Network Interface Cards (NIC)
To start with, I will look at network interface cards. Network interface cards provide the interface between a computer and the network. Some devices also provide a network connection but are not physical network cards. These devices are called transceivers and are often used in network equipment.
Network cards are essentially made of two parts, the transceiver port and the circuit board. The circuit board contains electronics to process the signal from the transceiver port and send it to the computer.
Thus, the job of the transceiver is to send signals over the cabling. In this example, twisted pair and fiber optic are being used. In order for data to be understood on the network, it needs to follow a particular standard. Let’s have a closer look.
Wireshark
Shown here is Wireshark, a renowned network capturing software, also referred to as a “packet sniffer”. It displays network traffic in real time until I press the stop button. Tools like Wireshark are invaluable for monitoring the flow of network traffic through your network, offering significant assistance in troubleshooting efforts. For our purposes, we will focus on examining a single packet captured by this software.
With the packet that I have selected, there is a lot of data that you can go through. Notice under Ethernet II, I can see destination information. Ethernet II is a type of frame that is used with 802.3 networks. This frame encapsulates the data. Later in the video, I will take a closer look at it.
The data within the frame is used to direct the packet to its intended destination within the current network segment. It is important to note that the destination address corresponds to the router’s address on my network. The destination address is the MAC address for my router. A MAC address is a unique number given to each device on the network to identify it. I will look at MAC addresses in more detail later in the video.
Under this is the source MAC address. The source MAC address, in this example, is the MAC address of the network card in this computer. Thus, the source and the destination addresses are designed to provide a point-to-point connection on the local network. More on that later in the video.
Under this, notice “Internet Protocol Version 4”. The internet is made possible by using many protocols. When you talk about TCP/IP, this is the IP part. Internet Protocol or IP is what provides routing over the internet. Thus, you will notice routing addresses like the source IP address listed. This is the IP address of this computer’s network card. The destination IP address is also listed which is the address of the final destination of this packet.
The next part down is the Transmission Control Protocol or the TCP part. You will notice this has a source port. The source port will be assigned by the local computer and in a lot of cases will be the next free port from a pool of ports.
Notice the destination port is also listed. This is the destination port on the receiving end. In this case, port 443 is used for secure web traffic. When studying for network exams, you will need to memorize the commonly used network ports.
To the right, we have the packet’s hexadecimal output. Clicking on any part of this output will highlight the corresponding section of the packet on the left, allowing you to see exactly what part of the data is being referred to.
On the right-hand side, you’ll find the hexadecimal representation of the packet. When I click on it, you will observe that the corresponding section of the packet, highlighted on the left, is selected based on the data chosen.
The main takeaway point is that, in a single ethernet packet, there are a number of different protocols that are combined together to allow a packet to be routed over the internet. Let’s have a look at the data in a different way and hopefully it will all make sense.
Packet Break Down
Shown here is a breakdown of the packet we looked at in Wireshark. This breakdown does not include all the data, just the major parts. For the A+ exam, you really only need to understand how packets are routed between networks. I think it helps to have a bit of an understanding of the breakdown of the packet as it helps you to understand the concepts later in the video. However, don’t be concerned if you don’t understand it fully. If you go onto study networking, most likely you will come across this breakdown again.
Most networks that you will work on nowadays are ethernet networks. Thus, data sent around the network is sent in an ethernet packet. The ethernet packet contains the source MAC address and the destination MAC address. Later in the video, I will look at MAC addresses in more detail.
The ethernet packet only allows us to send data on the current network segment. That is, generally, the packet is sent from one device to another. So, we see the source and destination MAC addresses of these devices.
The ethernet packet has a data section. This section contains data for other protocols. In this case, the data for the IP and the TCP protocols. Thus, the ethernet packet is essentially encased inside these other protocols.
The IP packet will contain the source IP address and the destination IP address. This is used to route the packet to different networks. The TCP part has the port numbers that are used. Since a single IP address can have multiple communication channels at once, ports are used to differentiate between the different channels.
The main takeaway from this is that multiple protocols can be encased in the same packet. In order to get the information, you need to inspect the different protocols inside the packet for the data you require. Different devices on the network will use different information from the packet in order to determine what to do with it. Later in the course I will cover networking in more detail, but for the rest of this video, I will only be looking at basic networking use by network cards. I will leave routing and other networking topics to other videos.
To start with, let’s have a closer look at the MAC address.
Media Access Control (MAC)
The Media Access Control or MAC address is a 48-bit address assigned to each network interface. Every network device manufactured will have a MAC address. For example, this network card will have had a MAC address configured when the network card was manufactured. Essentially, the MAC address is burned in and can’t be changed… sort of, more on that in a moment.
For the A+ exam you won’t need to know this, but it is useful when troubleshooting. To make it easier to read, the MAC address is usually written as six pairs of hexadecimal digits separated by dashes. The first half of the MAC address is the manufacturer of the network device. The second part is a unique number to identify the network device. This number is assigned by the manufacturer so different network devices can be on the same network and uniquely identified. If you have a MAC address and want to know the manufacturer of the network device based on the MAC address, there are websites where you can look this up.
When you are troubleshooting network problems, have a look at the start of the MAC address, this will give you the manufacturer which will give you a good clue as to which device the MAC address belongs to.
The 48-bit MAC address should always be unique. Well, they should be. Unless there is a manufacturing error, the MAC address of the network device will always be unique. However, there are other ways the MAC address can change.
Software has the capability to override MAC addresses. The MAC address is hardcoded during manufacturing, but if your network device supports it, you can use an alternate one. If you wish to override the MAC address on a network card in a computer, this is done with software. Thus, if you remove the network card from the computer and put it in another one, it will revert back to the hardcoded MAC address.
Software can also add additional MAC addresses. This is commonly used for virtual machines to add additional MAC addresses, since they essentially piggyback off the network adapter in the host computer.
The main takeaway from this is each network device will be given a unique MAC address from the manufacturer. It is possible to force the network adapter to use a different MAC address or additional ones, but you can’t change the one assigned by the manufacturer. The network adapter will always default back to the MAC address assigned to it in the factory.
To understand better how a MAC address works, let’s have a look at how a device like a hub would use it.
Network Hub
A network hub is a device that allows multiple other devices to be connected together. Before I continue, it is important to understand that hubs are considered obsolete technology. They started to be phased out around the 2000’s. In today’s market, finding a refurbished hub has become a challenge, and the possibility of purchasing a brand-new one is non-existent as hubs are no longer being manufactured. Finding a hub nowadays is like unearthing a dusty relic in your attic, and about as rare as encountering a bulky CRT monitor in the age of sleek flat screens.
Network hubs do not support one gigabit networking. Since one gigabit is pretty common nowadays, it is just another reason not to purchase a hub. Even though we don’t use hubs anymore, they are still taught about in network classes as they explain some important network concepts. So, just focus on the network concepts and not so much on how to use one, because you probably never will.
Network hubs differ from other network devices in that any data that goes into any port simply gets repeated out to all the other ports. By today’s standards, they are simple devices. Given it replicates traffic out to all the ports, this creates security concerns, because essentially everyone on the network receives everyone else’s traffic.
As a result of simply replicating traffic, hubs have one collision domain. A collision domain is a network segment where any nodes on that segment, if they attempt to send data at the same time, will result in a collision. Essentially, this is the same effect as having a room full of people and two of them trying to talk at once.
If a collision occurs, the speed of the network slows down. To resolve a collision, the two devices stop sending for a random time period. Then, if collisions keep occurring, the time period gets extended.
Network hubs are considered to be a Layer 1 device. We don’t cover the OSI model in this course, which explains all of the different networking layers. The important point to remember is that Layer 1 is the physical layer. That is, direct communication with the physical cabling with no additional networking or routing applied. Let’s have a closer look to understand what that means.
MAC Addresses and Physical Layer
To understand how the physical layer works, let’s consider that we have a hub with four different ports. Connected to this hub are four computers. Although hubs are obsolete, understanding how they work helps us understand other network concepts.
To make it simple, each computer has a single network card which has one MAC address. Now let’s consider that the computer on the left-hand side wants to send a packet to the computer on the right-hand side. In order to do this, the computer needs to add the MAC address of the computer that is receiving the data. The computer also adds its MAC address as the source address.
When working on the physical layer, the data sent is called a frame. A packet is a high-level concept. Once you get down to the physical layer, you work in frames. Thus, I will refer to the data as frames from here on.
The frame is sent through the hub. All the computers on the network will receive a copy of the frame. The receiving computers will check the MAC address of the destination with their MAC address. Two of the computers with different MAC addresses will reject the frame. The computer that has the MAC address that matches will accept the frame. Thus, nodes on the network ignore frames with different MAC addresses. This is how a hub can operate by simply repeating the frame received to all ports. It requires all the nodes on the network to ignore frames that do not have the destination MAC address set for that node.
Since hubs are obsolete and you are unlikely to come across them, let’s have a look at how this concept is still important to understand.
Network Segment
When working with networks, you will come across the term “network segment”. If you go on to do the Network+ exam, you will come across this term. To understand the concept, consider you have a computer that is connected to the network and is sending data to and from the network. The computer is running a number of virtual machines.
Each device on the network has its own MAC address. All the devices on this network segment are in the same collision domain. In the case of network hubs, all the devices connected to the hub are on the same collision domain. Later in the video, I will look at how these collision domains are separated with modern network equipment.
The main takeaway from this is all devices on the same network segment receive all the frames traveling on that network segment. To illustrate this point a little better, let’s consider a hacker was able to access the network segment. The hacker attaches a sniffing device to the network that allows them to intercept any data traveling along that network segment.
You may be able to keep your network free of hackers; however, understanding what data travels over different network segments is important. This knowledge aids in troubleshooting and pinpointing network problems. For example, you don’t want to be looking for network traffic on a network segment which the traffic never travels over.
So far, I have only looked at network hubs, which is an obsolete technology. Let’s have a look at how modern networks transfer traffic over the network.
Network Switch
Nowadays, networks are built using switches rather than hubs. You can see, besides the switch being written on the top, the devices look much the same. If you were to see a hub on your network, given how old the technology is, I would get it replaced. However, I would not throw it away as a network hub can be useful to the technician in certain situations. More of that later in the video.
Rather than replicate traffic out all the ports, a switch forwards frames based on the MAC address. Since it can forward frames like this, it uses a star topology rather than the bus topology used by a hub. A star topology means that rather than all the devices sharing the same cable or shared bus, each device is connected by its own connection. Thus, they can operate independently of the others.
To understand this better, consider that we have three devices connected to our switch. Each device will have its own MAC address. One of the computers is also running three virtual machines. Each virtual machine also has its own MAC address.
In order for the network switch to forward frames, it needs to record each MAC address that is connected on each port. It does this by keeping a MAC Address Table. This is populated by the devices connected to that port, and should have the MAC address of the physical computer and the MAC addresses of the virtual machines running on that physical computer.
Let’s consider that we connect the switch to another much larger switch. The switch won’t know the MAC addresses of the devices on that switch, so it needs to learn the MAC addresses of the devices connected to that switch. The details of how this table is kept up to date is beyond the scope of the A+ exam. This is a topic for advanced networking classes. I will, however, talk about what happens if the switch receives a frame for a MAC address it has not learned about yet. Since the switch does not know which port to send the data out, the switch will send the frame out to all the ports.
As you can see, switches are smart devices that, as time goes by, learn which devices are connected to each port. When compared to hubs, a few things are different. Let’s have a look.
Switch in More Detail
When looking at switches, essentially a switch performs forwarding based on MAC addresses. Thus, it is considered a Layer 2 device. Layer 1 devices such as a hub, work at the physical layer and simply transmit frames across the network. A Layer 2 device is a little smarter and looks at MAC addresses and forwards frames based on that information. If you study more about networking, this topic will be covered in more detail.
Modern ethernet networks use different cables in order to transmit data in each direction. As each port can technically work independently of the others, it should not be possible for a collision to occur. Technically, a collision occurs when two devices try to transmit data at the same time. Since only one network interface is connected to each port, with an upstream and a downstream channel, it should never be possible for a collision to occur.
Regardless of whether it is possible or not, each port is still referred to as being on a separate collision domain. It’s not something to think too much about. If you go on to study networking, you will probably get questions asking you to count how many collision domains are on a network.
Now let’s have a look at what types of switches are available for us to purchase.
Unmanaged Switch
The first type of switches you will come across are unmanaged switches. These switches require no additional configuration. You simply plug them in and you are good to go. Unmanaged switches are the most common switches sold on the market. They come in many different forms. For example, they may include different cable types such as twisted pair and fiber optic.
They are most likely the switch embedded in your home router. If your router has multiple LAN ports at the back of it, most likely it has an embedded unmanaged switch. Unmanaged can also include large switches that have a lot of ports. Also, devices like IP telephones can include an unmanaged switch.
Some IP phones will allow you to plug them into your network and have another connection that allows you to plug your computer into the phone. This way, you don’t require two network connections. You may be thinking, would this not be a good option for a hub?
Hubs are limited to 100 Megabits per second and thus are not a good choice, as most networks are 1 Gigabit nowadays. Even if 100 Megabits is enough, the cost of the electronics for switches has come down so much, it is not worth using a hub. Further to this, using hubs, even in cases like an IP telephone which only has two ports, has become deprecated within the standard. Deprecated means that it is no longer recommended or supported and thus should be avoided. Therefore, even devices like this are most likely using an unmanaged switch.
The main takeaway from this is any modern network equipment, regardless of how many ports it has, is most likely going to be a switch and not a hub. Now let’s have a look at managed switches, so we can understand the differences.
Managed Switch
A managed switch has additional Enterprise options. They cost more, but include additional features designed for business networks, for example, additional port management, security, VLANs, and other network options. Managed switches also include an interface to configure the switch. A lot of managed switches will include a management port that allows connections to the switch over the network using the IP protocol.
Nowadays, most managed switches have a web interface to configure the switch. You may be thinking that your home router has a web interface you can use to configure it. This interface may also allow for security settings to be set that affect the switch, for example, by configuring ports on the switch to only allow devices with certain MAC addresses to connect.
The difference is that managed switches have far more features than a home device has. You will find that a home device will only have a small subset of the features that a managed switch has. Managed switches are designed to be managed remotely by an administrator and may include additional features, such as being able to monitor the traffic going through the switch.
Managed switches tend to perform better than unmanaged switches, which is to be expected since they generally cost more. Although not required, managed switches are often rack mountable.
When looking at switches, if they are managed switches, they will say they are managed in the specification. Unmanaged switches often will say they are unmanaged, but if it does not say anything, then it is most likely unmanaged.
Managed switches generally cost more, perform better, have remote management, and a lot of features aimed for Enterprise networks.
Now that we understand a bit more about how traffic travels over a network, let’s now have a look at how we can capture the traffic.
Packet Capture
Let’s consider that we have two computers that are connected together. It does not have to be two computers, just a point on the network where we want to monitor network traffic. The next step is to attach a network sniffer to that part of the network. The network sniffer needs to access all the network traffic passing that point. To do this, a copy of the network traffic is transferred to another computer or device so it can be viewed. In most cases, this is a computer running Wireshark. The question therefore is how do we create a copy of the network data?
On an Enterprise network, your managed switches may have port mirroring. If this is the case, you need to configure a port on the switch to do this. When enabled, the switch will copy data from the ports you choose to the mirroring port. It is a simple matter of attaching your monitoring device to this port. Enabling this option does increase the load on the switch, and thus you may want to be selective about what traffic you mirror and only have it on for a limited time.
In this example, I have used an example of a five-port managed switch. If you have a need to monitor traffic and your device does not support mirroring, you can purchase a switch like this. However, even a small five-port managed switch can cost a bit.
The next solution is to purchase a network tap. A network tap is a device that effectively plugs into the network and acts as a pass-through device. This means the network traffic passes through the device in both directions. As the network traffic passes through the device, it can be captured and sent to your monitoring device via a monitoring port. In the case of this example, the output can be sent to the network or a USB.
Network taps cost a bit of money but are generally cheaper than buying a managed switch. A cheaper option is a throwing star. These don’t cost much at all, but the problem with them is, they are limited to 100 megabits. Essentially, a throwing star works by forcing the connection to drop to at most 100 megabits per second. It then works like a hub replicating the traffic to a monitor port where you can attach your packet sniffer. Given it works like a hub, it is possible to transmit traffic onto the network via the monitoring port, not just passively listen. This is something to be aware of if you decide to use one.
The last option you have is to use a hub. This is considered to be a legacy option nowadays. You would only use this option if you happened to have a hub available. Given that hubs are obsolete, if you were to purchase one you would be paying more than you would for a network tap and purchasing equipment that was probably manufactured ten years ago if not longer. In my opinion, it is not worth purchasing a hub anymore for this purpose.
A hub will limit your speed to 100 megabits per second. Also, a hub will send traffic onto the network, so it is not a monitor-only option like the others.
So, what is the chance of you using packet capture to solve real-world problems?
In The Real World
In the real world, packet sniffing for troubleshooting is pretty rare. Most troubleshooting is solved using other methods like looking at logs and error messages. If you do require packet sniffing, most of the time it will be installing Wireshark on the client or server so you can monitor traffic – preferably on a client and even better on a test network. Unless you specialize in networking or doing network security or penetration testing, the average tech may never use a packet sniffer on the network they are supporting.
The other main use is for education and research. Installing Wireshark on your computer is a great way to understand networking. If you go on to study networking, using software like Wireshark is a great way to improve your understanding of how networks work.
Now that I have had a good look at network devices and networking, I will next look at what we plug the networking cables into.
Patch Panels
In order to easily connect and change connections, your office will most likely have a patch panel. This uses short cables to create easily changeable connections. Essentially, the connection is terminated at the patch panel. Short cables run from the terminated connection to network devices or other connections.
In this example, you can see the network switches at the bottom of the patch panel. At the top are the connectors which lead to the network point a user would plug into.
Thus, to patch a network point, you would do the following: Plug a cable into your network device. The next step is to plug the cable into the patch panel. The patch panel should have the number, or other identification, for each port, so you know which one to plug it into.
Behind the patch panel lies a punch down block, where the cabling is installed. Your installer will secure the cables into this block for you, effectively terminating the connections. In simple terms, this means attaching the network cable to the punch down block which establishes a connection between the cable and the connectors on the front of the patch panel.
The cable runs to a wall socket which the user will plug into. You can see that using this system gives you a lot of flexibility. If a user moves to a different part of the office, it is a simple matter to attend the patch panel and make the required changes. In some offices, there will be an old telephone system which will require the patch panel to be changed when a user moves to a different desk. In more modern offices, the telephone system runs off IP and only requires a network connection. Thus, the user simply needs to move their computer and phone to the new desk. In some cases, it just may be a matter of logging in to the phone on their desk, which is common in offices which have hot desks.
The main takeaway is the patch panel is the IT technician’s responsibility. Lucky for us, it is just a matter of unplugging cables and plugging them in where they go. Let’s now have a look at where the technician’s responsibility ends.
Demarcation Point
On your site, there will be a location called a demarcation point, otherwise known as a demarc. This is where the public network ends and the customer’s starts. When a new service is being installed, for example, new phone or data lines, the technician installing these will need to locate the demarcation point. Your job will pretty much be to show them where it is. The technician will run the new cabling to the demarcation point.
It is important to understand that it is your telecommunication company’s responsibility for the cabling up to the demarc point. Therefore, it is important not to touch it, as it is considered to be a utility like water or electricity. Making changes can break your area’s municipality codes and can result in fines.
There will be Customer Premises Equipment or CPE that the customer can plug their equipment into. Usually, the connection from the street terminates at the demarcation point, usually represented by a punch down cable without any physical connections, except in the case of fiber optic. For fiber optic cables, a specific termination point is necessary to connect the cable effectively.
From there, there will be another short run to somewhere you can plug your equipment in. Usually, this will be a patch panel or something similar. The demarc is essentially where the cable comes in off the street. The customer premises equipment is essentially where you plug in.
The simplest way to think of it is to consider who is responsible. The demarc point is your ISP or phone company’s responsibility. The customer premises equipment is your responsibility.
You may be wondering why we don’t just go directly to the demarc point? The reason for this is the service you pay for is a line into the property. If something goes wrong with that line, you expect it to be fixed. Often, if something is wrong with the line, the telecommunications company will switch you to a different line. When telecommunication companies run lines into a premises, they will often run more than what is needed, since the biggest cost is the labor to install the line, not the physical line itself.
The telecommunication company will generally work out if there is a fault in the line, attend your demarc point, and switch you to a working line. Since you are connected using your customer premises equipment, you don’t need to change anything on your side. You also have the advantage that if you want to patch the connection to another point, you simply just need to go to your patch panel, unplug the connection and plug it in where you want it.
The important takeaway from this is you need to know where the demarc point is, so you can take the telecommunication technician to that point when they need to fix or install a new line. As a technician, you need to know where the customer premises equipment is, so you can patch the service to where it needs to go. Often, but not always, these will be in the same room.
Power over Ethernet (PoE)
The last topic I will look at is Power over Ethernet. Ethernet has eight wires making four pairs of wires. Some ethernet standards use only two pairs leaving the other two pairs free. Thus, power can be transmitted over these spare pairs. Gigabit ethernet utilizes all four pairs of wires, in order to transfer power, and employs a specialized technique that allows both power and data to be transmitted simultaneously over the same wires. However, it’s essential to ensure that your device needs to support this feature.
Shown in this example is a wireless device that is using Power over Ethernet. A splitter is used to split the incoming cable into data and power. Some devices may not require a splitter.
To provide power to the link, you need a device that provides power. There are switches on the market that do this. These will cost more than your regular switches. In this example, half the ports, the ones labeled yellow, provide Power over Ethernet. The other option you have is to use a power injector. A power injector is a pass-through device that provides power to the ethernet cable using an external power source.
There are a number of different standards for Power over Ethernet. The last standard was released in 2018, so not that long ago compared with the other standards. Each standard increases the number of Watts. For the last standard, you also need to have the right type to use the most watts available.
Devices like CCTV cameras and wireless access points are common uses of Power over Ethernet. The standard used needs to provide enough Watts to run the device you are using. Thus, check that the device you are purchasing provides enough Watts for the device you are trying to power.
End Screen
That covers it for network hardware. I hope you have found this video informative. Until the next video from us, I would like to thank you for watching.
References
“The Official CompTIA A+ Core Study Guide (Exam 220-1101)” pages 125 to 131
“Mike Myers All in One A+ Certification Exam Guide 220-1101 & 220-1102” pages 125 to 128, 520 to 521
“Picture: Patch panel” https://commons.wikimedia.org/wiki/File:19-inch_rackmount_Ethernet_switches_and_patch_panels.jpg
“Picture: Patch panel rear” https://commons.wikimedia.org/wiki/File:Network_Patch_Panel_Clean_Back.jpg
“Picture: Demarcation Point” https://i.imgur.com/LicrK.jpg
“Picture: Fibre panel” https://pixabay.com/photos/fiber-optic-light-waveguide-4393373/
“Picture: POE device” https://upload.wikimedia.org/wikipedia/commons/f/f1/ZyXEL_ZyAIR_G-1000_and_D-Link_DWL-P50_20060829_2.jpg
“Picture: Network switch https://upload.wikimedia.org/wikipedia/commons/e/e3/Network_cables_and_switch.jpg
“Picture: Patch panel” https://commons.wikimedia.org/wiki/File:Panduit_Pan-Net_Cable_Management_System_detail_2.JPG
Credits
Trainer: Austin Mason https://ITFreeTraining.com
Voice Talent: HP Lewis http://hplewis.com
Quality Assurance: Brett Batson https://www.pbb-proofreading.uk
