pointer -- 16 bits. it points to the first urgent data byte in the packet.
• Option + Paddling - Specifies various TCP options. There are two possible
formats for an option: A single octet of option type. An octet of option type, an
octet of option length, and the actual option data octets.
• Data - contains upper-layer information.
4
IP Protocol
4 8 16 32 bits
Version IHL Type of service Total length
Identification Flags Fragment offset
Time to live Protocol Header checksum
Source address
Destination address
Option + Padding
Data
5
• Data - Contains upper-layer information.
UDP
16 32 bit
Source port Destination port
Length Checksum
Data
• Source port - Source port is an optional field. When used, it indicates the port of
the sending process and may be assumed to be the port to which a reply should be
addressed in the absence of any other information. If not used, a value of zero is
inserted.
• Destination port - Destination port has a meaning within the context of a
particular Internet destination address.
• Length - It is the length in octets of this user datagram, including this header and
the data. The minimum value of the length is eight.
• Checksum -- The sum of a pseudo header of information from the IP header, the
UDP header and the data, padded with zero octets at the end, if necessary, to
make a multiple of two octets.
• Data - Contains upper-level data information.
6
ICMP
8 16 32 bit
Type Code Checksum
Identifier Sequence number
Address mask
7
NetBIOS
2 2 1 1 2 2 2 bytes
Length Deliminator Command Data1 Data2 XMIT Cor RSP Cor
Destination name (16 bytes)
Source name (16 bytes)
8
DNS
16 21 28 32 bit
ID Q Query A T R V B Rcode
Question count Answer count
Authority count Additional count
9
DHCP
8 16 24 32 bit
Op Htype Hlen Hops
Xid
Secs Flags
Ciaddr
Yiaddr
Siaddr
Giaddr
Chaddr (16 bytes)
sname (64 bytes)
File (128 bytes)
Option (variable)
10
Message Use
------- ---
v v v
| | |
| Begins initialization |
| | |
| _____________/|\____________ |
|/DHCPDISCOVER | DHCPDISCOVER \|
| | |
Determines | Determines
configuration | configuration
| | |
|\ | ____________/ |
| \________ | /DHCPOFFER |
| DHCPOFFER\ |/ |
| \ | |
| Collects replies |
| \| |
| Selects configuration |
| | |
11
| _____________/|\____________ |
|/ DHCPREQUEST | DHCPREQUEST\ |
| | |
| | Commits configuration
| | |
| | _____________/|
| |/ DHCPACK |
| | |
| Initialization complete |
| | |
. . .
. . .
| | |
| Graceful shutdown |
| | |
| |\ ____________ |
| | DHCPRELEASE \|
| | |
| | Discards lease
| | |
v v v
12
Kerberos
8 16 32 Variable
Version Reserved Packet Length TPDU
Message Length
Kerberos messages:
13
VLAN
• TPID- defined value of 8100 in hex. When a frame has the EtherType equal to
8100, this frame carries the tag IEEE 802.1Q / 802.1P.
• TCI - Tag Control Information field including user priority, Canonical format
indicator and VLAN ID.
• User Priority- Defines user priority, giving eight (2^3) priority levels. IEEE
802.1P defines the operation for these 3 user priority bits.
• CFI- Canonical Format Indicator is always set to zero for Ethernet switches. CFI
is used for compatibility reason between Ethernet type network and Token Ring
type network. If a frame received at an Ethernet port has a CFI set to 1, then that
frame should not be forwarded as it is to an untagged port.
• VID- VLAN ID is the identification of the VLAN, which is basically used by the
standard 802.1Q. It has 12 bits and allow the identification of 4096 (2^12)
VLANs. Of the 4096 possible VIDs, a VID of 0 is used to identify priority frames
and value 4095 (FFF) is reserved, so the maximum possible VLAN configurations
are 4,094.
1. Port-Based VLAN: each physical switch port is configured with an access list
specifying membership in a set of VLANs.
2. MAC-based VLAN: a switch is configured with an access list mapping individual
MAC addresses to VLAN membership.
3. Protocol-based VLAN: a switch is configured with a list of mapping layer 3
protocol types to VLAN membership - thereby filtering IP traffic from nearby
end-stations using a particular protocol such as IPX.
4. ATM VLAN - using LAN Emulation (LANE) protocol to map Ethernet packets
into ATM cells and deliver them to their destination by converting an Ethernet
MAC address into an ATM address.
14
VRRP
4 8 16 24 32bit
Version Type Virtual Rtr ID Priority Count IP Addrs
Auth Type Advet Int Checksum
IP Address 1
...
IP Address n
Authentication Data 1
Authentication Data 2
• Version-- The version field specifies the VRRP protocol version of this packet.
This version is version 2.
• Type -- The type field specifies the type of this VRRP packet. The only packet
type defined in this version of the protocol is: 1 ADVERTISEMENT.
• Virtual Rtr ID -- The Virtual Router Identifier (VRID) field identifies the virtual
router this packet is reporting status for.
• Priority -- Specifies the sending VRRP router's priority for the virtual router.
VRRP routers backing up a virtual router MUST use priority values between 1-
254 (decimal).
• Count IP Addresses --The number of IP addresses contained in this VRRP
advertisement.
• Auth Type-- Identifies the authentication method being utilized.
• Advertisement Interval -- Indicates the time interval (in seconds) between
advertisements.
• Checksum - used to detect data corruption in the VRRP message.
• IP Address(es) -- One or more IP addresses that are associated with the virtual
router. The number of addresses included is specified in the "Count IP Addrs"
field. These fields are used for troubleshooting misconfigured routers.
• Authentication Data -- The authentication string is currently only utilized for
simple text authentication, similar to the simple text authentication found in the
Open Shortest Path First routing protocol (OSPF). It is up to 8 characters of plain
text.
15
NTP
2 5 8 16 24 32 bit
LI VN Mode Stratum Poll Precision
Root Delay
Root Dispersion
Reference Identifier
Reference timestamp (64)
Originate Timestamp (64)
Receive Timestamp (64)
Transmit Timestamp (64)
Key Identifier (optional) (32)
Message digest (optional) (128)
16
• Receive Timestamp: This is the time at which the request arrived at the server, in
64-bit timestamp format.
• Transmit Timestamp: This is the time at which the reply departed the server for
the client, in 64-bit timestamp format.
• Authenticator (optional): When the NTP authentication scheme is implemented,
the Key Identifier and Message Digest fields contain the message authentication
code (MAC) information defined.
• Enable ISAKMP
• Create ISAKMP policy
• Set the tunnel type
• Configure the preshared key
• Define the ipsec policy (Transform set)
• Specify the interesting traffic
• Configure crypto map
• Apply crypto map to the interface
• Configure traffic filtering
• Bypass NAT if needed
17