Location>code7788 >text

Ethernet Data Frames Explained

Popularity:238 ℃/2024-12-19 16:00:38

1. Ethernet data frames (link layer)

During communication, a data header (header) is added to each layer of the protocol, called Encapsulation.
Different protocol layers call packets differently, theThe transport layer is called a segment, the network layer is called a datagram, and the link layer is called a frame.The following are some examples. such as UDP segments, IP datagrams, and Ethernet frames.
data encapsulation into a frameand then sent to the transmission medium, and after reaching the destination host each layer of the protocol thenStrip the corresponding first part, and finally handing over the application layer data to the application program for processing.

The complete structure of an Ethernet frame

field lengths clarification
destination MAC address 6 bytes Receiver's MAC address
source MAC address 6 bytes MAC address of the sender
Type field 2 bytes Indicates the protocol type of the data in the frame
Data portion (including frame payload) 46 bytes - 1500 bytes Carries data for upper layer protocols, with a minimum of 46 bytes and a maximum of 1500 bytes of data length
FCS (Frame Check Sequence) 4 bytes CRC checksum value for error detection

以太网帧图示以太网数据帧构成

1.2 Ethernet Header

Ethernet header occupancy14 Bytes, which usually consists of the following components:

  1. Destination MAC Address: 6 Bytes
  2. Source MAC Address: 6 Bytes
  3. Type/Length Field: 2 Bytes
    以太网首部

1.2.1 Destination MAC Address (Destination MAC Address)

This is the MAC address of the device on the receiving end and indicates to which device the frame was sent. In Ethernet, each network interface has a unique MAC address that identifies the device. During packet transmission, the destination MAC address indicates the receiver of the frame.

  • Unicast: The destination MAC address is unique and specifies a single receiving device.
  • Broadcast: The destination MAC address isFF:FF:FF:FF:FF:FF, indicating that the packet is addressed to all devices on the network.
  • Multicast: The destination MAC address is a specific set of addresses, indicating that the frame is addressed to multiple devices in a specific group.

1.2.2 Source MAC Address (Source MAC Address)

This is the MAC address of the device on the sending end and indicates the source of the data frame. Each network interface card (NIC) has a unique MAC address that identifies the device. The source MAC address identifies the sender of that data frame.

1.2.3 Type/Length Field (Type/Length Field)

In the traditional Ethernet frame format, the Type field has two uses, depending on the Ethernet frame type. Here we press theEthernet II formatto explain, as it is the most common standard.

  • Type field(Ethernet II frame format):
    • lengths: 2 bytes (16 bits)
    • descriptive: The Type field indicates the upper layer protocol used for the data portion. Example:
      • 0x0800: IPv4 protocol
      • 0x0806: ARP protocol
      • 0x86DD: IPv6 protocol
      • 0x8847, 0x8848: for IEEE 802.1Q VLAN tagging.

The type field enables the receiving device to know to which upper-layer protocol the data portion of the frame belongs, which in turn is passed to the correct protocol stack for further processing.

  • length field(IEEE 802.3 frame format):
    • In the IEEE 802.3 standard, this field indicates the length of the subsequent data portion, not the protocol type. In this case, the value of the length field specifies the number of bytes in the data section (excluding the frame header and FCS fields). However, almost all applications in modern Ethernet use the Ethernet II type format.

1.3 FCS(Frame Check Sequence)

FCS (Frame Check Sequence)., is the last field of an Ethernet frame and is used for data error detection.Its role is to ensure that data is not corrupted during transmission, and can effectively detect and prevent erroneous data from being received and processedThe FCS field is generated using the CRC (Cyclic Redundancy Check) algorithm, which relies on all data fields in the frame (including the header, data portion, etc.) and calculates a checksum value.

Format of the FCS field

  • FCS length: 4 bytes (32 bits)
  • FCS content: 32-bit checksum code generated by CRC algorithm on the sender side

2. IP datagrams (network layer)

IP Datagram is the unit of data between a transport layer protocol (such as TCP or UDP) and a link layer protocol (such as Ethernet). It isInternet Protocol (IP) The basic data unit defined in for transmitting information across a network. the IP datagram carries address information for locating the source and destination devices, as well as some control and error handling information.

The structure of an IP datagram is divided intoIP header and data portion, where the IP header is used to hold protocol-related metadata and the data portion carries the payload of the upper-layer protocol (e.g., theTCP Data,UDP (data, etc.). The structure of the datagram varies depending on the IP version, the common versions areIPv4 respond in singingIPv6. Below, we takeIPv4 The datagram is used as an example to explain its structure in detail.

2.1 IP Headers

IPv4 The size of the head is20 bytes, but its length can be determined by theOptions field (Options) There have been changes.IPv4 The header contains a number of different fields, and the following is a detailed breakdown of the fields:

field name Length (bits) clarification
Version 4 Specifies the version of the IP protocol, with a value of 4 for IPv4.
Head Length (IHL) 4 Specifies the length of the IP header in 4 bytes.The minimum header length for IPv4 is 5 (i.e., 20 bytes).
Type of Service (ToS) 8 Define datagram priority and quality of service (QoS).
Total Length 16 The total length of the datagram in bytes, including the header and data portions.
Identification 16 Used for datagram fragmentation to identify individual segments belonging to the same datagram.
Flags 3 Flag bits that control slicing, specifying whether slicing is allowed, whether it is the last slice, etc.
Fragment Offset 13 Indicates the location of the current fragment in the original datagram for fragmentation and reorganization.
Time to Live (TTL, Time to Live) 8 Limit the life cycle (i.e., maximum number of hops) of a datagram in the network to prevent it from cycling through the network indefinitely.
Protocol 8 Specifies the type of upper layer protocol used for the data portion, e.g., TCP (6), UDP (17), ICMP (1).
Header Checksum 16 Used to check if the head is damaged during transmission.
Source IP Address 32 The IP address of the source host.
Destination IP Address (Destination IP Address) 32 The IP address of the target host.
Options changeable Optional field to specify additional control information, often used for routing, timestamping, etc.
Padding changeable Used to pad the size of the option field so that the header length is a multiple of 4 bytes.

IP数据报格式

2.2 Data component (Data)

Data sectioncontains the payload of the upper-layer protocol. For IPv4 datagrams, the data portion of the protocol stack is thetransport layer protocol(e.g., TCP, UDP) or other protocols. Example:

  • If it is a TCP packet, the data part is the TCP header and data.
  • If it is a UDP packet, the data portion is the UDP header and data.

The maximum length of the data section is determined by theTotal length fielddecision (up to 65535 bytes), minus the length of the header (usually 20 bytes), which is the length of theMaximum data portion is 65515 bytes

3. TCP segment (transport layer)

TCP segment(The TCP Segment is the basic data unit that the Transmission Control Protocol (TCP) uses to communicate over a network.TCP is a connection-oriented protocol that ensures the complete and error-free transmission of data through reliable end-to-end communication. Therefore, TCP segments not only carry application layer data, but also contain control information that ensures the reliability of data transmission.

consist ofTCP Headers and DataPartially composed.

  1. TCP header: Contains control information for data routing, reliability, flow control, error detection, etc.
  2. Data section: Carries the actual application layer data (e.g., HTTP requests, file transfer data, etc.).

3.1 TCP Headers

The minimum length of the TCP header section is20 bytesbut if it containsOptionsThe length of the TCP header is increased. the fields in the TCP header are as follows:

field name Length (bits) clarification
Source Port number (Source Port) 16 The port number of the source host, indicating the application on the sending end.
Destination Port 16 The port number of the target host indicating the application on the receiving end.
Sequence Number 32 Sequence number of the first byte in the data byte stream, used to keep track of the data that has been sent.
Acknowledgment Number (Acknowledgment Number) 32 Indicates the sequence number of the next byte expected to be received, which is used to acknowledge the received data.
Data Offset 4 Indicates the length of the TCP header in 4 bytes, and indicates the offset from the beginning of the TCP segment to the data portion.
Reserved 3 Reserved field, usually 0, for later protocol extensions.
Control Bits (Flags) 9 This field contains the flag bits used to control the connection, common ones include:
- URG(Emergency pointer is valid): If 1, indicates that the data contains emergency data.
- ACK(Acknowledgement Number Valid): If 1, indicates that the Acknowledgement Number field is valid.
- PSH(Push Flag): If 1, indicates that the receiver should give the data to the application immediately.
- RST(Reset Connection): If 1, indicates that the connection is re-established.
- SYN(Synchronized Connection): If 1, it is used to establish a connection.
- FIN(Connection terminated): If 1, the sender has completed the data transfer.
Window Size 16 Indicates the size of the receiving window at the receiving end for flow control.
Checksum 16 Used for error detection to ensure that no errors have occurred in the TCP header and data portion of the transmission.
Urgent Pointer 16 If the URG flag bit is 1, the Urgent Pointer field indicates the last byte location of the urgent portion of the data.
Options changeable Additional optional fields, typically used for maximum message segment length (MSS), timestamps, and so on.
Padding changeable Used to make the length of the TCP header a multiple of 4 bytes.

TCP首部格式

  1. Source Port and Destination Port numbers (Source Port and Destination Port)
    Each TCP segment has a source port number and a destination port number, which are used to identify the sender and receiver applications. Together, these two port numbers form a unique identifier for the TCP connection (theQuadruple: source IP address, source port, destination IP address, destination port)。

  2. Sequence Number

  • product key (software)Used to identify each byte in the sent byte stream. Sequence numberEnsure that data is reorganized in the correct orderThe receiver can restore the packets correctly even if the packet order is disrupted.
  • When a connection is established, TCP initializes a sequence number, which is incremented for each subsequent byte sent.
  1. Acknowledgment Number (Acknowledgment Number)
  • The acknowledgement number is the sequence number of the next byte that the receiver expects. It is used to tell the sender which bytes have been successfully received and to acknowledge the reception of the data.
  • If the receiver receives a TCP segment, theIt sends the last byte of the segment, sequence number +1, back to the sender as an acknowledgement.
  1. Data Offset
    The Data Offset field specifies the length of the TCP header. It tells the receiverThe part of the data to start reading from. Since the TCP header may haveoptions (as in computer software settings)field, so the header length is variable.

  2. Control Bits (Flags)

  • The control bits (9 flags) are used to control the establishment, maintenance, and termination of TCP connections. The main flag bits include:
    • SYN(Synchronized Connection): Used for the handshaking process when the connection is established.
    • ACK(Confirmation number valid): Indicates that the confirmation number is valid.
    • FIN(Connection Termination): Indicates that the sender has no data to send and the connection can be terminated.
    • RST(Reset Connection): Indicates that the connection is abnormal and the connection needs to be reinitialized.
    • PSH(Push Flag): Indicates that the receiver should pass the data to the application immediately, without buffering.
    • URG(Emergency pointer valid): indicates that the data segment contains emergency data.
  1. Window Size

    The window size is used for flow control and indicates the amount of data that can be received in the receiver's receive buffer. It informs the sender how many bytes of data the receiver is currently able to receive.

  2. Checksum

    Checksums are used to detect the transmission ofWhether a data error has occurred. It is computed for the TCP header and data portion together. the receiver can use the checksum to determine if the data has been transmitted in error.

  3. Urgent Pointer

    The Emergency Pointer field is only valid when the URG flag is 1. It indicates the end position of the urgent data in the data section. When the URG flag is 1, the receiver prioritizes the urgent data.

  4. Options

  • The Options field is used to provide additional control information. Common options are:
    • Maximum Message Segment Size (MSS, Maximum Segment Size): Indicates the maximum TCP segment size that the sender and receiver can handle.
    • timestamp: Used to calculate round-trip time (RTT) and perform other performance optimizations.
    • Window Scale: An extension for TCP window sizes that allows larger window sizes to be used in high-speed networks.
  1. Padding

    To ensure that the TCP header length is a multiple of 4 bytes, padding fields are used. Padding does not have an effect on data transfer; it simply ensures that the header length is as specified.

3.2 Data component

Data section Contains the actual data passed to TCP by the higher layer protocols (e.g., HTTP, FTP, etc.). The length of the data portion can be determined by the difference between the total length of the TCP segment and the header length. Each TCP segment carries up to64KB of data (theoretically), but the actual data size is usually limited by the MSS (Maximum Message Segment Size).

Each application layer protocol uses its own data as the payload of the TCP segment when transferring data over TCP. Typical application layer data includes:

  • HTTP request/response message body
  • File Transfer Data
  • DNS request/response data
  • SMTP mail data, etc.

3.3 TCP segment data transfer process

  1. Application Data: Applications (e.g., web browsers, mail clients, etc.) first generate the data that needs to be transmitted. For example, when you visit a web page, the browser generates an HTTP request and hands it off to the TCP stack for transmission.
  2. 分段TCP segments the data according to the size of the application data and the MTU (Maximum Transmission Unit) of the network.. Each segment then forms a separate TCP segment, and the data portion is the payload for those segments.
  3. seal inside: The TCP protocol encapsulates the application data into the data portion and appends the appropriate header information (e.g., sequence number, acknowledgement number, checksum, etc.) to form a complete TCP segment.
  4. transport: This TCP segment is sent to the network and the data portion will be forwarded by other devices in the network (e.g., routers, switches) until it reaches the target device.
  5. Receiving and reorganization: The receiver stitches together the data portions of all received TCP segments into complete application data based on the TCP control information (e.g., sequence number and acknowledgement number) and passes it on to the upper tier application.

3.4 TCP Segment Fragmentation and Reorganization

  • slice: If the size of a TCP segment exceeds the maximum transmission unit (MTU) of the network, it will be split into multiple smaller segments, each with a sequence number and an acknowledgement number so that the receiver can reassemble it properly.
  • reorganization: The receiving end reorganizes the fragmented data segments back into the original complete data based on the sequence number and acknowledgement number in the TCP segment.

4. UDP segment (transport layer)

UDP (User Datagram Protocol) is a connectionless transport layer protocol that provides a best-effort service in network communications. Unlike TCP, theUDP does not provide guaranteed reliability, sequential control, or flow control.Instead, data is transferred in a simpler way. As a result, the first part of the UDP protocol is relatively simple.

4.1 UDP Headers

The UDP header contains the most basic control information, with only four fixed fields, each of which is of fixed and small length.The header of the UDP protocol does not have the same complex control information as TCP, for example, there are no fields for the sequence number, the acknowledgement number, the window size, etc. The UDP header has no fields for the sequence number, the acknowledgement number, the window size, etc. The UDP header contains the most basic control information. The following is a description of the structure and fields of the UDP header:

field name Length (bits) clarification
Source Port number (Source Port) 16 The port number of the sender.
Destination Port 16 The port number of the receiver.
Length 16 The total length of the UDP segment, including the total length of the header and data portions.
Checksum 16 Used for error detection to ensure that no errors have occurred in the transmission of the UDP segment.

UDP首部

  1. Source Port number (Source Port): 16 bits
  • source port numberfield is used to identify the port of the data source (the sender's port).
  • This field can be set to 0 if the sender does not have a specific source port requirement (e.g., in some cases, the UDP source port for DNS queries is 0).
  • This field helps the receiver know from which port the packet was sent.
  1. Destination Port: 16 bits
  • The Destination Port Number field identifies the receiver's port, which is the destination port for data reception.
  • UDP sends data to the correct application or service via the destination port number. For example, the HTTP protocol typically uses port 80, DNS typically uses port 53, and so on.
  1. Length: 16 bits
  • lengths field indicates the length (in bytes) of the entire UDP segment, including theUDP header respond in singingData section The total length of the
  • The minimum length is 8 bytes (header section only). Therefore, the minimum length of the UDP data portion is 0 bytes, and the maximum length can be65535 bytes(maximum value of a 16-bit unsigned integer). In practice, theThe size of the data portion is usually determined by the maximum transmission unit (MTU) of the network layer
  • This field allows the receiver to know the actual size of the UDP segment so that it can parse the data correctly.
  1. Checksum: 16 bits
  • The checksum field is used to detect if an error occurred during the transmission of the UDP segment.
  • The checksum is a calculated value for the entire UDP segment, including the UDP header and data portion, and is used to ensure data integrity.
  • 如果接收到的数据段的校验和不匹配,The receiver discards the segment,and choose whether to request a retransmission based on the design of the protocol。One thing to keep in mind.,Checksums are optional,in particular IPv4 The checksum field can be set to 0 if the local network is used for both the source and destination addresses of the UDP segment; however, the checksum field in theIPv6UDP checksums are mandatory.

4.2 Data component

Data portion of UDPThe content of the bearer depends on the application layer protocol. It is all the bytes starting after the UDP header and ending at the end of the UDP segment. Therefore, the UDP payload can be data from any application layer protocol, such as HTTP requests, video streams, DNS query responses, and so on.

Example:

  • DNS: The UDP data portion of DNS requests and responses typically contains the contents of the domain name resolution request (e.g., the domain name to be queried, the type of query, etc.), or a list of IP addresses returned by the DNS server.
  • video streaming: Video applications (such as real-time video streaming or voice calls) transmit video or audio data as UDP data parts.
  • Simple data transfer: For example, if an application transmits a small piece of text data over UDP, then the data section will contain that text data.

5. Five-Tuple

quintuple(Five-Tuple) is a set of five core elements used in networks to uniquely identify a TCP connection and is commonly used to describe an end-to-end connection. The Five-Tuple consists of the following five fields:

  • Source IP Address
  • Source Port number (Source Port)
  • Destination IP Address (Destination IP Address)
  • Destination Port
  • Protocol type (Protocol)

These fields are combined toUniquely identifies a connection between two endpoints communicating in a network

test instance

machine name mac address ip address ports
server 00:0c:29:8b:37:da 10.1.2.7 9502
client 00:50:56:c0:00:08 10.1.2.1 12345

The client sends the serverhello world, grab bag results:

# Original data frame
00 0c 29 8b 37 da 00 50 56 c0 00 08 08 00 # Ethernet_II format data frame header
45 00 00 33 28 5b 40 00 80 06 ba 80 0a 01 02 01 0a 01 02 07 # ip protocol header
30 39 25 1e 84 a4 e6 82 cf f2 ea 28 50 18 10 0a 7b 45 00 00 # tcp protocol header
68 65 6c 6c 6f 20 77 6f 72 6c 64 # data
  1. Ethernet frame header
  • Destination MAC address: 6 bytes
  • Source MAC address: 6 bytes
  • Type: 2 bytes (usually 0x0800 for IP protocol)
00 0c 29 8b 37 da # Destination MAC Address
00 50 56 c0 00 08 # Source MAC Address
08 00 # Type: 0x0800, indicating that the subsequent data is an IP packet.
  1. IP datagram header
45 00 00 33 28 5b 40 00 80 06 ba 80 0a 01 02 01 0a 01 02 07 # ip protocol header
  • Version & Header Length (Version & IHL):454 indicateIPv45 indicates that the header length is5(i.e.)\(5 * 4 = 20\ Bytes\))。
  • Type of Service (TOS):00
  • Total Length:00 33(i.e. 51 bytes).
  • Identification:28 5b(This is the identifier of the datagram and is used to identify different datagrams when slicing).
  • Flags & Fragment Offset:40 00(No slicing).
  • Time to Live (TTL):80(128, indicating that the packet can pass through 128 routers).
  • Protocol:06(indicated)TCP (Agreement).
  • Header Checksum:ba 80(checksum for detecting header errors).
  • source IP address0a 01 02 01(hexadecimal conversion to10.1.2.1)。
  • destination IP address0a 01 02 07(hexadecimal conversion to10.1.2.7)。
  1. TCP Segment Headers
30 39 25 1e 84 a4 e6 82 cf f2 ea 28 50 18 10 0a 7b 45 00 00 # tcpprotocol header

source port number30 39(hexadecimal conversion to12345
target port number25 1e(hexadecimal conversion to9502
Serial number:84 a4 e6 82(32 bit sequence number, hexadecimal value)0x84a4e682
Confirmation number:cf f2 ea 28(32 Bit Confirmation Number, Hex Value)0xcff2ea28
Data Offset:50(indicates a header length of 5 32-bit words (i.e., 20 bytes))
Window size:18 10(16 bit window size, hexadecimal value)0x1810(i.e. 6160 bytes)
Checksum:0a 7b(hexadecimal checksum, hexadecimal value)0xa7b

  1. Partial analysis of data
68 65 6c 6c 6f 20 77 6f 72 6c 64 # data

The corresponding ASCII characters for these bytes are:hello world