I'm capturing 3G data on my iOS device using RVI interface on my mac.
Looks like I'm succeed making capture and I can analyse RX/TX traffic.
Currently I'm streaming a UDP stream out to 3G network. So, what I want is to measure traffic and get some statistics on that stream.
What's strange for me is all required headers are presented in the captured packets besides Ethernet header. So I'm curious whether packets sent over 3G interface should have Ethernet header?
P.S. Packets contain "Raw packed data" header which actually tells "No Link information available".
If you mean packets between the handset (the UE in UMTS terms) and the network (Node B), then no is the answer.
The IP protocol is a layer 3 protocol (usually expressed as being 'comparable to layer 3 in the OSI model') and it can be carried by different layer 2 protocols. Probably the most common one is ethernet in regular wired networks, but between a handset and the network in a UMTS network the IP protocol is carried over a layer 2 protocol called PDCP (Packet Data Convergence Protocol).
The following Wiki article on the OSI stack gives some good example of the different protocols at the different layers:
http://en.wikipedia.org/wiki/OSI_model (see the Examples section and look at IP which is layer 3 and Ethernet and PDCP which are layer 2 and hence can 'carry' the layer 3 protocol)
This link contains a nice diagram showing the protocol stack for the UMTS traffic between your handset and the network, and lots of other good background also (see fig 17 for your 3G scenario):
http://www.lteandbeyond.com/2012/01/interfaces-and-their-protocol-stacks.html
Note that if your IP traffic exits the 3G carriers network and travels towards a host on the internet (for example) then it will almost certainly be carried over different layer 2 protocols at this stage of its journey and this will probably be Ethernet in many cases.
Related
When we type https://stackoverflow.com/ all the data which is sent to this server would be using HTTPS protocol in transport level
So is it possible for me to know which error detection, flow control or protocols, in general, are used by lower ( physical, data link, network ) layers by my machine and intermediate nodes which lie in path from my machine to the destination server (Assuming there are few intermediate nodes) .
To figure out what kind of lower layers are used, I always use WireShark.
Start the Wireshark, type "tls" as the filter(because this is no "https" filter in WireShark), you will get a lot of network traffic, just looks like this:
Check the details of the "Application Data" network packet,
You will see the network stack(From top to down):
Transport Layer Security (TLS): It's used to securely transmit data above TCP connection
Transmission Control Protocol (TCP): It's used to reliably transmit data between two network applications running on two different hosts connected by the internet. [Transport Layer]
Internet Protocol (IP): It's used to transmit data between hosts connected by the internet. [Network Layer]
Ethernet II: it's used to transmit data on the underlying Ethernet physical layer transport. [Data Link Layer]
You can check the details by selecting any one of them.
For "error detection", "flow control", you may filter the network traffic by the TCP filter provided by Wireshark,
such as:
"tcp.analysis.retransmission",
"tcp.analysis.window_full",
"tcp.analysis.window_update",
and so on.
If you have a good understanding of TCP, you can read them easily.:)
You usually cannot get such low level information from other devices in the path of the data. You can get some layer 2 information inside the local network but from devices after the router (i.e. outside the LAN) such data are no longer accessible.
Sometimes one can make some assumptions based on detected MTU in the path (PMTU), latency issues, buffering behavior or based on strange issues caused by known behavior anomalies or peculiarities of some devices, but there is no generic way to access such lower level information.
I'm currently for a side project trying to setup a VPN with 2 linux box doing the encryption/decryption.
At the moment, I work on layer 3 with the linux framework xfrm (IP packets from host 1 are transformed into ESP when passing through the first box before being sent to host 2, decryption being done on the second box).
I'd like to act directly on layer 2 so I can remove the IP address of my boxes. I think I can do that by setting up ethernet bridges on each box, using netfilters hooks to redirect frames to a socket where a userspace program would do the encryption of the ethernet frames payload (transform the IP packets into ESP).
|Host 1|==|Ethernet Bridge|==Router --- (network not secure) --- Router==|Ethernet Bridge|==|Host 2|
Problem I have with this implementation lies in throughput as I think all these actions would greatly reduce it. Are there other ways I could implement what I'm looking for ?
Layer-2 only works from host-to-host (your router is just a host to layer-2) on a LAN. layer-2, including layer-2 encryption, does not cross a layer-3 device, e.g. router. MACsec (IEEE 802.1AE) is used for layer-2 encryption.
Layer-3 is used to connect LANs, and if you want end-to-end encryption from one LAN to another LAN, you need to encrypt on a layer higher than layer-2. Routers strip layer-2 frames from the packets, switch the packets, then create a new frame for the next hop. The next hop may not use MAC addresses; PPP is common for ISP connections, it doesn't use MAC addresses, and the frames are very different than ethernet. Unless you control all the links between the LANs, you need to encrypt at a high layer.
You're right, deploying a layer 2 VPN is costly (in the sense that you have to pay for internet bandwidth) and most of the time useless, since there are few applications that won't work without being on the same LAN.
What you will get with a layer 2 VPN is mostly broadcasts, things like SMB out-of-the-box name resolution (does not apply if you have to connect to an AD server or have a WINS server), DLNA, SPX/IPX or LAN-only games will work seamlessly, on the other hand your perception on having to relay lots of possibly useless information will also be correct.
Maybe the solution you're looking for is to use ebtables , which is a layer 2 firewall akin to iptables relating to layer 3 in such way that you can drop some packets while accepting others before relaying it over VPN/internet/etc.
PPP just one layer 2 protocol, there's nothing special about it, some VPN gateway use it (namely PPtP VPNs), others don't.
I'm a novice in this area looking for clarification. I believe that CDMA would be classified as part of the physical layer, so what is used for the data link layer (according to the OSI model) in cellular networks? Is TCP/UDP used in cellular networks? If so, in what capacity?
On a CDMA network (and some others, such as GPRS and HSPA), PPP is used at the Data Link Layer (layer 2).
TCP/UDP (or more generally, IP) is indeed used in CDMA networks to mostly for connection to the CMDA providers ISP network for Internet access by phones and "data sticks".
These data sticks usually provide an emulated modem on a serial port over USB, which is used in a very similar manner to dial-up modems of days gone by. You'd use the same "AT commands" to establish a connection, the only difference being the relatively high speed of the emulated serial port.
I am familiar with the basic OSI model but I always get confused how does a packet travel from one machine to another over the Internet and what OSI layers do come into picture? For example, for the following topology:
Machine A<----->Switch<---->Router<---->Router<---->Router<---->Switch<---->Machine B
where the multiple routers are shown to represent the Internet, what happens at the OSI layer level, when Machine A send a packet (say a simple "ls" command over FTP) to Machine B.
The above is just a suggested example, but if any one can explain with any other network topology, that is fine too. All I am looking a very basic explanation of how the packet gets transformed to different OSI layers at each nodes (Machine, Switch, Router, etc.).
Routers use the IP layer (layer 3) and switches use the data-link layer (layer 2). Layer 1 is the physical 1s and 0s that go over a wire, Layer 2 is the data-link layer, which is protocols like Ethernet and Point-To-Point Protocol (PPP), which carries information between adjacent nodes about MAC address from and to and allows for error detection and retransmission. Layer 3 is the IP layer, which carries information about where in the whole network the packet is from and to, not just the current hop.
The transmission would go like this:
Machine A wants to send a packet to Machine B. Machine A knows Machine B's IP address, so it places that in the layer 3 packet. Machine A needs to place the MAC Address of the next hop in the layer 2 packet, however. If it does not know, then it will send something called an ARP request (Address Resolution Protocol, read here: http://www.tildefrugal.net/tech/arp.php ) to the network, with the destination IP. One of a few things will happen here:
The IP is local. The machine with that IP will reply back to the sender with its MAC address.
The IP is non-local. The gateway router will detect this and send its MAC address.
The IP is non-local and Machine A's default gateway and subnet mask are set. Using this information Machine A can determine the non-locality of the IP address and send it to the router's MAC address (ARPing if not known yet).
(If Machine A found this out earlier, it will be in the ARP cache and Machine A will just use that.) Now that the MAC address is sent, the packet can be transferred (the physical layer 1 performing the actual transfer of data on the wire). The next stop will be the switch. The switch knows which outbound port the MAC address listed as the layer 2 destination is on, because it tracks every MAC address it's seen a packet come from and which port it came on - if it does not know, then it will flood it out every single port, guaranteeing it'll arrive.
As such, the packet arrives at the router. The cool thing about the IP model is that it divides every single IP address in the network/world into a hierarchy - Subnets by definition cannot overlap subnets partially, they either wholly contain them or are wholly contained by them. So as long as subnets follow this hierarchy, the router can unambiguously determine where each of the 4 billion possible IP addresses are on the network just by looking at what subnet the IP will fall under in its table! The packet is then sent out that port.
As the packet travels through interconnected ISPs' routers, backbone infrastructure and so on, it arrives at Machine B's router, where the opposite process happens - router B sees that its destined for Machine B and sends it inbound. (Similarly, Router B will have to use a process like ARP to find Machine B's MAC address if not known.) The rest should be trivial from here.
good references:
https://web.archive.org/web/20120129120350/http://www.tildefrugal.net/tech/arp.php
http://en.wikipedia.org/wiki/Data_link_layer
http://en.wikipedia.org/wiki/Network_switch
http://en.wikipedia.org/wiki/Network_layer
http://en.wikipedia.org/wiki/Routing
http://en.wikipedia.org/wiki/Router_(computing)
http://en.wikipedia.org/wiki/Address_Resolution_Protocol
The only thing that can travel over a copper wire are pulses of electricity.
The binary number 1 is represented by a pulse of electricity or no pulse of electricity for 0.
Just keep in mind that real data of any kind cannot be sent over copper wire, fibre optic, or through the air ...only a representation of the data which has previously been converted to a 1 or a 0 and then is reconverted back at the receiving end.
Network layer protocol supervises the transmission of packets from a source machine to a destination. Data is broken down into packets, or datagrams, up to 64 kb long before it is transmitted, with a stamp of destination IP address, and forwarded to the network gateway. A gateway can be router to interconnect networks.
What units are used in network terminology? Where do we use them?
I know the following - but I'm not sure what their meaning is:
Fragment
Segment
Packet
Frame
Datagram
Can they be assigned to a specific OSI-Layer? Is it more complex?
Taking from Section 1.2 in TCP/IP Illustrated: Vol 1 by Richard Stevens et al.,
consider the 4 layered TCP/IP stack:
+-------------+-------------------------+
| Application | Telnet, FTP, etc |
+-------------+-------------------------+
| Transport | TCP, UDP |
+-------------+-------------------------+
| Network | IP, ICMP |
+-------------+-------------------------+
| Link | drivers, interface card |
+-------------+-------------------------+
Segment: If the transport protocol is TCP, the unit of data sent from TCP to
network layer is called Segment.
Datagram: This is used in 2 layers. If the network protocol is IP, the unit of
data is called Datagram. At transport layer, if protocol is UDP, we use datagram
there as well. Hence, we differentiate them as UDP Datagram, IP Datagram.
Frame: Physical layer representation.
Packet: It is a more generic term used either transport layer or network layer.
TCP Packet, UDP Packet, IP Packet etc. I have not seen it to represent
Physical layer data units.
Fragment: My guess here is that when a unit of data is chopped up by a
protocol to fit the MTU size, the resultant unit of data is called Fragments.
But I am guessing.
These terms are used to refer at which OSI layer we are referring to, the data remain same but the headers and trailers are getting added or removed.
In Phy layer i.e. physical layer the actual data is in "bits" i.e. 0 and 1.
When it reaches to data link layer or Layer 2 it becomes "frame" with source and destination mac address getting added.
When it reaches the third layer or the networking layer it becomes a "packet" with source and destination IP address attached to it.
Finally it become "segment" at Layer 4 or TCP/IP layer. Basically "segment" term is used for TCP connections and "datagrams" for UDP.
So what about other layers like : session, presentation and application ? In these layers the data is termed as "PDU" or "protocol data unit".
So when someone says, that a "frame" is being received by a networking device, then you know that the device is switch.
Router receives a packet and process it.
The answer above is complete. Nevertheless, I think the term packet came from packet switching if I remembered that correctly ..
There are 2 types :
Circuit switching is a methodology of implementing a telecommunications network in which two network nodes establish a dedicated communications channel (circuit) through the network before the nodes may communicate. The circuit guarantees the full bandwidth of the channel and remains connected for the duration of the communication session. The circuit functions as if the nodes were physically connected as with an electrical circuit.(Wiki)
Packet switching is a digital networking communications method that groups all transmitted data – regardless of content, type, or structure – into suitably sized blocks, called packets.(Wiki)
I would have defined it myself, but just to be sure.
So here is the Packet Term. In regard of fragment I concur with Josua Schmid's answer.
I agree with the answers above, but it is important to emphasize that this is assuming the TCP/IP stack. If we use the OSI model, which in my opinion is more widespread, we would have the following case:
Transport layer: Segment if TCP, Datagram if UDP
Network layer: Datagram, Fragment can be used if split (it would still be a datagram)
Data-Link layer: Frame in MAC sublayer, frame or bit in LLC sublayer (depends on what level you work with, they are not interchangeable)
Physical layer: Bit
And as mentioned in previous answers packet is more generic, it can be used for Transport, Network or Data-Link layer, but NOT for the physical layer. At this level it has not been "packed" yet. So I would say this is the biggest difference between the TCP/IP Stack model and the OSI model. The OSI model breaks down the physical layer from the TCP/IP stack into two layers: Data Link and Physical.
Hope this helps.
Frame as physical layer representation doesn't sound 100% accurate to me. It is mostly in the data-link layer, which is above the physical.
For a more operational definition, I would say that a frame is a protocol data unit that has means to determine its boundaries. Examples:
an HDLC frame has flags at the beginning and end and a bit stuffing
mechanism
an Ethernet frame uses preamble and SFD
GFP uses HEC frame delineation, like ATM
A cell, as in ATM, just to introduce one term more, is a fixed-length frame.
A packet is instead a protocol data unit that relies on a lower layer unit to determine its boundaries. It may fit exactly in one frame or be broken into fragments if required. In the latter case fragmentation and reassembly mechanisms must be devised. Datagram is mostly a synonym for packet.
An application data stream can be broken into segments. A segment is carried over a datagram, then segments are reassembled into the original application stream. This is typically done by the TCP layer. So in TCP we have application stream over TCP segment over IP datagram over data-link frame. In UDP there is no segmentation, so the UDP datagram is one-to-one mapped onto the IP datagram.
a Datagram is....
A self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network. (... used in UDP)
a Segment is ....
A protocol data unit which consists a TCP header and an application data piece (packet) which comes from the (upper) Application Layer
Packet: The basic unit of communication between a source and a destination in a network is a packet. Packets are data units within the network layer in the OSI model. The packet is in a Network layer.
Fragment:Packets can often be larger than the maximum size, so each packet is also divided into smaller pieces of data called fragments. The Network layer is responsible for fragmentation.
Segment: A segment is a broken piece of a packet with a TCP header in each of them. segments increase the efficiency of network performance and improve security. Segments are in a Transport Layer.
Frame:Similar to a Packet, frames are small parts of a message in the network. a frame is the unit of data used in the OSI model’s data link layer.
Datagram:The datagram represents a data unit of transfer in networking. Data transmitted in a network is divided into smaller parts called datagrams. Transport layer
In addition, there is something class bit, this is in a Physical layer