视频讲解sniffer培训教程

1、Optional TechnologiesContentsLogical Link Control (LLC)9-3 10BASE-5 and 10BASE-2 Ethernet9-23Exponential Backoff Formula9-31Transmission Models 1 and 2 Details9-32Logical Link ControlObjectivesUpon completion of this section, you will be able to:Explain the three types of LLC connections and when ea

2、ch one is usedKnow the purpose of the LLC frames and when they are usedFollow a connection-oriented LLC conversation from setup through data exchange and shutdownLogical Link ControlPoint to point data integrityFlow controlLink maintenanceService access point addressingConnection oriented or connect

3、ionless servicesFunctions independently of MAC layerLLCMACDataLinkLayerIEEE 802.2802.X HeaderDSAPSSAPControlMAC SublayerLLC Sublayer802.2 Header FormatDSAP:(1 byte) Destination Service Access Point; receiving process at destinationSSAP:(1 byte) Source Service Access Point; sending process in sourceC

4、ontrol:(1 byte) Various control information (2 bytes for connection-oriented LLC)LLC Service Access Points (SAP)BPDU42Bridge Protocol Data UnitsBanyanBCBanyan VINESIBM_NMF4IBM Network ManagementIP06Internet ProtocolISOFEInternational Standards OrganizationNetBIOSF0Network Basic I/O SystemNovellE0Nov

5、ell (NetWare)SNA04, 05, 08, 0C Systems Network ArchitectureSNAPAASubNetwork Access ProtocolGlobalFFBroadcastNull 00IBM SAP NegotiationSNAP Header Format802.X HeaderDSAP(AA forSNAP)SSAP(AA for SNAP)ControlOrganization/Vendor Code(optional)TypeMAC SublayerSNAPLLC SublayerSubNetwork Access Protocol (SN

6、AP) provides a standard way of encapsulating upper-layer protocols on IEEE 802 networksOrganization Code:(3 bytes) Identifies the vendor or manufacturer. Same as vendor code in MAC layer address. Often 0000 if Upper-Layer Protocol (ULP) did not change.Type:(2 bytes) Identifies the ULP.Same as Ethert

7、ype for protocols that came from the Ethernet environment.LLC FunctionsSome protocols use LLC merely as a pass-through header to carry data. All control of the connection is handled by higher layers. The frames are Unnumbered Information framesOther protocols use the additional functionality that th

8、e IEEE providesLLC connection-oriented service at OSI layer 2 offers many of the data integrity functions we expect to find at OSI layer 4 - the transport layerThe primary difference is that LLC deals with point-to-point connections, whereas layer 4 protocols like TCP deal with end-to-end connection

9、sLLC Frame TypesUnnumbered frames:Establish link connections/disconnectionsProvide link maintenance and error recoveryProvide connectionless (datagram) supportSupervisory frame:Acknowledges frames receivedRequests retransmission of frame(s)Provides flow controlInformation frames:Transport user data

10、and higher-layer protocolsIncrement sequence numbersLLC Unnumbered Frame TypesSABMEUADISCFRMRXIDTESTUISet Asynchronous BalancedMode ExtendedCommandDMUnnumbered AcknowledgmentDisconnectDisconnect ModeFrame RejectExchange IdentificationTestUnnumbered InformationCommandResponseResponseResponseEitherEit

11、herEitherConnectionOrientedConnection orConnectionlessConnection orConnectionlessConnection orConnectionlessConnectionOrientedConnectionOrientedConnectionOrientedConnectionOrientedLLC Supervisory FramesRRReceive ReadyCommand/ResponseRNRReceive Not ReadyCommand/ResponseREJRejectCommand/Response IInfo

12、rmationCommand/ResponseLLC Information Frame(Type 2 - Connection oriented only)(Type 2 - Connection oriented only)Type 1 Connectionless ServicesData Messages Data MessagesTo use the Post Office as an example: Its like mailing a letterType 2 Connection Oriented Service Session Setup ACK Sequenced Dat

13、a Messages Disconnect ACK Like making a telephone call: The end-to-end connection is setup beforeyour conversation begins, then torndown when you hang up+Type 2 Connection SetupWorkstationServerTEST (Optional)TEST (Optional)XID (Optional)XID (Optional)SABME P(oll)UA F(inal)RR NR=0 PRR NR=0 FI NS=0 N

14、R=0RR NR=1+WorkstationServerDISC PUA F*DMUAType 2 Connection TeardownNormal teardown can be started from either side in the fashion described above.If there is a problem with the sequence numbers, the side detecting the problem will send a REJect and include the sequence number it next expects to re

15、ceive. If the other side is able to back up and send that sequence numbered frame, all is well. If the two sides cannot resynchronize, one side will send the DISC to “hang up.” The other side will then respond with a UA(optional)* or DM.+FRMR vs. REJFRMR is sent upon:Receipt of a frame with a data f

16、ield that is not permittedi.e., an unnumbered acknowledgment (UA) with dataReceipt of an unsolicited Final (F) bit set to oneReceipt of an unexpected UAReceipt of an unsupported frame typeReceipt of an I frame that exceeds the established maximum lengthReceipt of an invalid receive sequence number N

17、(R)Receipt of an invalid send sequence number N(S)REJ is sent to:Request the resending of I frames starting with the frame number N(R)Type 3: Acknowledged ConnectionlessConnectionless serviceGuaranteed in-sequence delivery of dataUses stop and wait flow controlSequenced Data Messages ACKLike a conve

18、rsation where one side is saying “Uh huh,” “Yes,” “I see”Decoding LLC Connection-Oriented FramesFrom Workstation LLC C D=F0 S=F0 RR NR=0 PCommandD=F0Destination Service Access Point = F0 (NetBIOS)S=F0Source Service Access Point = F0 (NetBIOS)RRReceive ReadyNR=0Frame Number Workstation expects to rec

19、eive is 0Poll bit is on: Workstation expects a response from ServerFrom Server LLC R D=F0 S=F0 RR NR=0 FResponseD=F0Destination Service Access Point = F0 (NetBIOS)S=F0Source Service Access Point = F0 (NetBIOS)RRReceive ReadyNR=0Frame Number Server expects to receive is 0Final bit is on: Response to

20、Workstations PollFrom Workstation LLC C D=F0 S=F0 I NR=0 NS=0CommandD=F0Destination Service Access Point = F0 (NetBIOS)S=F0Source Service Access Point = F0 (NetBIOS)Information frame: Higher layer data is includedNR=0Workstation is still expecting to receive frame 0 nextNS=0Workstation is sending fr

21、ame number 0From Server LLC R D=F0 S=F0 I NR=1 NS=0 PResponseD=F0Destination Service Access Point = F0 (NetBIOS)S=F0Source Service Access Point = F0 (NetBIOS)Information frame; higher layer data is includedNR=1Server expects to receive frame number 1 nextNS=0Server is sending frame number 0Poll bit

22、is on: Server expects a response from WorkstationNow sending 0Next expect to receive 1, now sending 0Understanding LLC Frame NumberingWorkstationServer#N(R)N(S)N(R)N(S)1020300410511621728394+Common LLC ProblemsLLC is usually very reliableWhen problems happen the most common reasons are:Connection re

23、setUnsupported LLC frame typesFlow control lockupFrame sequence retransmissionExcessive length information fieldExpired timersExpired countersExercises: Observing LLC (Ethernet)Turn to the lab section to complete this exercise10BASE5 and 10BASE2 10BASE2 and 5 Components10BASE-T HubAUI cableTransceiv

24、erNetwork Interface Card (NIC)Repeater10BASE5 Thick Ethernet10BASE2 Thin EthernetNetwork Interface Card (NIC)50 Terminator50 Ohm Terminator50 Ohm Terminator50 TerminatorGroundNetwork Interface Card (NIC)Unshielded Twisted PairGround10BASE5 Thick Ethernet50 terminator50 terminator Coax cableTransceiv

25、erAUI cableMaximum segment length = 500 metersEach end terminated with 50 ohm terminatorsMaximum number of attachments per segment = 100Maximum length of AUI cable = 50 meters*Minimum separation between attachments = 2.5 meters10BASE5 ComponentsTransceiverTransceiverTransceiverAUI CableAUI CableAUI

26、CableTerminalServerMulti-PortRepeaterThick Coax CableMulti-Port Transceiver50 terminator to ground50 terminatorSignal Quality Error Test SQE is used to test the collision presence circuitAfter successfully transmitting data, the Transceiver asserts the SQE signal on the collision presence circuitWhe

27、n the Network Interface Card sees the SQE signal asserted, it knows the Transceiver can inform the Network Interface Card when a collision does occurNot supported by Ethernet Version 1 equipmentTurn off SQE on a transceiver attached to an AUI port on a repeater or repeating hubTransceivers that are

28、integral to the NIC do not require SQE to test the AUI link between NIC and transceiver: the link is hard-wiredAUI cableTransceiverNetworkInterfaceCard (NIC) SQE TESTR3R2R150m AUI cablesTransmitting stationSniffer Pro 250m AUI cables50m AUI cables50m AUI cableSniffer Pro 32nd stationSniffer Pro 1800

29、mFiberLinkx450 m(Point of collision)Evidence of collision will arrive at station A _ bytes into station As transmission50m AUI cableAnalyzing Coax CollisionsBANAI enhanced drivers required to sense and capture collision frames10BASE2 Thin Ethernet50 terminator50 terminator to groundBNC Tee Connector

30、sMaximum segment length = 185 metersMaximum number of attachments per segment = 30Minimum separation between stations = .5 metersRG 58 CableExponential BackoffTransmission Models 1 and 2 DetailsBackoffTime = RandomNumber multiplied by SlotTimeSlotTime = time to propagate 512 bits (i.e., 51.2 seconds

31、)RandomNumber is greater than or equal to 0 and less than 2nn = number of times it has tried for first 10 times or n = 10 for the 11th through 16th tryAfter 16 tries, report error to the upper-layer protocolTruncated Binary Exponential BackoffNew IEEE Maximum Topology SpecsThe maximum topology of a

32、10 Mbps baseband network is limited by two factors: Round-trip collision delay Interpacket gap shrinkageThere are two methods, or “transmission models,” for calculating the round-trip collision delay (i.e., maximum copper and fiber lengths), according to the standardModel 1 closely follows the 5-4-3

33、 ruleModel 2 assigns a value to each type and length of copper or fiber media, which corresponds to a worst-case round-trip delay for the Ethernet signalTransmission Models 1 and 210 Mbps maximum topology rulesTransmission Model 1 is the more conservative and restrictive of the twoIt has the advanta

34、ge of being validated to work with all vendors productsTransmission Model 2 uses tables to calculate: Round-trip delay times for all types of mediaInterpacket gap shrinkage for multiple repeaters Transmission Model 1Closely matches the traditional “5-4-3 rule” of traditional Ethernet networksFOIRL,

35、10baseFL, 10baseFB and 10baseFP links are included AUI cables, if used, are restricted to 25 meters in lengthThe maximum allowable length of any inter-repeater fiber segment is restricted to 1000 meters (FOIRL, FL, and FB) If all five segments are present, the maximum length of any fiber segment sha

36、ll not exceed 500 metersThe maximum length for a fiber hub-to-station (repeater-to-DTE) drop is 400 meters in an Ethernet network that also contains a 1000-meter link segmentIf fiber link segments are held to 500 meters, the maximum fiber hub-to-station drop is increased to 500 metersModel 2 Path De

37、lay ValueModel 2 assigns a value to each type and length of copper or fiber media, which corresponds to a worst-case round-trip delay for the Ethernet signalThe value also takes into account the repeater for any fiber or copper segmentStarting from the point of highest variability your network (call

38、 it the “left end”), calculate the length of each segment across repeaters to the farthest station on the network (called the “right end”) Add the individual segment values to arrive at a total Path Delay Value, or PDVThe total should not exceed 572 bit timesThe number of repeaters on any path may e

39、xceed the Model 1 limit of four RRRRDelay ADelay BDelay CDelay D PDV A + B +C + D + E = 572Delay ETransmission Model 2(Calculating Interpacket Gap Shrinkage)The distance (in bit times) in the gap between frames will decrease with each repeater in the path as repeaters regenerate the preambles of Ethernet frames This limits the number o