Ethernet (IEEE 802.3) is the most common protocol, operating at layers 1 (physical) and 2 (data link) of the OSI network model. In the TCP/IP model, these layers are combined into a single layer called network access.
In this section, we will learn how to describe the fields in the Ethernet frame and how they could betray an intrusion.
The Ethernet (layer 2) frame manages connections between two directly connected devices, regardless of whether this is between a host and another host, a host and a networking device, or two networking devices. The two devices must be connected directly through a single medium (that is, a cable or wireless signal).
The basic structure of the IEEE 802.3 Ethernet frame is shown in the following diagram. The frame itself has two portions; the red section occurs at layer 1, and aims to coordinate...