Common Net Traffic Flashcards
(14 cards)
sending encapsulated data over a network in the form of a frame
ethernet header
the _____ of an ethernet header contains 1) Destination MAC Address, 2) source address, & 3) ether type;
frame is starting & enables synchronization;
7 bytes
preamble
marks the end of the Preamble, and beginning of the Ethernet frame
SFD (Start Frame Delimiter)
Identifies the receiving system;
6-Byte field which contains the MAC address of machine for which data is destined
Destination Address
Identifies the sending system;
6-Byte field which contains the MAC address of the source machine
Source Address
This field indicates what payload the frame is carrying (IPv4, ARP, IPv6, etc);
where actual data is inserted, also known as payload
Type field
most common ethertypes
0x0800 – IPv4
0x86DD – IPv6
0x0806 – ARP
0x8100 – VLAN Tagging (802.1q)
contains a 32-bits hash code of data, which is generated over the Destination Address, Source Address, Length, and Data field. If the checksum computed by destination is not the same as sent checksum value, data received is corrupted
FCS (Frame Check Sequence) AKA CRC checksum
What is the Ethernet frame range size?
64 – 1518 Bytes
the first 3 bytes of the source address that show the manufacturer of the device; by finding out what type of device it is you can target device vulnerabilities & default passwords they might use
OUI Organizationally Unique Identifier
what kind of NICs, routers, etc are being used;
does not change
OUI
the MAC address is found at what layer in Wireshark?
Ethernet
pretending to have a MAC address of a trusted device on a network to infiltrate the network
MAC spoofing
IPv6 ethertype
0x86DD