Perry Mehta Virus, Backup and Restore LANWANInternet - PowerPoint PPT Presentation

1 / 134
About This Presentation

Perry Mehta Virus, Backup and Restore LANWANInternet


Use appropriate cables (recommended by vendor) in connecting UPS to server. Use Control Panel to configure UPS settings for the server. ... – PowerPoint PPT presentation

Number of Views:201
Avg rating:3.0/5.0
Slides: 135
Provided by: perry7


Transcript and Presenter's Notes

Title: Perry Mehta Virus, Backup and Restore LANWANInternet

Perry MehtaVirus, Backup and
  • Solano Community College
  • Week 4-5

  • Selecting backup hardware
  • Planning your backup schedule
  • Backing up files
  • Restoring files
  • Installing a UPS
  • Configuring Win2K for a UPS

Objectives (II)
  • Infestation
  • Virus
  • Types of Viruses
  • Worms/Trojan Horses
  • AV systems
  • LAN
  • WAN
  • Internet

Objectives III
  • OSI Model
  • TCP/IP Model
  • Ethernet
  • Token Ring
  • FDDI (Fiber Distributed Data Interface)
  • Routing Protocols

  • Planning
  • Involves planning, execution testing
  • Need to create an effective plan
  • Need to execute the plan faithfully
  • Need to run frequent tests
  • Why is it necessary to back data??

Hardware Backup options
  • Windows allows backup to logical drives or tape
  • Tape hardware
  • Quarter Inch Cartridge (QIC)
  • 10GB per cartridge uncompressed
  • Too slow
  • Digital Audio Tape (DAT)
  • 2 24GB per tape, transfer 2Mbps
  • Slow in restoring data
  • 8mm
  • 40GB per cartridge, transfer 3Mbps
  • Digital Linear Tape (DLT)
  • 20GB 40GB, transfer 2.5Mbps
  • Vendors
  • Compaq, iomega, HP, exabyte

Limitations of Tape Backup
  • Data can be lost between backups
  • Open File cannot be backed up
  • Solutions are
  • RAID disk storage
  • Fault Tolerant hardware
  • Mirroring
  • Clustering

Reasons to use 3rd party software backup solutions
  • Open files
  • make sure you understand the applications that
    keep files open when planning backup strategy
  • Multi-tape backups
  • plan for capacity (auto tape changer)
  • Backing up clients/registry
  • If there is need to backup data from client
    machines including registry
  • Automation
  • backups need to be automated so that backup can
    be done in wee hours w/o tech support

Types of backup
  • Normal
  • Back up all files that are selected regardless of
    their backup status (known via archive bit)
  • Sets the archive bit
  • Copy
  • Same as Normal w/o changing archive bit
  • Differential
  • Backup only those files that have changed since
    last backup
  • Does not change status of archive bit
  • Backup all the files since the last normal backup

Types (II)
  • Incremental
  • Backup only files that have changed since last
  • Clears the archive bit to show that files have
    been backed up
  • Keeps record of only files that have been
    modified since previous backup
  • Daily
  • Identify files to be backed up by looking at
    modified date
  • If a backed-up file is modified, backup is made

Tape Rotation
  • Tape rotation goals
  • Spread wear across tapes
  • Store data on and off site
  • Several copies of files where possible
  • Retain files for a certain time period (depends
    on company policy)
  • What types of rotation schemes have you seen?

Rotation Schemes
  • Two-set rotation
  • Two sets of 5 tapes and use each set in alternate
  • Good solution if files do not need be archived
    for long period of time

Rotation Schemes (II)
  • Grandfather-Father-Son (GFS)
  • Four tapes for each weekday
  • Five tapes for each of Fridays (some months have
    5 weeks)
  • One tape for each month

Backup screen
  • Start - Programs Accessories Systems Tools
  • Backup wizard guides you thru menu allowing
  • What to backup
  • Where to backup
  • How to backup (normal, incremental)
  • When to backup (scheduling)

Restoring files
  • Use restore wizard to restore selected
    files/folders from selected media
  • You can select which location it needs to be
    restored to

Power problems
  • Power problems could be
  • Outages
  • Voltage variations
  • Spikes and surges
  • Line noise
  • Use UPSs and surge protectors to protect your
  • Do not buy cheaper surge protectors and cheaper
    AV systems
  • It is small investment to protect your invaluable

Uninterruptible Power Supply (UPS)
UPS (continued)
  • Choose UPS that is right for your system
  • Use appropriate cables (recommended by vendor) in
    connecting UPS to server
  • Use Control Panel to configure UPS settings for
    the server.
  • Carry out an exhaustive test to make sure
  • UPS is fully functional and is carrying out all
    functions as presumed.

  • According to Andrews (2003), In 2001, one of 10
    corporate desktops were infected with computer
    infestation, and the rate of infestation is
    increasing 15 every year (p. 370)
  • Infestation unwanted program transmitted to a
    user computer w/o his/her knowledge.
  • 4 Types of infestation Virus, Worms, Trojan
    Horses and Logic Bombs

  • Program that replicates itself by attaching
    itself to another program, hence contagious.
  • Virus program has to be executed for it to create
    any sort of damage, thereby has incubation
  • Extremely destructive and most commonly found
    these days.

Boot Sector Virus
  • Boot Sector Virus
  • Hides on MBR (Master boot record) that loads OS
    on active partition of Hard Drive.
  • If floppy used for booting, virus can be hiding
    on the floppy disk as well. (very common)
  • Prevention Setup CMOS to disable boot sector

File Virus
  • Hides in executable file (.exe) program or word
    document containing macro (small program)
  • Macro viruses spreads commonly attachments in
  • Melissa (macro virus of 1999) word 97 file
  • Upon opening attachment, macro executed and send
    the same email to 50 users found in address book.

More Viruses
  • Multipartite virus combo of boot sector and file
  • Polymorphic changing its signature and
    characteristics as it mutates masking itself
    from being recognized by AV
  • Encrypting transform itself whereby its stops
    mutating for AV to catch it
  • Stealth Act of concealing by altering OS info on
    file size and temporarily removing itself from
    file about to be opened to conceal its identity.

  • Program that spreads copies of itself without a
    host program
  • Worms overloads the network/memory/hard drive
    causing it to crash due to incessant replication

Trojan Horse
  • Does not need a host to run
  • Replaces itself for legitimate program
  • Does not replicate
  • Not as common as virus

Logic Bomb
  • Dormant code that can be triggered at
    predetermined time.
  • Eg. Disgruntled employees creating logic bomb in
    payroll system.

Infestation Spreads
  • Floppy disks exchange
  • Purchase software from unreliable sources
  • Downloading from web
  • Used, preformatted floppies
  • Opening unsolicited attachments
  • Not write-protecting original program disks

Act of Replication
  • For any program to execute, it must be stored in
  • Virus sitting in the program is also now in
  • Virus will now look for other programs in memory
    to replicate onto those programs as well.
  • Virus becomes dangerous the longer it stays in
    memory eg. Hence good practice is to clean out
    cache of memory by rebooting.

Virus Hoax
  • All of us have at some point received something
    that reads like
  • There is a new virus out there in the last
    couple of days!! DO NOT OPEN Please forward this
    email to your loved ones and friends.
  • Do not forward such emails.
  • The intent is to clutter the network with
    unnecessary traffic.

Protection against Infestations
  • Run AV at startup and automatic periodic updates
  • Automatic scanner to scan word docs and email
  • Buy s/w from reputable vendors
  • Avoid trading floppies
  • Scan every floppy for virus

Protection (continued)
  • Download programs from internet sparingly
  • Careful of pirated software
  • Before using machine used by someone else (public
    places such as labs), hard boot to erase the
    memory resident programs/viruses
  • Disable changes to MBR option via CMOS

Selection of AV
  • Automatic software updates and virus definitions
    keeping the computer abreast of latest viruses
  • Execute at startup
  • Detect macros in word processor
  • Automatically check for email attachment viruses
  • Ability to scan automatically or manually for

AV Web Sites/Companies

Development of OSI
  • Quote from William Stallings
  • The history of development of OSI model is, for
    some reason, a little known story
  • Design of OSI was actually done by group at
    Honeywell Info Systems, headed by Mike Canepa,
    with Charlie Bachman as principal technical
    member in mid 70s

Development continued1
  • Focus for the group was structured communication
  • They studied the SNA systems network arch,
    ARPANET and standardized database systems
  • Result was 7-layer arch known as DSA Distributed
    Systems Architecture in 1977.

Development continued2
  • In 77, British Standards Institute proposed to
    the International Organization for
    standardization (ISO) that standard
    architecture is needed to define communication
    for distributed processing
  • ISO formed subcommittee on OSI open systems
  • ANSI American National Standards Institute was
    charged to develop proposals in advance of the
    1st formal meeting of the subcommittee.

Development continued3
  • ANSI selected DSA plan of Bachman and Canepa
  • When ISO met in Mar78, the plan was approved w/
    consensus that architecture would support most
    requirements of OSI and can be expanded further
  • Provisional version released in Mar78
  • Refinements were published in June79
  • Standardized in 1984

SNA model v/s OSI
  • The figure shows the comparison and similarities
    of the SNA Model to the OSI model.
  • SNA only discusses the 6 layers minus the
    physical layer since there is no set standard for
    layer 1.

SNA layers
  • Data link control (DLC)
  • Defines several protocols, including the
    Synchronous Data Link Control (SDLC) protocol for
    hierarchical communication
  • Token Ring Network communication protocol for LAN
    communication between peers.
  • SDLC provided a foundation for IEEE 802.2.
  • The data link control Layer provides the
    error-free movement of data between the Network
    Addressable Units (NAUs) within a given
    communication network via the Synchronous Data
    Link Control (SDLC) Protocol.
  • Path Control
  • Performs routing and datagram segmentation and
    reassembly (SAR)
  • Eg. APPN
  • Handles session establishment between peer nodes,
    dynamic transparent route calculation, and
    traffic prioritization.

SNA layers (2)
  • Transmission Control
  • Reliable end-to-end service
  • Provides encrypting and decrypting services
  • NetBEUI NetBIOS Extended User Interface
  • Data Flow Control
  • Manages request and response processing
  • Determines whose turn it is to communicate
  • Groups messages
  • Interrupts data flow upon request
  • Eg. NetBIOS

SNA Layers (3)
  • Presentation services
  • Data transformation to translate data from one
    format to another
  • Coordinate resource sharing
  • Synchronize transactions operations
  • Eg. IPDS intelligent printer data stream
  • Transaction Services
  • Programs that implement distributed processing on
    management services
  • SMB (server message block)
  • IBM protocol for sharing files, printers, serial
    ports, etc. between computers (

OSI Model and 7 layers
  • OSI model describes how info flows from s/w
    application in one computer to another
  • Model divides tasks involved w/ moving info
    between networked computers into 7 manageable
    task groups specifying particular network
  • Each task is carried out in form of layer, hence
    the 7 layer model
  • Upper Layers Top 3
  • Bottom Layers Bottom 4

Diagram of OSI model

Functions of each layer
  • Application Layer 7
  • User Interface
  • Communication services to support applications
    such as s/w for file transfers, database access
    and email
  • Telnet, HTTP, FTP, WWW
  • Presentation Layer 6
  • How is data presented
  • Data Encryption
  • Compression of the data

Functions continued1
  • Session Layer 5
  • Allows applications on different computers to
    establish, use and end each session
  • Regulating which side transmits and how long
  • SQL, NFS, DECnet Session Control Protocol (SCP)
  • Transport Layer 4
  • Segments long messages into small packets for
  • Reordering of packets for error-free delivery
  • Network Layer 3
  • Defines and learns Routes to destination
  • Fragmenting of packet
  • IP, IPX

Functions continued2
  • Data Link Layer 2
  • Provides reliable transmit of data frames
    across a physical link
  • IEEE divided the layer into 2 parts
  • LLC logical link control
  • Manages comm between devices over a single link

  • MAC Media Access Control
  • Defines MAC addresses to identify each device
  • IEEE 802.3/802.2, PPP, FDDI, ATM
  • Physical Layer 1
  • Regulates transmission of bits over phy medium
  • Specification of voltage, wire speed, cable
  • V.35, EIA/TIA-232, EIA/TIA-449, RJ45

OSI Reference Model
OSI Reference Model
James Bond 007 and OSI 7 Layers
  • 7th FloorBond meets Number 1 at spy H/Q and is
    given a message to deliver to US embassy
  • 6th FloorBond proceeds to 6th floor where
    message is translated into intermediary language,
    encrypted and miniaturized
  • 5th Floor Security checks the message and puts
    some chkpoints in the message so his counterpart
    in US embassy can be sure he has the entire
  • 4th Floor The large message is broken into small
    packets so spies at the other end in US embassy
    can reassemble it

Bond 007 Continued1
  • 3rd Floor Personnel chk the address and advice
    Bond of the fastest route to destination
  • 2nd Floor Message is put in a special pouch
    packet which contains the message, source and
    destination ID
  • 1st Floor Q has prepared the Aston Martin for
    the trip to the Embassy
  • On the other side, bond proceeds from bottom to
    top floor as message is decoded.
  • US ambassador is grateful and says to Bond
    Bond, pls tell Number 1 Ill be glad to meet him
    for dinner tonite.

OSI versus TCP/IP
  • TCP/IP layers are based upon DoD (dept of
    defense) model

  • Differences
  • One can only functionally position the internet
    model to the ISO OSI model because basic
    differences exist such as
  • In the Internet protocol suite, a layer
    represents a reasonable packaging of function.
  • The ISO view, on the other hand, treats layers as
    rather narrow functional groups, attempting to
    force modularity by requiring additional layers
    for additional functions.

  • Differences
  • In the TCP/IP protocols, a given protocol can be
    used by other protocols within the same layer,
    whereas in the OSI model two separate layers
    would be defined in such circumstances.
  • Examples of such "horizontal dependencies" are
    FTP, which uses the same common representation as
    TELNET on the "application layer," and ICMP,
    which uses IP for sending its datagrams on the
    "internetwork" layer.

  • Differences
  • In practice, what we are discussing here is the
    difference between ade jure standard, OSI, and
    ade facto standard, TCP/IP.
  • The focus in the TCP/IP world is on agreeing on a
    protocol standard which can be made to work in
    diverse heterogeneous networks.
  • The focus in the OSI world has always been more
    on the standard than the implementation of the

  • Efficiency and feasibility.
  • The OSI norms tend to be prescriptive (for
    instance the "layer N" must go through "all
    layers below it"), whereas the TCP/IP protocols
    are descriptive, and leave a maximum of freedom
    for the implementers.
  • One of the advantages of the TCP/IP approach is
    that each particular implementation can use
    operating system-dependent features, generally
    resulting in a greater efficiency (fewer CPU
    cycles, more throughput for similar functions),
    while still ensuring "interoperability" with
    other implementations.

  • Efficiency and feasibility.
  • Another way to see this is that most of the
    Internet protocols have first been developed
    (coded and tested), before being "described" in
    an RFC (usually by the implementer) which clearly
    shows the feasibility of the protocols.

TCP/IP Suite
  • Application Layers (top 3)
  • user interface for the various protocols and
    applications that access the network
  • File transfer, remote logon to other nodes,
    e-mail functionality, and network monitoring.
  • Host to Host layer
  • flow control and connection reliability as data
    moves from a sending to a receiving computer.
  • Internet layer
  • routing of data across logical network paths and
    provides an addressing system to the upper layers
    of the DOD stack
  • Defines the packet format used for the data as it
    moves onto the network.
  • Network Access Layer
  • consists of the protocols that take the packets
    from the Internet layer and package them in an
    appropriate frame type.

  • The Dynamic Host Configuration Protocol (DHCP)
    provides a framework for passing configuration
    information to hosts on a TCP/IP network.
  • DHCP is based on the BOOTP protocol, adding the
    capability of automatic allocation of reusable
    network addresses and additional configuration
  • DHCP participants can interoperate with BOOTP
    participants (RFC 1534).

  • DHCP supports three mechanisms for IP address
  • Automatic allocation
  • DHCP assigns a permanent IP address to the host.

  • Manual allocation
  • The host's address is assigned by a network
  • Dynamic allocation
  • DHCP assigns an IP address for a limited period
    of time.
  • Such a network address is called a lease.
  • This is the only mechanism that allows automatic
    reuse of addresses that are no longer needed by
    the host to which it was assigned.

  • This section describes the client/server
    interaction if the client does not know its
    network address.
  • Assume that the DHCP server has a block of
    network addresses from which it can satisfy
    requests for new addresses.
  • Each server also maintains a database of
    allocated addresses and leases in permanent local
  • The client broadcasts a DHCPDISCOVER message on
    its local physical subnet.
  • The DHCPDISCOVER message may include some options
    like network address suggestion or lease duration
  • Each server may respond with a DHCPOFFER message
    that includes an available network address and
    other configuration options.

  • The client receives one or more DHCPOFFER
    messages from one or more servers.
  • The client chooses one based on the configuration
    parameters offered and broadcasts a DHCPREQUEST
    message which includes the server identifier''
    option to indicate which message it has selected.

  • The servers receive the DHCPREQUEST broadcast
    from the client.
  • Those servers not selected by the DHCPREQUEST
    message use the message as notification that the
    client has declined that server's offer.
  • The server selected in the DHCPREQUEST message
    commits the binding for the client to persistent
    storage and responds with a DHCPACK message
    containing the configuration parameters for the
    requesting client.
  • The combination of client hardware and assigned
    network address constitute a unique identifier
    for the client's lease and are used by both the
    client and server to identify a lease referred to
    in any DHCP messages.
  • The "your IP address" field in the DHCPACK
    messages is filled in with the selected network

  • The client receives the DHCPACK message with
    configuration parameters.
  • The client performs a final check on the
    parameters, for example with ARP for allocated
    network address, and notes the duration of the
    lease and the lease identification cookie
    specified in the DHCPACK message.
  • At this point, the client is configured.
  • If the client detects a problem with the
    parameters in the DHCPACK message, the client
    sends a DHCPDECLINE message to the server and
    restarts the configuration process.
  • The client should wait a minimum of ten seconds
    before restarting the configuration process to
    avoid excessive network traffic in case of

  • If the client receives a DHCPNAK message, the
    client restarts the configuration process.
  • The client may choose to relinquish its lease on
    a network address by sending a DHCPRELEASE
    message to the server.
  • The client identifies the lease to be released by
    including its network address and its hardware

IP Addresses
  • Unique 32-bit address
  • Three major classes
  • Class A (/8)
  • Class B (/16)
  • Class C (/24)
  • Subnet masking get away from two level hierarchy
    so as to control broadcast storms

IP Address
IP Address Range
Subnetting example
Configuring TCP/IP on PC
  • Primary DNS
  • Default gateway
  • IP Address
  • Pre-Windows 2000, then need WINS/NetBIOS name

NetBEUI (NetBIOS extended user interface)
  • To be used with NetBIOS
  • NetBIOS is protocol that allows computers on
    network to be known by friendly name
  • NetBEUI is non-routable
  • NetBEUI works at layer ¾ (fig next slide)
  • NetBIOS, works at Session layer, sets up
    communication session between two computers on
  • Redirector makes client computer see all ntwk
    resources as if they are locaol
  • SMB (server message block) provides peer-peer
    comm between redirectors on client and network
    server machines.
  • Good for local peer-peer networks, but cannot be
    used for internetworking as it is not routable.

NetBEUI stack
Other Technologies
  • Microsoft NetworkingNetBIOS
  • NetBIOS, a layer of software developed to link a
    network operating system with specific hardware,
    was originally designed as THE network controller
    for IBM's Network LAN.
  • NetBIOS has now been extended to allow programs
    written using the NetBIOS interface to operate on
    the IBM token ring architecture.
  • NetBIOS has since been adopted as an industry
    standard and now, it is common to refer to
    NetBIOS-compatible LANs.

Other Technologies
  • Microsoft NetworkingNetBIOS
  • It offers network applications a set of "hooks"
    to carry out inter-application communication and
    data transfer.
  • In a basic sense, NetBIOS allows applications to
    talk to the network.
  • Its intention is to isolate application programs
    from any type of hardware dependencies.
  • It also spares software developers the task of
    developing network error recovery and low level
    message addressing or routing.
  • The use of the NetBIOS interface does a lot of
    this work for them.

Other Technologies
  • Microsoft NetworkingNetBEUI
  • NetBEUI is an enhanced version of the NetBIOS
    protocol used by network operating systems.
  • It formalizes the transport frame that was never
    standardized in NetBIOS and adds additional

Other Technologies
  • Microsoft NetworkingNetBEUI
  • The transport layer driver frequently used by
    Microsofts LAN Manager.
  • NetBEUI implements the OSI LLC2 protocol.
  • NetBEUI is the original PC networking protocol
    and interface designed by IBM for the LanManger
  • This protocol was later adopted by Microsoft for
    their networking products.
  • It specifies the way that higher level software
    sends and receives messages over the NetBIOS
    frame protocol.
  • This protocol runs over the standard 802.2
    data-link protocol layer.

Appletalk (MACs)
  • Routable protocol that allows large networks to
    be broken into subgroups called zones
  • Zones is similar to workgroups in windows
    peer-peer networking
  • Network Address is divided into network portion
    and node portion

  • Internetwork Packet Exchange/Sequential Packet
  • Used for Novell NetWare network operating System
  • Routable protocol

IPX/SPX stack
Troubleshooting Protocols
  • Ping
  • Telnet
  • FTP (file transfer protocol)
  • Tracert
  • IPConfig
  • Netstat

Routing Protocols
  • Border Gateway Protocol (BGP)
  • Open Shortest Path First (OSPF)
  • Routing Information Protocol (RIP)
  • Resource Reservation Protocol (EIA-VP)
  • IP multicast

Routing Protocols
  • Routing Protocols
  • Many different low-level network protocols exist
    for routing data through the Internet.
  • Border Gateway Protocol (BGP)
  • An Exterior Gateway Protocol defined in RFC 1267
    and RFC 1268.
  • Its design is based on experience gained with
    Exterior Gateway Protocol (EGP)

Routing Protocols
  • Open Shortest Path First (OSPF)
  • A link state routing protocol that is one of the
    Internet standard Interior Gateway Protocols
    defined in RFC 1247.
  • There is no OSPF EGP, OSPF is an IGP only.
  • Routing Information Protocol (RIP)
  • A distance vector, as opposed to link state,
    routing protocol.
  • RIP is an Internet standard Interior Gateway
    Protocol defined in STD 34, RFC 1058 and updated
    by RFC 1388.

Routing Protocols
  • Resource Reservation Protocol (RSVP)
  • A protocol that supports quality of service.
  • IP multicast
  • Ethernet addressing scheme used to send packets
    to devices of a certain type or for broadcasting
    to all nodes.
  • The least significant bit of the most significant
    byte of a multi-cast address is one.

  • Ethernet
  • In 1973, at Xerox Corporations Palo Alto
    Research Center (more commonly known as PARC),
    researcher Bob Metcalfe designed and tested the
    first Ethernet network.
  • While working on a way to link Xeroxs "Alto"
    computer to a printer, Metcalfe developed the
    physical method of cabling that connected devices
    on the Ethernet as well as the standards that
    governed communication on the cable.
  • Ethernet has since become the most popular and
    most widely deployed network technology in the
  • Many of the issues involved with Ethernet are
    common to many network technologies, and
    understanding how Ethernet addressed these issues
    can provide a foundation that will improve your
    understanding of networking in general.

  • Ethernet
  • The Ethernet standard has grown to encompass new
    technologies as computer networking has matured,
    but the mechanics of operation for every Ethernet
    network today stem from Metcalfes original
  • The original Ethernet described communication
    over a single cable shared by all devices on the
  • Once a device attached to this cable, it had the
    ability to communicate with any other attached
  • This allows the network to expand to accommodate
    new devices without requiring any modification to
    those devices already on the network.

  • Ethernet
  • Ethernet is a local area technology, with
    networks traditionally operating within a single
    building, connecting devices in close proximity.
  • At most, Ethernet devices could have only a few
    hundred meters of cable between them, making it
    impractical to connect geographically dispersed
  • Modern advancements have increased these
    distances considerably, allowing Ethernet
    networks to span tens of kilometers.

  • ICCC 802.3 CSMA/CD Protocol (Carrier Sense
    Multiple Access / Collision Detection)
  • The acronym CSMA/CD signifies carrier-sense
    multiple access with collision detection and
    describes how the Ethernet protocol regulates
    communication among nodes.
  • Multiple access means that when one Ethernet
    station transmits, all the stations on the medium
    hear the transmission.
  • Carrier Sense means that before a station
    transmits, it "listens" to the medium to
    determine if another station is transmitting.
  • If the medium is quiet, the station recognizes
    that this is an appropriate time to transmit.

  • Ethernet Collision detection
  • Carrier-sense multiple access gives us a good
    start in regulating our traffic on the wire, but
    there is one scenario we still need to address.
  • If two stations listen to the wire and it is
    clear, they could very well try to start
    transmitting at the same time.
  • In Ethernet terminology, this is referred to as a
    collision, or when two stations try to transmit
    at once.

  • Ethernet Collision detection
  • Ethernet nodes listen to the medium while they
    transmit to ensure that they are the only station
    transmitting at that time.
  • If the stations hear their own transmission
    returning in a garbled form, as would happen if
    some other station had begun to transmit its own
    message at the same time, then they know that a
    collision occurred.
  • A single Ethernet segment is sometimes called a
    collision domain because no two stations on the
    segment can transmit at the same time without
    causing a collision.
  • When stations detect a collision, they cease
    transmission, wait a random amount of time, and
    attempt to transmit when they again detect
    silence on the medium.

  • Ethernet Collision detection
  • The random pause and retry is an important part
    of the protocol.
  • If two stations collide when transmitting once,
    then both will need to transmit again.
  • At the next appropriate chance to transmit, both
    stations involved with the previous collision
    will have data ready to transmit.
  • If they transmitted again at the first
    opportunity, they would most likely collide again
    and again indefinitely.
  • Instead, the random delay makes it unlikely that
    any two stations will collide more than a few
    times in a row.

  • Ethernet frame formats
  • The following section will outline the specific
    fields in the different types of Ethernet frames.

  • We will refer to fields by referencing their
    "offset" or number of bytes from the start of the
    frame, beginning with zero.
  • Therefore, when we say that the destination
    address field is from offset zero through five,
    we are referring to the first six bytes of the

  • Ethernet frame formats
  • Regardless of the frame type being used, the
    means of digital signal encoding on an Ethernet
    network is the same.
  • While a discussion of Manchester Encoding is
    beyond the scope of this discussion, it is
    sufficient to say this
  • On an idle Ethernet network, there is no signal.

  • Because each station has its own oscillating
    clock, the communicating stations have to have
    some way to "synch up" their clocks and thereby
    agree on how long one bit time is.
  • The preamble facilitates this. The preamble
    consists of 8 bytes of alternating ones and
    zeros, ending in 11.

  • Ethernet frame formats
  • A station on an Ethernet network detects the
    change in voltage that occurs when another
    station begins to transmit, and uses the preamble
    to "lock on" to the sending station's clock
  • Because it takes some amount of time for a
    station to "lock on", it does not know how many
    bits of the preamble have gone by.
  • For this reason, we say that the preamble is
    "lost" in the "synching up" process.
  • No part of the preamble ever enters the adapter's
    memory buffer.
  • Once locked on, the receiving station waits for
    the 11 that signals that the Ethernet frame
  • Most modern Ethernet adapters are guaranteed to
    achieve a signal lock within 14 bit-times.

  • Ethernet frame formats
  • While the preamble is common to every type of
    Ethernet, what follows it is certainly not.
  • The major types of Ethernet Frame Format are
    shown here.

  • Ethernet frame formats

  • Ethernet frame formats
  • Extended Ethernet Frame Formats
  • Purpose
  • Extend the Ethernet Frame Format to allow frames
    with payloads larger than 1500 bytes to be
    unambiguously identified
  • Motivation
  • Gigabit Ethernet, a high-speed broadcast LAN
    technology, will interconnect co-located
    high-speed network routers
  • Various access media, with different MTUs, may be
    deployed in networks
  • Avoid performance degradation due to MUTs, may be
    deployed in networks
  • Avoid performance degradation due to
    fragmentation at the interconnect
  • Server efficiency increases with larger packet

Ethernet Cabling Options
  • 10 Mbps Ethernet design
  • The 5-4-3 (2-1) rule
  • The 5-4-3-2-1 rule embodies a simple recipe for
    network design.
  • It may not be easy to find examples in practice,
    but this rule neatly ties together several
    important elements of design theory.
  • To understand this rule, it's first necessary to
    understand the concepts of collision domains and
    propagation delay.
  • Collision domains are portions of a network.
  • When a network packet is transmitted over
    Ethernet, for example, it is possible for another
    packet from a different source to be transmitted
    close enough in time to the first packet to cause
    a collision on the wire.
  • The total range over which a packet can travel
    and potentially collide with another is its
    collision domain.

  • 10 Mbps Ethernet design
  • The 5-4-3 (2-1) rule
  • Propagation delays are a property of the physical
    medium (e.g., Ethernet).
  • Propagation delays help determine how much of a
    time difference between the sending of two
    packets on a collision domain is "close enough"
    to actually cause a collision.
  • The greater the propagation delay, the increased
    likelihood of collisons.
  • The 5-4-3-2-1 rule limits the range of a
    collision domain by limiting the propagation
    delay to a "reasonable" amount of time.

  • 10 Mbps Ethernet design
  • The 5-4-3 (2-1) rule
  • The rule breaks down as follows
  • 5 - the number of network segments
  • 4 - the number of repeaters needed to join the
    segments into one collision domain
  • 3 - the number of network segments that have
    active (transmitting) devices attached
  • 2 - the number of segments that do not have
    active devices attached
  • 1 - the number of collision domains
  • Because the last two elements of the recipe
    follow naturally from the others, this rule is
    sometimes also known as the "5-4-3" rule for

  • 10 Mbps Ethernet design
  • One of the problems with Ethernet is that under
    high loads, performance will noticeably be
    degraded, due to the number of collisions and
    retransmissions that will take place.
  • It is also very difficult to isolate problems
    when using a bus configuration.
  • The Institute of Electrical and Electronic
    Engineers developed a number of electrical
    standards for data communications that were
    adopted by the American National Standards
  • These were referred to as IEEE 802.x protocols.

  • 10 Mbps Ethernet design
  • Because of the problem with collisions, standard
    Ethernet systems are limited in capacity to about
    35 or maximum, after which the system becomes
    very slow and unreliable.
  • Ways to reduce collisions include
  • Bridging
  • Sub-netting
  • Moving to a switched system

  • 10 Mbps Ethernet design
  • Perhaps the most striking advancement in
    contemporary Ethernet networks is the use of
    switched Ethernet.
  • Switched networks replace the shared medium of
    legacy Ethernet with a dedicated segment for each
  • These segments connect to a switch, which acts
    much like an Ethernet bridge, but can connect
    many of these single station segments.
  • Some switches today can support hundreds of
    dedicated segments.
  • Since the only devices on the segments are the
    switch and the end station, the switch picks up
    every transmission before it reaches another
  • The switch then forwards the frame over the
    appropriate segment, just like a bridge, but
    since any segment contains only a single node,
    the frame only reaches the intended recipient.
  • This allows many conversations to occur
    simultaneously on a switched network.

  • 10 Mbps Ethernet design
  • Ethernet switching gave rise to another
    advancement, full-duplex Ethernet.
  • Full-duplex is a data communications term that
    refers to the ability to send and receive data at
    the same time.
  • Legacy Ethernet is half-duplex, meaning
    information can move in only one direction at a
  • In a totally switched network, nodes only
    communicate with the switch and never directly
    with each other.
  • Switched networks also employ either twisted pair
    or fiber optic cabling, both of which use
    separate conductors for sending and receiving
  • In this type of environment, Ethernet stations
    can forgo the collision detection process and
    transmit at will, since they are the only
    potential devices that can access the medium.
  • This allows end stations to transmit to the
    switch at the same time that the switch transmits
    to them, achieving a collision-free environment.

  • Fast Ethernet
  • Fast Ethernet is a local area network (LAN)
    transmission standard that provides a data rate
    of 100 megabits per second (referred to as
  • Workstations with existing 10 megabit per
    second(10BASE-T) Ethernet card can be connected
    to a Fast Ethernet network.
  • The 100 megabits per second is a shared data
    rate input to each workstation is constrained by
    the 10 Mbps card.

  • Fast Ethernet
  • Basically the same as Ethernet, but faster.
  • More limited than Ethernet, since it can only be
    run over Twisted Pair or Fibre (no coax)
  • Although Fast Ethernet runs ten times faster than
    standard Ethernet networks, the advance from
    10Mbps to 100Mbps hasn't come without a few
    technical sacrifices, the first of which is known
    as the Fast Ethernet two hub rule (2-1 rule).

  • Fast Ethernet
  • The two hub rule basically says this you can't
    join more than two regular 100Mbps hubs together
    without using some kind of switch or repeater to
    boost the interim signal.
  • In other words, if you try to uplink three, four,
    or more standard hubs together, you're in for
    real trouble.
  • Data won't go where it's supposed to go,
    applications will undoubtedly fail, and your
    users will get steamed for sure.
  • Note that this only applies to standard hubs,
    which are joined together through uplinkingthis
    is nothing more than connecting each hub to each
    successive hub with standard network cabling.
  • In this case, each hub is seen by the network as
    a separate entity, and if you're using Fast
    Ethernet, you'll hit the "two hub" rule wall
    pretty fast.

  • Fast Ethernet
  • Not so with stacking technology.
  • Stackable hubs are designed to appear as a single
    hub to the network--even when connected in
  • Let's say you have a hub with four ports.
  • If this is a standard hub, you can only add one
    more hub without having to buy a switch or a
  • If the hub is stackable, though, you can add a
    second, third, or even tenth stackable hub--and
    the network will still think you're only using
    one hub at the site.
  • Depending on your expansion requirements, you get
    a lot more bang for your buck with stacking
    technology because you don't have to worry so
    much about expansion limitations in the future.

  • Fast Ethernet
  • Not so with stacking technology.
  • Unlike regular hubs that are uplinked together
    with regular network cables, stackable hubs are
    "stacked" or "cascaded" with one or more
    "stacking cables."
  • These cables aren't like standard 10BaseT cords
    they're specially designed to actually join the
    backplane of one hub to the next.
  • The result is a minimal slowdown when data moves
    from one hub to another since information doesn't
    have to pass through the hub's regular RJ-45
    ports and the vast array of error correction
    other filters found there.

Fast Ethernet Overview
Basic Rules SMC 3 - 2 Rule
SMC 2 - 1 Rule
3 link segments and
2 link segments and
2 Class II repeaters
1 Class I repeater
Class I Repeater
Class II Repeater
Class II Repeater
Ethernet vs. Fast Ethernet
  • Fast Ethernet
  • IEEE 802.3u
  • 100 Mbps CSMA/CD
  • 64 to 1518 byte frame size
  • Supported Cable Type
  • - Twisted Pair (100BASE-TX, 2 pair,
  • UTP Cat. 5)
  • - Twisted Pair (100BASE-T4, 4 pair,
  • UTP Cat. 3, 4 and 5)
  • - Twisted Pair (100Base-T2, 2 pair,
  • UTP Cat. 3, 4 and 5)
  • - Fiber (100BASE-FX, 62.5 micron)
  • - MII
  • Ethernet
  • IEEE 802.3
  • 10 Mbps CSMA/CD
  • 64 to 1518 byte frame
  • Supported Cable Type
  • - Twisted Pair (10BASE-T,
  • UTP Cat. 3, 4 and 5)
  • - Fiber (10BASE-FL,
  • 62.5/125 micron core)
  • - Thin Coax (10Base2)
  • - Thick Coax (10BASE5)
  • - AUI

  • Gigabit Ethernet
  • In March 1996, the IEEE 802.3 committee approved
    the 802.3z Gigabit Ethernet Standardization
  • At that time as many as 54 companies expressed
    there intent to participate in the
    standardization project.
  • The Gigabit Ethernet Alliance was formed in May
    1996 by 11 companies
  • 3Com Corp., Bay Networks Inc., Cisco Systems
    Inc., Compaq Computer Corp., Granite Systems
    Inc., Intel Corporation, LSI Logic, Packet
    Engines Inc., Sun Microsystems Computer Company,
    UB Networks and VLSI Technology.

  • Gigabit Ethernet
  • The Alliance represents a multi-vendor effort to
    provide open and inter-operable Gigabit Ethernet
  • The objectives of the alliance are
  • supporting extension of existing Ethernet and
    Fast Ethernet technology in response to demand
    for higher network bandwidth.
  • developing technical proposals for the inclusion
    in the standard
  • establishment of inter-operability test
    procedures and processes

  • Gigabit Ethernet
  • The Physical Layer of Gigabit Ethernet uses a
    mixture of proven technologies from the original
    Ethernet and the ANSI X3T11 Fibre Channel
  • Gigabit Ethernet supports 4 physical media types
  • These are defined in 802.3z (1000Base-X) and
    802.3ab (1000Base-T).

  • Gigabit Ethernet
  • The 1000Base-X standard is based on the Fibre
    Channel Physical Layer.
  • Fibre Channel is an interconnection technology
    for connecting workstations, supercomputers,
    storage devices and peripherals.
  • Fibre Channel has a 4 layer architecture.
  • The lowest two layers FC-0 (Interface and media)
    and FC-1 (Encode/Decode) are used in Gigabit
  • Since Fibre Channel is a proven technology,
    re-using it will greatly reduce the Gigabit
    Ethernet standard development time.
  • Three types of media are include in the
    1000Base-X standard
  • 1000Base-SX850 nm laser on multi mode fiber.
  • 1000Base-LX1300 nm laser on single mode and multi
    mode fiber.
  • 1000Base-CXShort haul copper "twinax" STP
    (Shielded Twisted Pair) cable

  • Gigabit Ethernet
  • 1000Base-T
  • 1000Base-T is a standard for Gigabit Ethernet
    over long haul copper UTP.
  • The standards committee's goals are to allow up
    to 25-100 m over 4 pairs of Category 5 UTP.
  • The MAC Layer of Gigabit Ethernet uses the same
    CSMA/CD protocol as Ethernet.
  • The maximum length of a cable segment used to
    connect stations is limited by the CSMA/CD
  • If two stations simultaneously detect an idle
    medium and start transmitting, a collision

  • 10GB Ethernet
  • Over the past several years, Ethernet has been
    the most popular choice of technology for local
    area networks (LAN).
  • There are millions of Ethernet users worldwide
    and still counti
Write a Comment
User Comments (0)