What Is an Ethernet Bridge?
Ethernet is currently the most widely used network transmission method. It has been widely recognized by enterprises and users and has become the preferred technology for broadband access. When a computer network transmits data, in order to ensure that all computers sharing network resources can use the network fairly and quickly, the data is usually divided into several small blocks as a transmission unit for transmission. Such a transmission unit is usually called a packet. Called "data packet". Ethernet data packets are data packets transmitted over Ethernet.
- In recent years,
Introduction to Ethernet packets
- At present, there are two methods to capture data packets from the network. One is to use dedicated hardware, and the other is to use common hardware that is connected to the network by a common computer-a network adapter, that is, a network card. The data packet is captured by software. Although the method of capturing packets by software is not as good as dedicated hardware, its implementation cost is relatively low, and it is easy to modify and update. For these reasons, software-based capture methods have been widely used and recognized.
- Capturing data packets from the network is a very important part of the implementation of all network security products. It is the basis of other functions of security products. One of the most important conditions for network packet capture is to be able to receive all data packets on the network. To meet this condition, you must understand how data packets are transmitted on the network. From the perspective of transmission methods, computer networks are divided into two categories: networks using point-to-point connections and networks using broadcast methods. Point-to-point connections are generally used in wide area networks. Almost all local area networks use broadcast as the basis for communication. Sites on the network share channels. Data packets sent by one site can be received by other sites. That is, any Each computer can receive all data communications in the same shared domain in the network [2] .
Ethernet packet implementation principle
- Each network card that communicates on the Ethernet has a globally unique physical address, also called a MAC address. The address is a 48-bit binary number. A packet filter is built into the Ethernet card. The function of this packet filter is to keep the data packets and broadcast packets with the MAC address of its own network card as the communication purpose, and discard all other irrelevant data packets, so as to prevent the CPU from processing unnecessary datagrams unnecessarily. This is how the Ethernet card works in general. Therefore, under normal circumstances, a legitimate network interface should only respond to these two types of packets (frames):
- The destination address of the frame has a hardware address that matches the local network interface.
- The destination address of the frame is "broadcast address" (representing all interface addresses), and the format is "FF- FF- FF- FF- FF- FF".
- When receiving the data frame of the above two cases, the network card generates an interrupt through the CPU. After the operating system performs the interrupt processing, the data contained in the frame is transmitted to the upper-layer system for further processing. In other cases the data frame will be discarded without processing.
- If you want to capture the data that does not belong to the host through the network card, you must bypass the normal processing mechanism of the system and directly access the underlying network. We can set the status of the network card to "promis cuous" mode. When the network card works in this "promiscuous" mode, the network card has a "broadcast address", which generates every frame received. A hardware interrupt reminds the operating system to process every packet flowing through the network card. The operating system directly accesses the link layer and intercepts the relevant data. The application program filters the data instead of the upper layer protocols (such as the IP layer and the TCP layer), so that all data flowing through the network card can be captured.
- The normal transmission path of the data packet is the network card, the device driver layer, the data link layer, the network layer, the transport layer, and finally the application program. The packet capture mechanism is to add a bypass process at the data link layer, to filter and buffer the data packets sent and received, and then directly pass to the application [2] .