The OSI Model: Part 2 - Data Link Layer

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> As we continue our quest
00:00
to understand networking a little bit better,
00:00
we're looking at things in context
00:00
>> to the OSI reference model.
00:00
>> We just talked about the physical layer,
00:00
now we're going to move up to the data link layer.
00:00
The data link layer is
00:00
>> significant for multiple reasons.
00:00
>> Certainly we'll talk about the function at this layer.
00:00
But we're also going to talk about the fact
00:00
>> that we have two sublayers of the data link layer,
00:00
>> the LLC sublayer,
00:00
and then the media access control layer.
00:00
We're going to talk about that in
00:00
context of media access,
00:00
and we'll also talk about MAC addressing.
00:00
Then last but not least,
00:00
we'll talk about ARP,
00:00
which is going to help us with our MAC
00:00
addressing and to get that resolution that we need.
00:00
Talking about this layer, as I mentioned,
00:00
this is the only level or layer rather of
00:00
OSI that has two sublayers.
00:00
The first is called the LLC sublayer,
00:00
and that stands for logical link control.
00:00
That sublayer is responsible for error detection,
00:00
not error correction, but error detection.
00:00
Determining if there's been an error with transmission.
00:00
If you're looking at your network card
00:00
and the network card is flashing green,
00:00
you know everything's right with the world.
00:00
But if it's flushing orange or an amber color,
00:00
there's something going on there, errors on the line.
00:00
A lot of times it has to do with collisions,
00:00
which we'll talk about in just a minute.
00:00
As a matter of fact, let's talk about that idea now.
00:00
The media access control layer
00:00
is what gives us physical addressing.
00:00
When we talk about physical addressing,
00:00
we're talking about MAC addresses
00:00
on our network card being burnt into that
00:00
Nick and being a way of identifying
00:00
every network card as unique on our network.
00:00
Now the other thing that media access control gives us,
00:00
is it gives us a way to communicate on the network.
00:00
You can't have every host
00:00
just communicating at the same time,
00:00
you'll just have chaos.
00:00
That will be a very difficult situation because
00:00
nobody's really going to be able to be
00:00
heard if every host is communicating at the same time.
00:00
We have to find some way of determining
00:00
>> who can communicate when,
00:00
>> and the way we determine
00:00
>> that is through the media access method.
00:00
>> Now I actually have
00:00
the three main media access methods listed here,
00:00
and they are CSMA/CD,
00:00
CSMA/CA, and token passing.
00:00
This sounds like a mouthful.
00:00
This CSMA/CD, it actually stands for
00:00
carrier sense multiple access with collision detection,
00:00
but it's not that complex.
00:00
Let's say we're all in a classroom
00:00
and you have a question,
00:00
what most people do is they stop and listen.
00:00
Hey, is anybody talking right now.
00:00
If not, they transmit their question.
00:00
Hey Kelly, I have a question.
00:00
However, it's possible that
00:00
two people are syncing the classroom at the same time.
00:00
They don't hear anybody communicating,
00:00
so they both ask a question at the same time.
00:00
Now because they're both talking at the same time,
00:00
I can't understand what either of them are
00:00
saying and that's called the collision.
00:00
Fortunately, the students can
00:00
determine there was a collision,
00:00
they both back off,
00:00
one goes ahead with
00:00
their message and then the other follows.
00:00
That's what carrier sense
00:00
multiple access with collision detection does.
00:00
Networks sense the cable carrier sense.
00:00
Multiple nicks could be sensing the cable
00:00
at the same time and put their message out there.
00:00
But if so, we get a collision.
00:00
Now what's important to know is this
00:00
is the most common standard.
00:00
This is Ethernet.
00:00
Ethernet is the technology that
00:00
almost every local area network is using.
00:00
There are always exceptions to that,
00:00
but for the vast majority were on Ethernet networks.
00:00
Which means this is how our network card determines,
00:00
can we transmit data on the network?
00:00
If you're wired into the network,
00:00
you're probably using CSMA/CD.
00:00
Now if you're not wired, you're using Wi-Fi,
00:00
then that is carrier sense multiple access,
00:00
not with collision detection, but collision avoidance.
00:00
Collision avoidance basically works,
00:00
it's almost like raising your hand in
00:00
that classroom rather than listening,
00:00
just putting your message out,
00:00
everybody raises their hand that wants to communicate.
00:00
The first person to raise their hand gets to go first,
00:00
then the second person, then the third.
00:00
We don't have collisions in
00:00
the CSMA/CA environment because
00:00
the host don't transmit their data,
00:00
they transmit an intent to send.
00:00
Now the last type of
00:00
media access control is called token passing.
00:00
Token passing is not as common today.
00:00
As a matter of fact, it's almost obsolete.
00:00
This was around back in the '90s and early 2000s,
00:00
and it was from IBM,
00:00
they brought in a system
00:00
>> or technology called Token Ring.
00:00
>> It was an alternative to Ethernet.
00:00
Basically there was this little 24-bit frame
00:00
that circled the Token Ring network,
00:00
and it was called a token.
00:00
What was important is there's only one token.
00:00
You can't communicate without the token,
00:00
so there were no collisions in Token Ring either.
00:00
But Token Ring was proprietary, it was expensive,
00:00
it was harder to work with,
00:00
so Token Ring really went away.
00:00
You do have other network technologies that
00:00
use token passing other than just Token Ring.
00:00
But most of those are falling out of favor as well.
00:00
We will acknowledge token passing,
00:00
but our main focus is going to be
00:00
on Ethernet and CSMA/CA.
00:00
Now with Ethernet, like we said,
00:00
carrier sense multiple access with collision detection.
00:00
We know that Ethernet is collision based.
00:00
We know we're going to see
00:00
collisions in an Ethernet network.
00:00
That's just the way it's designed.
00:00
If you have three or four hosts on an Ethernet network,
00:00
that's no big deal.
00:00
But when you're looking at having 300 hosts,
00:00
those collisions will bring traffic
00:00
to an absolute standstill.
00:00
We're going to have to find a way
00:00
to resolve these collisions.
00:00
Otherwise, our traffic is going to be moving so slowly,
00:00
no one can communicate.
00:00
Now one other thing that happens here
00:00
>> at the MAC sublayer is
00:00
>> I just want to mention physical addressing.
00:00
>> Now I've talked about this a little bit.
00:00
But ultimately,
00:00
every network card needs a unique address.
00:00
That's what the network card uses to say,
00:00
oh, this traffic is for me,
00:00
let me pull it off the network.
00:00
If that physical address is not added
00:00
>> to the data frame because
00:00
>> Layer 2,the data frame,
00:00
>> then no host will be able to pick up the data.
00:00
That MAC address is incredibly important,
00:00
it's what allows individual network cards
00:00
to pull traffic off the wire.
00:00
Now the thing about a MAC address though,
00:00
a MAC address is expressed in hexadecimal
00:00
>> and it's a 48-bit address.
00:00
>> The first 24 bits of the address
00:00
indicate who the individual manufacturer is.
00:00
If we're all in here running a bunch of
00:00
Broadcom cards, we wouldn't necessarily,
00:00
but we might have the first 24 bits be the same,
00:00
but the last 24 bits would totally be different.
00:00
That's the host portion of the address.
00:00
Your MAC address is divided up
00:00
into manufacturer ID and host ID.
00:00
What's important to realize is there's
00:00
no part of a MAC address that says
00:00
>> Kelly Handerhan is at a computer at
00:00
>> 101 Walker way in Silver Spring, Maryland.
00:00
There's nothing that tracks me down
00:00
>> from anywhere in the world.
00:00
>> You can't use a physical address
00:00
for worldwide addressing.
00:00
It's almost like a Social Security number.
00:00
You can't put a letter in the mail
00:00
>> to my Social Security number
00:00
>> and expect it to find me.
00:00
>> It is unique to me,
00:00
but there's nothing that narrows down
00:00
>> where the recipient would be.
00:00
>> But if traffic is already on your local network,
00:00
then a MAC address is exactly what we need.
00:00
Because that MAC address again,
00:00
allows the host to pull traffic off the network.
00:00
It's just like again,
00:00
my Social Security number,
00:00
you can't use it for worldwide addressing.
00:00
But when I was in college,
00:00
the professors would post our grades
00:00
>> by our Social Security number.
00:00
>> Rather than saying Kelly Handerhan got this grade,
00:00
my Social Security number would be up there.
00:00
Because we were all in the same class,
00:00
that worked fine now it wasn't secure
00:00
>> and it was basis for social engineering.
00:00
>> Of course, you knew
00:00
>> if you were going to socially engineer
00:00
>> and take somebody's Social Security number,
00:00
>> you always look for the people with the top grades.
00:00
Those were the ones that we're going to have
00:00
a lot of money in the bank.
00:00
Nobody ever stole my Social Security number
00:00
that way I wonder why.
00:00
But anyway, it's for local addressing only.
00:00
We're going to need some other type of address
00:00
when we're talking about worldwide communication.
00:00
Now, I've got to find out your MAC address
00:00
so that I can put your MAC address as
00:00
the destination on the data frame.
00:00
The protocol that learns the MAC address
00:00
>> from unknown host is called ARP.
00:00
>> A lot of times we go out
00:00
>> and we say connect to Server 1.
00:00
>> Well, DNS tells me that Server 1
00:00
>> has an IP address of 192.168.1.2.
00:00
>> Then once the IP address is known,
00:00
then it's ARP that says, "Hey,
00:00
everybody, who's IP addresses 192.168.1.2."
00:00
The computer with that IP address comes back and says,
00:00
"Oh, that's me, and here's my MAC address."
00:00
Then that MAC address can be added
00:00
to the data frame before it's transmitted.
00:00
ARP is really significant because it maps
00:00
an IP address to a MAC.
00:00
In this section, we focused on
00:00
the data link layer of the OSI model.
00:00
We talked about media access control,
00:00
whether we were using Ethernet that
00:00
you CSMA/CD and we have collisions.
00:00
Wi-Fi that uses CSMA/CA, no collisions.
00:00
Or we also referenced token passing
00:00
and Token Ring technology
00:00
where there were no collisions also,
00:00
but we just don't see it
00:00
>> because of its proprietary nature.
00:00
>> Then we talked about
00:00
>> the significance of MAC addressing,
00:00
>> and we also talked about Address Resolution Protocol.
00:00
I didn't mention in
00:00
this section that switches are also Layer 2
00:00
because I'm saving up our discussion for
00:00
network devices for our next section.
Up Next