Part 04 - Layer 2 Data Link Part I Media Access

Video Activity

As we begin our ascent up through the layers of the OSI reference model from the Physical Layer, our next stop is the Data Link layer otherwise known as Layer 2. This layer is unique in that it is comprised of two sub-layers known as the LLC (Logical Link Control) layer and the MAC (Media Access Control) layer respectively. The LLC layer is respons...

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

12 hours 41 minutes
Video Description

As we begin our ascent up through the layers of the OSI reference model from the Physical Layer, our next stop is the Data Link layer otherwise known as Layer 2. This layer is unique in that it is comprised of two sub-layers known as the LLC (Logical Link Control) layer and the MAC (Media Access Control) layer respectively. The LLC layer is responsible for the detection of errors that result from data collisions. We'll see in a moment how it also is responsible for implementing strategies for minimizing such collisions. The MAC sub-layer is where the 48-bit physical device addresses reside. These addresses are unique for every device in the world (in theory anyway) and are comprised of a manufacturer's ID portion and a device ID portion. Mapping from IP addresses to MAC addresses is handled by the Address Resolution Protocol (ARP) and conversely, mapping in the other direction is handled by the Reverse ARP protocol. Makes sense, right? As with each layer that we'll examine, there are threats that exist at the MAC layer, most prominently, poisoning of the ARP cache. This is an exploit where an unsolicited reply is generated in order to cause data misdirection for malicious purposes. We conclude this section by examining the collision detection and management strategies present at the LLC sub-layer. CSMDA/CD (Carrier Sense Multiple Access with Collision Detection) "listens" for data on the line and only transmits when the line is quiet. It also listens for collisions (Collision Detection) and implements a backoff protocol prior to retrying if a collision is detected. CSMDA/CA (Carrier Sense Multiple Access with Collision Avoidance) similarly listens on the media for data, but instead of immeditately transmitting when quiet is detected, instead signals its desire to transmit, much like raising your hand in class to ask a question. An older collision avoidance strategy and one little-used today, is that of Token Ring where a token is passed around to endpoints desiring to transmit. This technique is analogous to passing a mic on to the next person wishing to speak in an audience.

Video Transcription
from layer one. We move on to, of course, Lee or two, which is the data link layer. Now, the data link layers wth e Onley layer of the O S. I model that's made up of two sub players. And those sub layers are the LLC and the Mac, So L l C stands for logical link control.
Max stands for media access control.
Surely you did not think Mac was gonna sound that mean the same thing it's meant in other models. Actually, Mac, it's gonna have three different meanings in this class.
The good news about that, though, is when they use a word like Mac that does have multiple acronyms or multiple meanings. For the acronym they will spell out in parentheses, which Mac they're talking about. So you shouldn't be in. You shouldn't have a problem figuring it out.
Art to the LLC is responsible for error detection. So if you think about it,
when you're on the network, you're trying to reach a share, and it's taking forever. So one of the first things I do is I take a look at the back of my box and look at the nick. If it's flashing grain. All systems are go. However,
if it's flashing orange or amber, we know that their collisions on the network, that's what the L. L. C Lee or does it detects those collisions. Now the Mac is really where we're gonna focus our time on media access control because it has a couple of purposes.
So one purpose we've heard probably of Mac addresses associated with network cards. These are the 48 bit addresses.
24 bits indicate the manufacturer of the network card in the last 24 bits indicate the device, specifically and uniquely. The theory behind a Mac is that every Nick on the planet would have its own unique Mac address. Now, that's not really true, But that's kind of the theory behind them.
And the Mac address is burnt into the chip, the memory on the chip, so it's hard coded in there.
But you can change that, and there would be legitimate reasons, you know, certainly spoofing makes modification there, but legitimate reasons.
Sometimes you might associate a a service with specific Mac address, and you can make those modifications. But you know, we'll look at this kind of in a vacuum is how it was designed to be. Well, the nick is programmed in with a Mac address, and it is a unique identifier for every network card
on your network.
Um, the on leeway for your system to actually get data to it is through the Mac address. That's the ultimate addressing. You know, you might connect to a computer by name, Server one.
It feels like you're dressing Is is being done by name, but it's D N s that takes that user friendly name and maps it to an I P. Address. Well, there's a protocol called AARP address resolution protocol, and the job of AARP is to map an i p. Address to a Mac address.
So ultimately, if you're on an Ethernet network in most of the sword,
we have to have our to do that I p to Mac address mapping. Now, with art music going to show you this.
What we have is we have what we refer to as our art cash. So the nice thing about art so arts broadcast base sends out a broadcast. Hey, is anybody out there? 1921681.1 and the system
that has that I p address.
Excuse me, the system that has that I p address comes back and says, That's my dress And here's my Mac and you can see the Mac is in hex decimal and it's 48 bits.
So what happens is, once I learned that Mac address, I add it to what we refer to is our art cash. So once I learned something, my system learned something. It doesn't have to go out and relearn it again every single time it stores it catch. Now cash is always gonna be where we put things that we expect to need again.
That way it's quicker to access. So to give you an idea,
there's this great Thai food restaurant that just recently started delivering to our neighborhood, and it's they've been delivered maybe two months now. We love this place. We order there a couple of pounds a week. It's so good.
And for a long time, every time we wanted to call them, we go and look him up on the Internet, find their phone number Well,
not that that's the biggest deal in the world. But that takes time. It's not efficient. So we finally jotted the phone number down and put it on our refrigerator now and we want to call. It's right there. It's easy to reach.
The problem with that, though, is that I trust what's on my refrigerator.
So if someone wanted to prank me, if they went and changed the phone number to the bad Thai restaurant that also delivers. And let me tell you, if you've had bad pizza, that's one thing. Bad Thai food,
totally different scale of judgment there. And interestingly enough, that's called poisoning. If you modify my cash, it's called poisoning. So art poisoning is that someone can come in and maliciously replace the true physical address with their own or desired Attackers. Server
Mac address.
Excuse me. So the bottom line there is art poisoning is an attack, and that attack is all about it was misdirection or redirection. I'm going to send you to a host, and because you trust your cash, you're gonna go somewhere else. One of the ways that that happens is through something called an unsolicited reply.
So when I send out an art query, it's a broadcast. Hey, whose I P address or who is 1921681.1. I expect a response, however, if a system just contacts me and says, Hey, add this to your art table
there's no reason someone should be sending a reply to a question I never asked. And that's an unsolicited reply they have with the N s. They have won with all sorts of things in their way of poisoning cash.
So we want to disallow unsolicited applause, and most operating systems automatically do that today. All right, So
if art is a layer to protocol, which it is, and technically it really works between layer two and three. Layer three is where I pee addressing happens. So it's really hard to put everything in a nice, neat little box and say This is later to boot
for the test. If they make you put it at a single layer, put it it, too.
One of the nice things about the tests I think they're evolving into saying across which layers does Our pork Lo works across Layer two in three.
Now reverse Art takes a known Mac address and learns an I P address that's really the predecessor to D h e p. Right. Your client comes onto the network. You've already got a Mac address and inquiries out and says, Hey, can anybody give me an I P address? Also systems that boot to the network if you're familiar with boot P technology,
Uh, that's you know, that's all based on reverse art.
Both layer two protocols. So any attacks on arbor reverse art? We're gonna be late or two. Attacks the main attack that, I think. Would you open the exam this park poisoned.
All right. The other element of of Mac as we know it, that media access control piece that is the second layer of O s I. And what happens here is a means of determining which system gets to communicate.
Okay, so think about this in a classroom. All right? If we're in a classroom, we've got, you know, 15 20 people there. What I generally allow people to do is just ask questions. I don't need you to raise your hand. You shout your question on and we'll address it then.
That is the means of communication called CS Inmate CD carrier Sense multiple access with collision detection. Now, that's definitely a mouthful, but it's exactly what it sounds like. All right, so when you're gonna ask the question, you listen to what's going on in the room. You sense whether or not anybody's communicating
Now you could be sensing no one's talking. At the same time, I sense the same thing. And we could both throw our questions out there, right? Multiple access. But if you are talking at the exact same time I'm talking. We have a collision.
So with C S M A C G, which is the technology that Ethernet uses the network cards senses the cape.
Is there Dad on the cable? No. Well, tunics could sense that same time in both put their data out there. But if they do, they have a collision that needs to be detected. They back off in retransmit. That's the most popular type of media access control issues today C S M A C G. And again, that's what Ethernet uses.
All right, now C s m a c A.
Let's say we moved to a stadium where things were more dispersed. All right, um, and making we have a lot of people in that stadium rather than just shouting out your answers. Raise your hand signal your desire to communicate rather than just communicating that C S m a c A. And that's what wireless uses. Carrier sense
multiple access with collision avoidance
Because the host in that instant signal their intent to communicate. They don't just put their message out.
Okay, Token ring networks, which we really don't see today, used a method called token passing. It's like Vita Microphone and I said, Everybody past this microphone toe every other student in the room. You can only talk if you have the microphone. There's just one microphone.
So a big benefit there was. We really getting have collisions because you couldn't talk without a microphone. Just one. There's no way to collide.
Token passing is still around. Token Ring has has kind of dropped off. You don't see it. Most networks, you know. I hear rumors of it in this environment every now and then, but ultimately it's kind of going away.
So what we would focus on is making sure you know these three media access control types and know the real focus today is on Ethernet and keep in mind
with Ethernet, we expect collisions. It's part of the technology. So what we want to look to do is to minimize those collisions as as well as we can. And that's what's coming up next, looking at some of the network devices that do help us minimize this collisions.
Up Next

Our free online CISSP (8 domains) training covers topics ranging from operations security, telecommunications, network and internet security, access control systems and methodology and business continuity planning.

Instructed By