We’ll look at the concept of a network segment in a future post, but for now all you need to think about is how two computers communicate on a Local Area Network.
Before we discuss how machines on the same LAN segment communicate, we need to understand what Media Access Control (MAC) addresses are. A MAC address is the physical address of a network adapter. These are 48 bit addresses that are expressed as 12 digit hexadecimal notation and are unique to each network adapter. Each manufacturer has an assigned range that they are to use for their first 24 bits, this is known as the Organizationally Unique Identifier (OUI). The second 24 bits are known as the Network Interface Controller (NIC) specific and must be unique within that vendor’s range. Keeping these ID’s unique is imperative for successful LAN communication.
Below you can see an Ethernet Address (MAC Address).
If you want to find your own MAC Address, you can do so by running ipconfig /all from a command prompt in Windows.
You can also look these OUI numbers from a variety of sites. http://www.macvendorlookup.com/
Sending a Frame
Now that we’ve reviewed MAC Addresses, lets look at how they are used. Below is an example scenario that has two machines connected by a switch. For the purposes of this example, Computer A will be the sending computer and Computer B will be the receiving computer.
Computer A will do a DNS lookup on the name “Computer B” to determine the IP Address 192.168.1.2. At this point Computer A will check to see if this IP Address is on the same broadcast domain or a different one. (We’ll explore this more in a future post.) Once Computer A has determined it’s on the same broadcast domain, it will check it’s arp table.
ARP stands for Address Resolution Protocol and is responsible for mapping IP Addresses to physical MAC Addresses. On a windows machine, you can view the arp table by running “arp -a” in a command prompt.
Back to our example, Computer A now did a lookup on the arp table to find Computer B’s MAC Address. At this point one of two things happens.
1) If the MAC Address shows up in the arp table, Computer A will then send frames with a destination address of BB-BB-BB-BB-BB-BB out on the network. Computer B will respond to these frames because the destination MAC Address is the same as its local MAC Address.
2) If the MAC Address does not show up in the arp table, Computer A will send a frame with a destination address of FF-FF-FF-FF-FF-FF which is a broadcast address. This address is accepted by all machines, but will request a reply from the machine with IP Address 192.168.1.2. When the machine gets the return frame from Computer B, it will then have the physical address and can do step one.
In our example we would have a frame that look similar to the one below.