Ethernet: Definitions and Standards
Networking Equipment Terminology
Network Interface Card
Network interface card is also frequently called a NIC. Currently, the most common types of NIC used in the
home and office are Ethernet and wireless Ethernet cards.
The link light signifies that the NIC card has successfully detected a device on the other end of the cable. This
indicates that you are using the correct type of cable and that the duplex has been negotiated correctly between
the devices at both ends.
Full duplex data paths have the capability of allowing the simultaneous sending and receiving of data. Half
duplex data paths can transmit in both directions too, but in only one direction at a time.
Error-detection and data-retransmission mechanisms ensure that the data reaches the destination correctly and
are specifically designed to remedy data corruption caused when multiple devices start transmitting at the same
Most modern network cards can autonegotiate duplex with the device on the other end of the wire (802.3ae), if
it is plugged into a switch.
Windows uses IPCONFIG to set ethenret parameters from the commands line. Most UNIX systems use the
ifconfig command to set display ethernet card paramaters. Others use specific commands like ethtool (LINUX)
or ndd (Solaris)
Media Access Control (MAC) Address
The media access control (MAC) address can be equated to the serial number of the NIC. Every IP packet is
sent out of your NIC wrapped inside an Ethernet frame that uses MAC addresses to direct traffic on your locally
The MAC Address is a 6 byte field burned into the Ethernet chip on the NIC card by the manufacturer –
represented as 12 hexadecimal digits. The first 3 bytes (6 hex numbers) represent the manufacturer.
MAC addresses have significance only on the locally attached network. As the packet hops across the Internet,
its source/destination IP address stays the same, but the MAC addresses are reassigned by each router on the
way using a process called ARP.
Each LAN Protocol has it’s own data format called a “frame”. The standards for each protocols are defined
with the standard specification for the protocol.
Ethernet: Definitions and Standards
The early development of Ethernet was done by Xerox research. The name "Ethernet" was a registered
trademark of Xerox Corporation. Ethernet from this period is often called DIX after its corporate sponsors
Digital, Intel, and Xerox. As the holder of the trademark, Xerox established and published the standards.
The technology was refined and a second generation called Ethernet II was widely used. The IEEE was
assigned the task of developing formal international standards for all Local Area Network technology. The
"802" committee was formed to look at Ethernet, Token Ring, Fiber Optic, and other LAN technology. The
objective of the project was not just to standardize each LAN individually, but also to establish rules that would
be global to all types of LANs so that data could easily move from Ethernet to Token Ring or Fiber Optics.
This larger view created conflicts with the existing practice under the old Xerox DIX system. The IEEE was
careful to separate the new and old rules. It recognized that there would be a period when old DIX messages
and new IEEE 802 messages would have to coexist on the same LAN. It published a set of standards of which
the most important are:
802.2 - The new message format for data on any LAN
802.3 - Hardware standards for Ethernet cards and cables
802.4 – Hardware standards Token Bus cards and cables
802.5 - Hardware standards for Token Ring cards and cables
802.11 – Wireless LAN Technologies
The 802.3 standard further refined the electrical connection to the Ethernet. Today all Ethernet NICs cards
conform to this standard.
The TCP/IP protocol used by the Internet refused to change. Internet standards are managed by the IETF group,
and they decided to stick with the old DIX message format.
IBM implemented SNA over LAN until after the 802 committee released its standards, then rigorously
implemented the 802 rules for everything except TCP/IP where the IETF rules take precedence. This means that
NETBEUI (the format for NETBIOS on the LAN) and SNA obey the 802 conventions.
The old DIX rules for message format persist for some uses (Internet, DECNET, some Novell). The new 802
rules apply to other traffic (SNA, NETBEUI). The most pressing problem is to make sure that Novell clients
and servers are configured to use the same frame format.
Ethernet: Definitions and Standards
Ethernet Media Access Control: Access and Collisions - OSI Layer 1
Base Ethernet is a broadcast medium, every computer on a network section shares the same wire.
While an Ethernet can be built using one common signal wire – coax such as ThickNet or ThinNet - such an
arrangement is not flexible enough to wire most buildings. Ethernet wire cannot be just spliced together,
connecting one copper wire to another. Ethernet requires a repeater - a simple station that is connected to two
wires that repeats the Ethernet signal bit-for-bit on the other wire.
Repeaters are passive devices (no MAC Address) that repeat digital signals from one side to the other. Ethernet
repeaters are subject to the 5/4/3 rule – 5 segments connected by 4 repeaters with three segments active - a limit
of 30 active workstations.
A multi-port repeater using twisted pair wiring is referred to as a hub.
The Ethernet hub contains a repeater connecting workstations over phone type wiring (Category 3) for every
connection. It is possible to connect multiple hubs in a chain formation to create a LAN with more ports; often
called daisy chaining. Hubs have their own version of the repeater rule when daisy-chained called the Class I
(10 MBS, 4 hubs) or Class II (100 MBS 2 hubs) that define how they can be connected within a collision
Hubs physically cross-connect all their ports with one another which causes all traffic sent from a server to the
hub to be blurted out to all other servers connected to that hub whether they are the intended recipient or not.
Hubs have little or no electronics inside and therefore do not regulate traffic. It is possible for multiple servers
to speak at once with all of them receiving garbled messages. When this happens the servers try again, after a
random time interval, until the message gets through correctly. It is for these reasons that Ethernet devices that
plug into hubs should be set to half duplex.
10 MBS Ethernet uses Manchester encoding (first published in 1949) to encode the clock and data of a
synchronous bit stream. In this technique, the actual binary data to be transmitted over the cable are not sent as a
sequence of logic 1's and 0's (known technically as Non Return to Zero (NRZ)). Instead, the bits are translated
into a slightly different format that has a number of advantages over using straight binary encoding (i.e. NRZ).
In Manchester encoding a logic 0 is indicated by a 0 to 1 transition at the centre of the bit and a logic 1 is
indicated by a 1 to 0 transition at the centre of the bit. Note that signal transitions do not always occur at the ‘bit
boundaries’ (the division between one bit and another), but that there is always a transition at the centre of each
bit. The Manchester encoding rules are summarised below:
Original Data Value Sent
0 to 1 (upward transition at bit
1 to 0 (downward transition at bit
The following diagram shows a typical Manchester encoded signal with the corresponding binary representation
of the data (1,1,0,1,0,0) being sent.
Note that signal transitions do not always occur at the 'bit boundaries' (the division between one bit and
another), but that there is always a transition at the centre of each bit.The encoding may be alternatively viewed
as a phase encoding where each bit is encoded by a postive 90 degree phase transition, or a negative 90 degree
phase transition. The Manchester code is therefore sometimes known as a Biphase Code.
A Manchester encoded signal contains frequent level transitions which allow the receiver to extract the clock
signal using a Digital Phase Locked Loop (DPLL) and correctly decode the value and timing of each bit. To
allow reliable operation using a DPLL, the transmitted bit stream must contain a high density of bit transitions.
Manchester encoding ensures this, allowing the receiving DPLL to correctly extract the clock signal. This is
implemented in Ethernet using a 1-byte Start flag “0x7E: and a “preamble” consisting of 7 bytes of alternating
one’s and zeroes ahead of the MAC Destination Address. The start field and preamble are typically not seen in
LAN traces which show only Layer 2 data or above.
Bi-phase Manchester encoding consumes up to approximately twice the bandwidth of the original signal (20
MHz). This is the penalty for introducing frequent transitions. For a 10 Mbps LAN, the signal spectrum lies
between the 5 and 20 MHz. Manchester encoding is used as the physical layer of an Ethernet LAN, where the
additional bandwidth is not a significant issue for coaxial cable transmission
The limited bandwidth of CAT5e cable necessitated a more efficient encoding method for 100 Mbps
transmission using a 4b/5b MLT code. This uses three signal levels (instead of the two levels used in
Manchester encoding) and therfore allows a 100 Mbps signal to occupy only 31 MHz of bandwidth. Gigabit
Ethernet utilises five levels and 8b/10b encoding, to provide even more efficient use of the limited cable
bandwidth, sending 1 Gbps within 100 MHz of bandwidth.
A transmission rate of 10 Mbps implies that each bit is sent in 0.1 microseconds. For a coaxial cable, the speed
at which the signal travels along the cable is approximately 0.77 times the speed of light (i.e. 0.77x3x10E8). A
bit therefore occupies 23 metres of cable. Under the same conditions the smallest frame would be 13.3 km!
If you wish to do the same calculation for a twisted pair cable, you would have to take into consideration that
the propagation speed is slower at 1.77x10E8 (0.59c). Increasing the bit rate, for example using 100BTx,
decreases the time available to send each bit into the wire, but does not change the speed at which the edge of
the bits travel through the cable!
Ethernet: Definitions and Standards
Computers wait until the line (media) is clear before transmitting and then send their data while comparing what
they wanted to send with what they actually sent on the cable as a means of error detection using a
mathematical comparison, technique called cyclic redundancy check (CRC). Any detected differences between
the two, the server assumes that it transmitted data simultaneously with another server on the cable. It waits
some (pseudo) random time and retransmit at some later stage when the line was clear again.
The "Multiple Access" part means that every station is connected to a single copper wire (or a set of wires that
are connected together to form a single data path). The "Carrier Sense" part says that before transmitting data, a
station checks the wire to see if any other station is already sending something. If the LAN appears to be idle,
then the station can begin to send data. Transmitting data only after first sensing whether the cable, which was
strung between multiple devices, had the correct signaling levels is a methodology called carrier sense,
multiple access or CSMA.
The ability to detect garbling due to simultaneous data transmissions, also known as collisions, is called
collision detect or CD. Together this access mechanism is referred to as CSMA/CD. This stands for "Carrier
Sense, Multiple Access/ Collision Detect".
An Ethernet station sends data at a rate of 10 megabits per second (base speed). That bit allows 100
nanoseconds per bit. Light and electricity travel about one foot in a nanosecond. Therefore, after the electric
signal for the first bit has traveled about 100 feet down the wire, the station has begun to send the second bit. If
two stations are located, say, 250 feet apart on the same cable, and both begin transmitting at the same time,
then they will be in the middle of the third bit before the signal from each reaches the other station.
This explains the need for the "Collision Detect" part. Two stations can begin to send data at the same time, and
their signals will "collide" nanoseconds later. When such a collision occurs, the two stations stop transmitting,
"back off", and try again later after a randomly chosen delay period.
The 802.11 specifications defining many wireless Ethernet technologies are another example of commonly used
layer 1 and 2 components of the OSI model uses a broadcast machanism called Carrier Sense Multiple Access
with Collision Avoidance (CSMA/CA) where the “random” access comes first instead of after a collison.
"Ethernet" is generally reserved for a system that transmits 10 megabits per second with a round trip delay of 50
microseconds. The worst case for Ethernet starts when a workstation at one end of a wire begins sending data.
The signal passes down the wire through repeaters, and just before it gets to the last station at the other end of
the LAN, that station (hearing nothing and thinking that the LAN is idle) begins to transmit its own data.
A collision occurs. The second station recognizes this immediately, but the first station will not detect it until
the collision signal retraces the first path all the way back through the LAN to its starting point. Any system
based on collision detect must control the time required for the worst round trip through the LAN. As
"Ethernet" is commonly defined, this round trip is limited to 512 “bit times” or (512 x 1/10**7) or 50
microseconds (millionths of a second) at 10 MHZ. This is enough time to transmit 500 bits. At 8 bits per byte,
this is slightly less than 64 bytes.
To make sure that the collision is recognized, Ethernet requires that a station must continue transmitting until
the 50 microsecond period has ended (512 bits). If the station has less than 64 bytes of data to send, then it must
pad the data by adding zeros at the end.
The area within which CSMA/CD takes place is called a “collision domain”. With multiple workstations access
ing the medium, full utilization is usually at 33% according to queueing theory.
To extend the LAN farther than the 50 microsecond or “collision domain” limit , one needs a bridge or router. A
“bridge” is a Layer 2 device that connects multiple collison domains. A multiport bridge is called a switch, each
port connection is it’s own collision domain with only two devices, the workstation and switch.
In a switch, unlike a hub, traffic sent from Server A to Server B will be received only by Server B. The only
exception is broadcast traffic which is blurted out to all the servers simultaneously. Switches can regulate
traffic, thereby eliminating the possibility of message garbling and providing a more efficient traffic flow.
Devices that plug into switches should be set to full duplex to take full advantage of the dedicated bandwidth
coming from each switch port.
Normal Switches and hubs provide no access control between servers connected to the same LAN. This is why
network administrators group trusted servers having similar roles on the same LAN. Larger, more expensive
switches can be configured to assign only certain ports to prespecified virtual LANs or (VLANs) chosen by the
network administrator. In this case, the switch houses ports on multiple logical or virtual LANs. Some of these
switches may also perform basic Layer 3 routing between VLANs for specific protocols (like IP). No router
Ethernet: Definitions and Standards
Ethernet Frame Formats - OSI Layer 2
Ethernet frames are defined at OSI layer 2.
A block of data transmitted on the Ethernet is called a "frame." The first 12 bytes of every frame contain the 6
byte destination address (the recipient) and a 6 byte source address (the sender). Each Ethernet adapter card
comes with a unique factory installed address (the "universally administered address"). Use of this hardware
address guarantees a unique identity to each card.
The PC software (in PROTOCOL.INI or NET.CFG) can be configured to substitute a different address number
that the “burned-in” AMC, called a "locally administered address."
The source address field of each frame must contain the unique address (universal or local) assigned to the
sending card. The destination field can contain a "multicast" address representing a group of workstations with
some common characteristic. A Novell client may broadcast a request to identify all Netware servers on the
LAN, while a Microsoft or IBM client machine broadcasts a query to all machines supporting NETBIOS to find
a particular server or domain.
In normal operation, an Ethernet adapter will receive only frames with a destination address that matches its
unique address, or destination addresses that represent a multicast message. However, most Ethernet adapters
can be set into "promiscuous" mode where they receive all frames that appear on the LAN. If this poses a
security problem, a new generation of smart hub devices can filter out all frames with private destination
addresses belonging to another station.
There are three common conventions for the format of the remainder of the frame:
1. Ethernet II or DIX
2. IEEE 802.3 and 802.2
Ethernet II or DIX
================== Data direction
Before the development of international standards, Xerox administered the Ethernet conventions. As each
vendor developed a protocol, a two byte Type code was assigned by Xerox to identify it. Codes were given out
to XNS (the Xerox own protocol), DECNET, IP, and Novell IPX. Since short Ethernet frames must be padded
with zeros to a length of 64 bytes, each of these higher level protocols required either a larger minimum
message size or an internal length field that can be used to distinguish data from padding.
Type field values of particular note include:
0x0600 XNS (Xerox)
0x0800 IP (the Internet protocol)
IEEE 802.3 and 802.2
The IEEE 802 committee was charged to develop protocols that could operate the same way across all LAN
================== Data direction
To allow collision detect, the 10 megabit Ethernet requires a minimum packet size of 64 bytes (512) bits. Any
shorter message must be padded with zeros. The requirement to pad messages is unique to Ethernet and does
not apply to any other LAN media. In order for Ethernet to be interchangeable with other types of LANs, it
would have to provide a length field to distinguish significant data from padding.
The DIX standard did not need a length field because the vendor protocols that used it (XNS, DECNET, IPX,
IP) all had their own length fields. However, the 802 committee needed a standard that did not depend on the
good behavior of other programs. The 802.3 standard therefore replaced the two byte type field with a two byte
Xerox had not assigned any important types to have a decimal value below 1500. Since the maximum size of a
packet on Ethernet is 1500 bytes, there was no conflict or overlap between DIX and 802 standards. Any
Ethernet packet with a type/length field less than 1500 is in 802.3 format (with a length) while any packet in
which the field value is greater than 1500 must be in DIX format (with a type).
The 802 committee then created a new field to substitute for Type. The 802.2 header follows the 802.3 header
The 802.2 header is three bytes long for control packets or the kind of connectionless data sent by all the old
DIX protocols. A four byte header is defined for connection oriented data, which refers primarily to SNA and
NETBEUI. The first two bytes identify the SAP. Even with hindsight it is not clear exactly what the IEEE
expected this field to be used for. In current use, the two SAP fields are set to 0x0404 for SNA and 0xF0F0 for
NETBEUI. 0x0A0A for LLC2..
The IEEE left all the other protocols in a confusing situation. They did not need any new services and did not
benefit from the change. Furthermore, a one byte SAP could not substitute for the two byte type field. Yet 802.2
was an International Standard, and that has the force of law in many areas. The compromise was to create a
special version of the 802.2 header that conformed to the standard but actually repackaged the old DIX
Under SNAP, the 802.2 header appears to be a datagram message (control field 0x03) between SAP ID 0xAA.
The first five bytes of what 802.2 considers data are actually a subheader ending in the two byte DIX type
value. Any of the old DIX protocols can convert their existing logic to legal 802 SNAP by simply moving the
DIX type field back eight bytes from its original location.
Ethernet: Definitions and Standards
Local Area Network Connectivity
When a DCE (hub or switch) connects to a DTE(workstation ), a straight-through cable is used. DCEs
connected to DCEs or DTEs connected to DTEs require crossover cables. This terminology is generally used
with Ethernet cables.
A straight-through Ethernet cable is easy to identify. Hold the connectors side by side, pointing in the same
direction with the clips facing away from you. The color of the wire in position #1 on connector #1 should be
the same as that of position #1 on connector #2. The same would go for positions #2 through #8, that is, the
same color for corresponding wires on each end. A crossover cable has them mixed up. Table 2-3 provides
some good rules of thumb.
Cabling Rules of Thumb
Scenario Likely Cable Type
PC to PC Crossover
Hub to hub Crossover
Switch to switch Crossover
PC to modem Straight-Through
PC to hub Straight-Through
PC to switch Straight-Through
Some manufacturers configure the Ethernet ports of their networking equipment to be either of the DTE or the
DCE type, and other manufacturers have designed their equipment to flip automatically between the two types
until it gets a good link (autoMDIX); making cable selection unecessary. As you can see, confusion can arise
when selecting a cable. If you fail to get a link light when connecting your Ethernet devices together, try using
the other type of cable.
Note that any device that functions an OSI Layer 3 only (router) or above (firewall etc), is a DTE for LAN
connectivity purposes. These terms are often confused:
A repeater (Layer 1 device) receives and then immediately retransmits each bit. It has no memory and
does not depend on any particular protocol. It duplicates everything, including the collisions.
A bridge (Layer 2 device) receives the entire message into memory. If the message was damaged by a
collision or noise, then it is discarded. If the bridge knows that the message was being sent between two
stations on the same cable, then it discards it. Otherwise, the message is queued up and will be
retransmitted on another Ethernet cable. The bridge has no address. Its actions are transparent to the
client and server workstations.
A router (Layer 3 device) acts as an agent to receive and forward messages. The router has an IP
address and is known to the client or server machines. Typically, machines directly send messages to
each other when they are on the same cable, and they send the router messages addressed to another
zone, department, or subnetwork. Routing is a function specific to each protocol.