Home‎ > ‎

Ethernet and IP

Ethernet and IP Stacks

1. Understanding Ethernet & IP

1.1 Ethernet Theory

1.2 Layer 2 Protocols

  • Spanning Tree Protocol.  A review of the dreaded spanning tree, how it works, and the different versions
  • VLAN Trunking Protocols: Discusses how VLAN management is supported and implemented.

1.3 IP Theory

1.4 TCP/UDP (Layer4) Theory

  • IP/TCP/UDP/ICMP Poster. A nice poster to printout on a plotter. Shows all of the IP Stack's packets and some of their flow diagrams.

2. Managing IP Space

  • Getting IP Addresses: How to request IP's and BGP ASN's from the registries
  • RFC1918: Address Allocation for Private Internets. (Cisco also briefly explains the private (non-Internet rotatable) IP Address's.)
  • RFC 1878: Variable Length Subnet Table For IPv4
  • RFC 3330: Special-Use IPv4 Addresses. ie:,, and to name a few.
  • RFC 1466: Guidelines for Management of IP Address Space, and a successor, RFC 2101: IPv4 Address Behaviour Today.

  • Break out of ip blocks in text, pdf and visio. This shows the blocks of IP's and how they can be masked together. (visually, how would you group a bunch of /30's with a bunch of /29's with a couple /28's, /27's, /26's and one /25.)
  • Choosing private IP space for your business: A plan on how to provide IPs to different offices, and how to break it out within the office.  

3. Ethernet/IP Configuration on other Hosts

  • Linux IP Settings. A brief reminder on how all the Ethernet and IP stacks come together on the Linux/Redhat platform.

4. Analysing and Monitoring Network Traffic

This section is kind of a bridge between the "analysing ethernet and ip" section, and the "security" section. Here we will be looking at ways to view traffic, debug problems, and use different tools to help analyse what is going on.

4.1 Procedures for testing:

  • Spaning and tcpdump. This doc explains how to setup cisco switches to "span" or to mirror traffic between two hosts to another sniffing host. It also describes some basic unix tcpdump commands to sniff the traffic and to save it to a file to be later analised with ethereal.
  • Traffic and Bandwidth Testing Procedures. A simple set of steps that can be used to test different networking equipment to see how they behave when traffic is sent through them.

4.2 Tools for testing:

  • ethereal. A tool for viewing tcpdump (and other) files. This tool lets you view all the individual packets, and explains the packets in detail.
  • tcptrace. A tool for analysing traffic flows from tcpdump (and other) files. This tool lets you analise traffic statistics, allowing you to see tcp problems with traffic flows.
  • iperf network bandwidth testing utitlity, and tcpplot a TCP throughput dashboard.
  • ftrace: better views of packet issues from the side of the linux host. 
  • Tools for modeling the user-traffic "The following list outlines tools for the collection of user-generated traffic, the analysis of thus data and related software i.e. for manipulating the recorded data."
  • Traffic Generators. "Tools for generating artifical traffic mimicing real traffic for measurement, testing"

Appendix A- References

  • RFC1700: Assigned Numbers Also in Local PDF Format. This is the motherload of references for ip numbers. It specifies all ip types, TCP and UDP reserved ports and a whole lot more! But it is outdated and replaced by RFC 3232: rfc 1700 is Replaced by an On-line Database
  • IEEE's OUI Site Search. Have you ever looked at a MAC address, and wondered who it belonged to? This page will search the OID (first 6 hex digits) and tell you who made the NIC.
  • RFC 2825. A Tangled Web: Issues of I18N, Domain Names, and the Other Internet protocols
Chuck M,
Apr 6, 2017, 7:04 PM
Chuck M,
Mar 19, 2014, 12:14 PM
Chuck M,
Mar 19, 2014, 12:16 PM
Chuck M,
Mar 19, 2014, 12:14 PM