**************************************************
************** Ethernet Primer********************
**************************************************
**************** By TheHunter ********************
***********thehunter@the-hunter.net***************
**************************************************
***********irc.2600.net*****#ct2600***************
**************************************************


This primer is intended to give you an idea of how ethernet works and
what it is.  Its pretty basic...I might write a more advanced follow
up sometime.  E-mail me if you're interested in such a thing. 

Ethernet is a networking technology based on a bus topology.  Well,
what is a topology?  A topology is a general description of how computers
connect to each other without regard to how they actually talk, or access 
the media.  A bus topolgy then, is a network that is made up of machines
connected to a single piece of cable, and that piece of cable has ends.
There are four major topologies: Bus, Star, Mesh, and Ring.
Bus is a single piece of cable to which all nodes attach.  Star is a central
concentrator called a hub that all nodes attach to via a cable, usually UTP.  Mesh 
is when each node has a single dedicated connection to every other node.  Ring is
a single network cable to which all nodes attach where the cable has no ends (such
as a circle).

So, ethernet is a technology based on the Bus one.  But wait! I've seen ethernet
networks and they don't look like that bus.  Ya ya, I know, we'll get to 
that later smartass.

Ethernet was developed in 1973 by Xerox.  Origionally, it was a single piece
of coax, over which computers could transfer data at a mind boggling 3 megabits
per second.  Ethernet more or less stayed within Xerox until roughly 1979 when Xerox
made nice with DEC and Intel to develop the DIX standard.  This provided
for 10mbps speed over coax.  About a year later, the IEEE stepped in and created a 
standard (IEEE 802.3) that more or less supplanted the DIX standard.  Basically 
nowadays when you talk about ethernet, you're talking 802.3.  Enough history, eh?

The designers of ethernet had to deal with a few issues in putting ethernet together.
There is how to identify the sender and recipient, how to decide who gets to use the
cable when, error checking and more.  All computer networks break data transmitted
between computers into smaller pieces called packets.  In ethernet, this takes care
of two issues.  First it doesn't allow a single computer to monopolize the cable,as 
each computer sends a packet or two when it can, and second it makes it that much 
easier to retransmit data should a packet be lost.  There are 4 MAJOR parts to an ethernet
packet.  The souce MAC, the Destination MAC, the data, and a CRC.  What? Mac? CRC?
A MAC (media access control) address is a physical address which is supposed to be 
unique to a particular network card. It is comprised of a 48 bit binary number and was 
usually burned into the Nic firmware.  When you go to look at your MAC, it will 
usually be expressed in Hex shorthand. CRC is a cyclic redundancy check. More 
or less error checking for the packet. So, this packet has a source MAC, which 
is the MAC address of the NIC that sent it.  A destination MAC, which 
is the MAC of the nic that is to recieve it.  The data, which is the packet 
data, and the error checking CRC.  On an ethernet network, these MAC 
addresses really have to be unique, or no one would be able to communicate 
effectively.  

MAC addresses are totally physical addresses, and as such, they contain no logical
information such as where that particualar machine is. So, each machine on the 
cable examines EVERY packet that goes by.  If the destination MAC matches
their MAC address, they keep the packet, if not, they ignore it.
This is fine for when ethernet was an in house Xerox technology, 
created for/by a trusted environment, but raises some security concerns now.  Many NICs can
be set to "promiscuous mode" through their own utilities and those that can't can utilize
a small piece of software called a packet sniffer to look through every packet regardless
of destination MAC.  In any case, this is how ethernet deals with addressing.

Since there is only one network cable in a bus topology, how do you decide who gets to use
it when?  Only one node can use the cable at a time, so ethernet uses something called CSMA/CD
to decide.  This is really the heart of ethernet, and is what seperates it from the likes of 
token ring.  CSMA/CD stands for Carrier Sense Multiple Access with Collision Detection.  What 
that means is that if you want to send a message over the wire, you listen.  If you don't hear
anyone else talking you transmit.  Much like picking up a phone and listening for a dial tone.
The Mulitple access part means that everyone has equal access to the cable.  The collision
detection part of it means that if your packet gets messed up, you know it.  It basically
does this by listening to the message while it is on the wire.  If you are talking and you
say the wrong word, you know it.  So does ethernet.  Well, what is a collision?  A collision
is when two or more ethernet packets are on the wire at one time and they smash into each other.
This garbles, and renders useless all involved packets.  How can this happen if you listen
before you transmit?  Well, if you have two 10base5 segments connected by a reapeater, then you
have a possible 1000meters between farthest nodes.  The nodes towards the end could both listen
at the same time, and send at the same time.  OOPS.  Collision.  That collision is then detected, 
and the packet resent.  Understand that in all the above examples, this is all happening without
you even knowing it all the time.  

As we know, ethernet uses a bus topology, which used to mean a 
single piece of coax. Well, what happens if that coax breaks?  
It creates some interesting situations.  As you may or may not 
know, coax segments need to be terminated with resisters of 50ohms.  If you
have a break in the cable, you essentially create two unterminated 
segments.  What this does is allow the packets to bounce off the 
unterminated ends and travel the wire indefinitely.  Who cares?
Well, if you recall, only one node can use the wire at a time.  
This message being on the wire all the time would create the 
illusion of a busy signal all the time.

On a particular ethernet segment, all nodes are subject to all network traffic.
This is because, as you recall, all computers pick up every packet and 
examine the destination MAC to see if it belongs with them.  Well, an area of a
network where all nodes are subject to all traffic is a collision domain.  
The reason being that all packets bound within that domain could possibly collide 
with each other.  Basically, the more nodes within a collision domain, the 
worse your networks performance.

Cabling Systems
Ethernet can use a TON of different cabling systems.  They all have different
features such as EMI resistance, Speed, distance, number of nodes per segment 
and more.  The most resistant to EMI are those that utilize optical technologies, 
such as 100baseFX.  Followed by that are those that use coax, and trailing 
in that category are the UTP ones.  The type of transmission for all 
the popular ones is baseband, which just means one signal on the wire at a time.  
Nodes per segment is how many computers can attach to the wire within the 
confines of the distance limitation. The most popular are:	

System		Cable	Speed	Distance	Type		Topology	Nodes per Segment
10base5		RG-8	10mbps	500meters	baseband	Bus		100
10base2		RG-58	10mbps	185meters	baseband	Bus		30
10baseT		UTP	10mbps	100m from hub	baseband	Star-Bus	1024
100baseT	UTP	100mbps	100m from hub	baseband	Star-Bus	1024
100baseFX	Fiber	100mbps	400meters	baseband	Star-Bus	no
100baseT4	UTP	100mbps	100m from hub	baseband	Star-Bus	1024

You'll notice some cabling systems use a topology called star-bus.  
This means that physically the cabling resembles a star topology, 
while logically it works like a bus.  Its like this, you know that
ethernet now a days rarely uses an actual, physical bus topology. 
Usually, it uses a star-bus.  This is the image you have of ethernet. 
A star works by having a concentrator, called a hub, and cable coming out
from it to all the nodes.  The reason they call it a star-bus is that it still adheres to 
all the rules of a bus topology.  Such as one node can use the wire at a time.  
Imagine it as though the single piece of Coax is inside the hub.  

Miscellaneous Info:
-An ethernet hub can have, logically, up to 1024 ports.  Not many of them do.  That would
be a really big hub.
-10base5 connects to a node via an AUI...its a vampire clamp that pierces 
the cable, and from there, nodes attach to it via a connector much like 
a joystick or midi connector.
-10base5 requires AUI's to be place on the cable in 2.5 meter intervals.  
You don't have to have one EVERY 2.5 meters, but it should be in multiples thereof.
-10base2 requires at least .5 meters between nodes.
-If any piece of UTP off a hub breaks, the network does not go down, 
rather the single node attached to that piece cannot communicate. 
This provides for fault tolerance when compared to Coax.

Living With Ethernet:
30 nodes per segment, or 100 meters from the hub are obviously some very limiting factors.
What if you are in a large building? Or even two buildings?  There are a few tools I 
will introduce you to that make ethernet a little more useable.
First off, you have the repeater.  This works at the physical layer of the OSI model 
and does nothing but regenerate the signal, thereby negating any attenuation that
had taken place up to that point.  So, if you have a 10base2 segment with a maximum
of 185meters and you add a repeater, you can then have 370 meters.  This, however
does nothing to manage traffic or change any other variables.  
At the second, or datalink layer of the OSI model, you find the bridge.  Simply put, 
this forwards and filters data based on MAC address.  So place it in the middle of a 10base5 
segment and what you do is create two collision domains within the same segment.  Hows that 
happen?  When a packet reaches a bridge, the bridge examines the destination MAC of the packet
and compares that to a table kept within the bridge.  If the bridge finds that the destination
node is on the other side of the bridge, it forwards it, if not, it kills it. 
Bridges, Switches and even hubs go far beyond the simple definitions I've given here (get a
look at a cisco catalyst 2500 switch and you'll know what I mean), but you should now have
a working knowledge of all of them.

So, why not just string a bunch of repeaters together so you can make huge collision domains?
There is a guideline we go by in the Network Design field.  Its called the 5-4-3 rule and limits
the size of collision domains for those smart enough to follow it.  It says that you can
only have 5 repeaters, 4 segments, and 3 populated segments.  Hubs count as both repeaters
and segments, and anything that has a computer attached to it is a populated segment.  Follow
this rule or you will be cursed by horrible slow networks.

Well, those are the BASICS of ethernet.  You could know a lot more, but you could know a lot less too, right?  
As I said, if there is interest, I will write a follow up on more advanced ethernet topics.
If you have any comments, corrections, or suggestions about this text, feel free to e-mail me at 
thehunter@the-hunter.net.