19531 - Telematics

19531 - Telematics6th Tutorial - Media Access, Ethernet & Wireshark

Bastian Blywis

Department of Mathematics and Computer ScienceInstitute of Computer Science02. December, 2010

Institute of Computer Science – Telematics Tutorial – 02. December, 2010 1

Outline

1. Multiplexing and Multiple Access

2. Multiple Access Protocols

3. Scaling of Token-Ring

4. Efficiency of Token-Ring

5. Adaptive Tree Walk

6. Wireshark - Ethernet

7. Ethernet Frames

8. Packet Crafting with Scapy

9. Filtering

10. Ethernet - Capture Effect


Multiplexing and Multiple Access

– Discuss the terms multiplexing and multiple accessand give examples.

– How do these terms relate to the duplex,half-duplex, or simplex properties of particularnetwork technologies? ?? ?



Multiplexing: Multiplexing of data/signal (usually multiplexing of data/signals fromone station)

– Time-division multiplexing (TDM)– Frequency-division multiplexing (FDM)– Wavelength-division multiplexing (WDM)– Space-division multiplexing (SDM)– Code-division multiplexing (CDM)

Multiple Access: Channel access method for multiple stations– Multiple access protocols and control mechanisms→ media

access control (MAC)– Time-division multiple access (TDMA)– Frequency-division multiple access (FDMA)– Space division multiple access (SDMA)– Code division multiple access (CDMA): Direct-sequence spread

spectrum (DSSS), frequency-hopping spread spectrum (FHSS)

Please note: There are slightly different definitions in literature.



Some additional information:

TDMA: Time Division Multiple Access– With contention or without contention– Can be collision free or with collisions– Number of users can be virtually unlimited– Contention of many stations can lead to poor performance– Always digital

FDMA: Frequency Division Multiple Access– Usually non-overlapping channels, collision-free– In reality: channels are often not fully orthogonal– In ideal case, each station (or pair of stations) is assigned a

dedicated channel– Can be used for digital or analogue transmissions– Number of channels limits number of stations (when dedicated

channels are required)– Channels have to be assigned somehow: dynamic vs. static

Often time and frequency multiple access are used together, e.g., GSM network.



Duplexing: Enabling two stations to use a shared medium “at the same time”– Time-division Duplex (TDD)– Frequency-division Duplex (FDD)– Code-division Duplex (CDD)– . . . and so on



– Multiplexing and Multiple Access Protocol determines duplex property– TDMA⇒ half-duplex– FDMA⇒ full-duplex


Multiple Access Protocols

– Repeat and discuss the different multiple accessprotocols introduced in the lecture

– Discuss how these approaches can interfere withservices of upper layer protocols. ?? ?



Media Access:– Implemented on layer 2, usually in Media Access Control (MAC) sublayer– Static vs. dynamic– Slotted vs. unslotted– With vs. without contention– Collisions vs. collision-free– Fair vs. unfair access probability



– Contention leads to delay– Successive failed media access tries can lead to dropped frame– Media access can limit channel utilization and lead to low performance– Quality of Service (QoS) has be considered over the whole protocol stack– Static, contention-free and collision-free approaches best to ensure QoS



Addr 7 6 5 4 3 2 1 0

01101111

01101011

00100011 lost

lost

wins

Figure: Binary Countdown



1

2 3

4 5 6 7

A B C D E F G HFigure: Adaptive Tree Walk



1

2 3

4 5 6 7

A B C D E F G HFigure: Adaptive Tree Walk: Contending stations



1

2 3

4 5 6 7

A B C D E F G HFigure: Adaptive Tree Walk: Resolving contention in left branch



Name Slotted Contention Collision-Free Fair

Adaptive Tree Walk (√

)√

(√

)ALOHA

√ √

Slotted ALOHA√ √ √

Binary Countdown√ √

IEEE 802.11 DCF (√

)√ √

IEEE 802.11 PCF (√

)√ √

CSMA/CD (√

)√

(√

)CSMA/CA (

√)

√(√

)√

Token-based√ √

Reservation TDMA√

(√

) (√

) ?

Table: Properties of Multiple Access Protocols

Please note: Many properties are up for discussion and depend on the actual definition.


Scaling of Token-Ring

– Discuss how a Token-Ring network scales with anincreasing ring size.

– Which layers of the ISO/OSI reference model aredefined by IEEE 802.5? ?? ?



– Ring size determines “storage capacity” of thenetwork: bandwidth-delay product

– Ring with single token→ low utilization of medium– Ring with multiple tokens increases utilization– If the frame is corrupted, station needs to wait for

token before retransmitting– Token-Ring is a host-to-network technology and

defines the physical and data link layers (PHY +DLL)


Efficiency of Token-Ring

Discuss how Token-Ring networks perform under fullload and in low traffic scenarios. ?? ?Institute of Computer Science – Telematics Tutorial – 02. December, 2010 20

Efficiency of Token-Ring

– Efficient under full load; all available bandwidth isused

– Fair access to the medium due to the token– In low traffic situation host have to wait for the

token– Latency might be higher than necessary


Adaptive Tree Walk

– Sixteen stations are connected in a network usingthe adaptive tree walk protocol.

– The stations are numbered from 1 to 16.– How many slots are required to resolve the

contention when all stations with prime numbers asaddresses want to sent data?

?? ?Institute of Computer Science – Telematics Tutorial – 02. December, 2010 22

Adaptive Tree Walk

– Stations 2, 3, 5, 7, 11, and 13 want to send– 11 slots are required to resolve the contention

Slot Contending Stations

1 2, 3, 5, 7, 11, 132 2, 3, 5, 73 2, 34 25 36 5, 77 58 79 11, 13

10 1111 13


Adaptive Tree Walk

Remarks:– Idea of Adaptive Tree Walk protocol was based on syphilis testing procedure

during World War II– Blood samples from N soldiers mixed and tested– When no antibodies were found, all soldiers are healthy– If antibodies were present, two tests of N/2 samples are run (and so on. . . )

– General idea: reduce number of considered entities per step when there is acollision/positive test

– Adaptive Tree Walk is a protocol with limited contention– If only one station wants to access the channel→ no collision, frame is successfully

sent and received, else collision– In the next slots only the stations in one sub-tree may content

– How stations join the tree or what happens when they leave the tree is not strictlydefined

– If a transmission takes at most one slot time is not strictly defined– How the stations are synchronized to the slots is not strictly defined– Several slightly different versions of the protocol have been proposed– Depending on version the protocol can be fair or unfair– In scenarios with q contending stations (uniformly distributed), its better to start

the resolution at level log2(q)


Ethernet, 802.2, 802.3

Remarks:– 802.1q (VLAN) adds 4 bytes (QinQ even more)– IPv4 has no SAP number as only “international standards” were assigned

numbers– SNAP basically brings the ethertype field back into the header– IPX datagram can be in raw 802.3 frame after header


Ethernet, 802.2, 802.3

Motivation for IEEE 802.2:– Interoperability between different LAN technologies– Not all LAN technologies have a type field– Support for ISO/OSI protocols, e.g. IPX

It failed because:– Reduces MTU– Lower performance due to processing of additional header– Three byte IEEE 802.2 header (Control field: 1 or 2 bytes)⇒ bad alignment of network layer packets

– Type field in Ethernet header already allows multiplexing of layer 3 protocols– Complex to implement– LAN technologies like Token Ring, Token Bus, FDDI, . . . failed– TCP/IP won in the end– But: Several protocols use LLC e.g. STP


Wireshark - Ethernet

– Connect your computer to an IEEE 802.3 orIEEE 802.11 network.

– Start to capture the transmitted and receivedpackets with Wireshark.

– Generate some data traffic by using your webbrowser, a file sharing application, etc.

– End your capture after when you have captured“enough” packets.

– Create three IO Graphs for the number of Ethernetframes containing

– IPv4 datagrams– ARP packets– Other network layer protocols

– Besides IPv4 and ARP which other types did youcapture?


http://www.wireshark.org/


Figure: IOGraphs over a duration of 5 min: IPv4 (red), ARP (green), other (black)


Ethernet Frames

1. Which bits/parts of the Ethernet frames captured inthe previous Exercise are actually received by adestination that is

– in the same local area network– in a different local area network that can be reached

over the Internet(Remark: Ignore tunneling approaches)

2. Have a look at the Ethernet frame on slide 5.53 inyour lecture script. What is the preamble for and isit contained in the data in your capture file? Is theFrame Check Sequence present?

3. Are there any frames with ethertype ≤ 0x0600 inyour capture file?


Ethernet Frames

1. In this context, Ethernet is a DLL protocol– Frame is sent to other station in the LAN– When the datagram leaves the LAN, it is put into a new frame by the router– Header of an IP datagram in the frame will be modified (e.g. TTL decreased by routers)

if the packet is routed– Other upper layer headers might also be modified– Remember: we ignore tunneling!

2. Preamble & FCS– Used for synchronization of network interface card to detect start of frame

(7× 10101010)– Start Frame Delimiter (SFD) marks begin of 802.3 frame (10101011)– 8th byte (SFD) of Ethernet frame is also 10101010– Frame Check Sequence is checked by network card and (usually) not given to OS

3. ethertype– Ethernet uses a 16 bit type field [0x0600− 0xFFFF ]– IEEE 802.3 uses a length field [0x000− 0x05DC]

7 1 6 6 2 0-1500 0-64 4

Preamble SFD DA SA L/T Data Padding FCS

Figure: Ethernet/802.3 Frame


Packet Crafting with Scapy

1. Download and install the command-line networkpacket crafting and injection utility Scapy.

2. Read the documentation. Create, inject, andcapture (with Wireshark, tcpdump, tshark, . . . ) thefollowing frames:

– An invalid Ethernet frame– A broadcast Ethernet frame, with a source address

where the Organizationally Unique Identifier (OUI) isset to the value assigned to Fraunhofer IMS

– A frame with some ASCII text as payload

3. For this part you need two hosts connected to thesame Ethernet. Send an Ethernet frame from A toB by setting the corresponding addresses of thenetwork cards in the Ethernet header. Set the typeto 0xFFF and append the string “Hello World” aspayload. Capture the frame on host A and B. Didhost B receive the same frame that A has sent orwas something modified? What has changed andwhy?


http://www.secdev.org/projects/scapy/


http://www.tcpdump.org/



Welcome to Scapy ( 2 . 0 . 1 )>>> eth = Ether ( )>>> eth . show ( )###[ Ethernet ]###WARNING: Mac address to reach d e s t i n a t i o n not found . Using broadcast .

ds t= f f : f f : f f : f f : f f : f fs rc= 00:00:00:00:00:00type= 0x0

>>> eth . type = 0x45>>> sendp ( eth , i f a c e =” eth0 ” )



Figure: Ethernet Address Format

List of OUIs: http://standards.ieee.org/regauth/oui/oui.txt

00-12-E8 (hex) Fraunhofer IMS0012E8 (base 16) Fraunhofer IMS

Finkenstrasse 61Duisburg NRW 47057GERMANY


http://standards.ieee.org/regauth/oui/oui.txt


>>> eth . s rc = ”00 :12 :8E:00 :00 :00 ”>>> eth . ds t = ”FF : FF : FF : FF : FF : FF”>>> eth . show ( )###[ Ethernet ]###

dst= FF : FF : FF : FF : FF : FFsrc= 00:12:8E:00 :00 :00type= 0x45

>>> sendp ( eth , i f a c e =” eth0 ” )



Figure: OUI is set to Fraunhofer IMS



>>> eth . payload = ” He l lo World , He l lo Word , He l lo Word ,He l lo Word , He l lo Word , He l lo Word , He l lo Word ,He l lo Word ”

>>> eth . show ( )###[ Ethernet ]###

dst= FF : FF : FF : FF : FF : FFsrc= 00:12:8E:00 :00 :00type= 0x45

###[ Raw ]###load= ’ He l lo World , He l lo Word , He l lo Word , He l lo Word ,

He l lo Word , He l lo Word , He l lo Word , He l lo Word ’>>> l en ( eth )109



Figure: Invalid Ethernet Frame: Length is set to 0x45 and the last four bytes of the payload areinterpreted as checksum



Figure: Payload Example



Figure: Padding Example



– Minimum frame size of Fast Ethernet = 64 Byte– Payload filled with padding bytes, 0x00– Padding bytes not automatically removed by receiving network card, OS usually

has to handle padding– Length of the layer 3 PDU has to be contained in layer 3 header (or PDU of

particular protocol has fixed length)


Filtering

Wireshark supports libpcap capture filters as well as itsown display filter format. Configure Wireshark as follows:

1. Capture only Ethernet frames with ethertype 0xFFF.

2. Display only Ethernet frames with ethertype 0xFFF(without using a capture filter). ?? ?



Filtering

– Capture Filter: ether proto 0xFFF

– Display Filter: eth.type == 0xFFF


Ethernet - Capture Effect

– Two hosts (A and B) are connected to an Ethernetand we assume that both have unlimited data totransmit.

– The frames belonging to A shall be denoted asA1,A2, . . . ,An and the frames of B asB1,B2, . . . ,Bn. ?? ?



First Collision:– A and B try to transmit frames A1 and B1 at the

same time.– The frames collide and both hosts select a random

waiting time as specified by the standard(binary-exponential-backoff ).

– Station A’s waiting time is WA = 0 time slots andstation B’s is WB = 1 slots.

– A “wins” the contention for the medium access andretransmits frame A1 while B waits for A to finish



Second Collision:– Station B sends frame B1 again after the

transmission of A1 is finished.– Unfortunately, frame B1 collides with A2 as A is also

trying to transmit.– In this situation, A either waits WA ∈ {0, 1} slots,

while B has to choose a random waiting timeWB ∈ {0, 1, 2, 3}.



1. Calculate the probability that A wins this contentionafter the second collision.

2. Assume that station A wins the second contentionand frame A2 is transmitted while B1 still has towait. Calculate the probability for A also winning thenext (third) contention.

3. Specify a formula to calculate the probability that Awins the i-th contention. Calculate the probability ofA winning the i-th contention with i ∈ [1..MAX ].

4. The term Capture Effect denotes a situation inwhich A wins all contentions after the first collision.Host B cannot send data until the maximumnumber of retransmissions has been reached andthe current frame is dropped. Give the probability ofthis event.

5. Is the capture effect still relevant in today’s Ethernetbased networks?



2nd Collision:– A selects 0 and 1 both with probability 1

2

– If A selects 0, B loses in 3 of 4 cases, i.e., with probability 34

– If A selects 1, B loses only in 2 of 4 cases

Prob(WA < WB) =12∗

34+

12∗

24

=58

= 0.625

A0 1

B

01 x2 x x3 x x

Table: Cases in which A wins the 2nd contention



3rd Collision:

Prob(WA < WB) =12∗

78+

12∗

68

=1316

= 0.8125

A0 1

B

01 x2 x x3 x x4 x x5 x x6 x x7 x x

Table: Cases in which A wins



– pi = probability that A wins the i-th contention– Assumption: A has won all previous i − 1 contentions

pi =12∗

2i − 12i

+12∗

2i − 22i

= 1−3

2i+1



After i-th Collision pi

1 0.252 0.6253 0.81254 0.906255 0.9531256 0.97656257 0.988281258 0.9941406259 0.997070312510 0.9985351562511 0.9985351562512 0.9985351562513 0.9985351562514 0.9985351562515 0.99853515625

Table: Probability that A wins the i-th contention



Probability that A wins all contentions after the first one:

10∏i=1

pi ∗15∏

i=11

p10 ≈ 0.415

Probability that A wins all contentions after the second one:

10∏i=2

pi ∗15∏

i=11

p10 ≈ 0.6645

Probability that A wins all contentions after the third one:

10∏i=3

pi ∗15∏

i=11

p10 ≈ 0.818

Note: The window is not increased after the 10-th collision



– If one station wins the first two or three contentions, the chance for the otherstation to be stopped is high⇒ Ethernet capture effect

– Station will drop frame after 16 collisions and reset window– Collision resolution of the binary-exponential-backoff approach is simple but not

really fair (well, it is fair if we consider that both stations will suffer equally from thecapture effect over time)

Relevance:– Today, switched Ethernet is common and un-switched Ethernet very rare– Switch forwards frame from station to station– Cable is dedicated to one station and the switch– Cable (≥ CAT-5) is full duplex medium⇒ no collisions


The Last SlideTM

Thank you for your attention.Questions?


19531 - Telematics

Documents

Transcript of 19531 - Telematics