1 00:00:00,000 --> 00:00:01,190 2 00:00:01,190 --> 00:00:04,070 If you and I went in to business and we manufactured 3 00:00:04,070 --> 00:00:07,110 network cards that plugged into ethernet networks, 4 00:00:07,110 --> 00:00:10,010 one of our responsibilities in building and manufacturing 5 00:00:10,010 --> 00:00:13,220 these cards is to make sure that each of our network adapters 6 00:00:13,220 --> 00:00:15,650 had burned into it or programmed into it 7 00:00:15,650 --> 00:00:19,370 a 48-bit unique address that that network adapter could 8 00:00:19,370 --> 00:00:22,790 use as it communicates locally on that network segment. 9 00:00:22,790 --> 00:00:26,180 One of the uses for a layer 2 address on a network adapter 10 00:00:26,180 --> 00:00:29,420 is that it allows a unique way of identifying that adapter 11 00:00:29,420 --> 00:00:30,620 on a network segment. 12 00:00:30,620 --> 00:00:32,689 And these layer 2 ethernet addresses 13 00:00:32,689 --> 00:00:34,500 are 48 bits in length. 14 00:00:34,500 --> 00:00:36,310 But you know, it's kind of a pain 15 00:00:36,310 --> 00:00:40,700 to talk to about 48 bits between friends as 101100. 16 00:00:40,700 --> 00:00:42,090 It's just too tedious. 17 00:00:42,090 --> 00:00:44,270 So what we do when we represent those where humans 18 00:00:44,270 --> 00:00:45,436 are going to be reading it-- 19 00:00:45,436 --> 00:00:47,240 we're usually using hexadecimal characters, 20 00:00:47,240 --> 00:00:51,560 12 hexadecimal characters to represent those 48 bits. 21 00:00:51,560 --> 00:00:55,520 Another interesting phenomenon is that these layer 2 addresses 22 00:00:55,520 --> 00:00:58,220 have lots of different names, including 23 00:00:58,220 --> 00:01:01,880 names like an ethernet address or a layer 2 24 00:01:01,880 --> 00:01:04,010 address or a physical address. 25 00:01:04,010 --> 00:01:07,130 Even though this is a layer 2 type of function 26 00:01:07,130 --> 00:01:09,530 because the addresses are going to be part of the layer 2 27 00:01:09,530 --> 00:01:11,390 frames, I suppose because they're 28 00:01:11,390 --> 00:01:13,790 burned into some of the network adapters. 29 00:01:13,790 --> 00:01:15,860 And a network adapter is a physical thing. 30 00:01:15,860 --> 00:01:17,600 It got the term physical address. 31 00:01:17,600 --> 00:01:19,580 But in any case, all these terms and names 32 00:01:19,580 --> 00:01:22,712 are referring to the layer 2 ethernet address. 33 00:01:22,712 --> 00:01:24,170 And while we're doing name calling, 34 00:01:24,170 --> 00:01:27,530 another name that these are often referred to as are MAC 35 00:01:27,530 --> 00:01:30,270 addresses-- capital M, capital A, capital C-- 36 00:01:30,270 --> 00:01:32,080 where that Mac doesn't stand for Macintosh. 37 00:01:32,080 --> 00:01:35,120 It stands for Media Access Control. 38 00:01:35,120 --> 00:01:38,360 And it's because we have these layer 2 addresses that 39 00:01:38,360 --> 00:01:41,870 intelligent devices like a layer 2 switch can take advantage 40 00:01:41,870 --> 00:01:43,340 of that information-- for example, 41 00:01:43,340 --> 00:01:45,844 where this frame is coming from and where it's going to-- 42 00:01:45,844 --> 00:01:47,510 because the source and destination layer 43 00:01:47,510 --> 00:01:50,520 2 addresses are inside that layer 2 frame. 44 00:01:50,520 --> 00:01:53,180 So a switch can make intelligent forwarding decisions 45 00:01:53,180 --> 00:01:55,240 based on that layer 2 address information 46 00:01:55,240 --> 00:01:56,690 in each of the frames. 47 00:01:56,690 --> 00:01:58,850 And oftentimes, when learning something new-- 48 00:01:58,850 --> 00:02:01,070 like, for example, wow, there's a layer 2 address 49 00:02:01,070 --> 00:02:02,360 on my network adapter. 50 00:02:02,360 --> 00:02:04,892 It's often fun to take a look at what yours is. 51 00:02:04,892 --> 00:02:06,600 And so here's a couple of different ways, 52 00:02:06,600 --> 00:02:08,308 depending on the platform that you're on, 53 00:02:08,308 --> 00:02:10,410 that you can look at your layer 2 address. 54 00:02:10,410 --> 00:02:12,212 So let's begin on a Linux box. 55 00:02:12,212 --> 00:02:13,670 If you happen to be on a Linux box, 56 00:02:13,670 --> 00:02:15,800 the command would be IF config. 57 00:02:15,800 --> 00:02:17,160 It'll list your interfaces. 58 00:02:17,160 --> 00:02:20,660 And as part of that, it's going to list the hardware address, 59 00:02:20,660 --> 00:02:23,150 which would be one more name that we could refer 60 00:02:23,150 --> 00:02:26,090 to the layer 2 address as-- so ethernet address, layer 2 61 00:02:26,090 --> 00:02:29,000 address, physical address, MAC address, or hardware address. 62 00:02:29,000 --> 00:02:31,820 They've also put some colons in to help separate two characters 63 00:02:31,820 --> 00:02:32,510 at a time. 64 00:02:32,510 --> 00:02:35,150 On a Windows platform, we'd go ahead and run the command 65 00:02:35,150 --> 00:02:36,392 ipconfig/all. 66 00:02:36,392 --> 00:02:38,600 So if you go to the interface you're concerned about, 67 00:02:38,600 --> 00:02:40,250 you can look at the details for that. 68 00:02:40,250 --> 00:02:41,625 And then just below that, here we 69 00:02:41,625 --> 00:02:44,810 have the physical address, which is that bad boy right there. 70 00:02:44,810 --> 00:02:48,020 And once again, is represented by 12 hexadecimal characters 71 00:02:48,020 --> 00:02:51,860 representing a 48-bit unique MAC address. 72 00:02:51,860 --> 00:02:54,500 And even if we're not on a wired Ethernet network, 73 00:02:54,500 --> 00:02:56,990 we still use the concept of a layer 2 74 00:02:56,990 --> 00:02:59,210 address when working with Wi-Fi. 75 00:02:59,210 --> 00:03:00,800 So even on a mobile device, it's going 76 00:03:00,800 --> 00:03:03,980 to show us a Wi-Fi address, which once again is 77 00:03:03,980 --> 00:03:05,689 12 hexadecimal characters. 78 00:03:05,689 --> 00:03:07,355 They've thrown in some colons there just 79 00:03:07,355 --> 00:03:08,940 to make it easier to read. 80 00:03:08,940 --> 00:03:12,620 And that represents a 48-bit layer 2 address. 81 00:03:12,620 --> 00:03:14,340 And if we're on a network device-- 82 00:03:14,340 --> 00:03:15,866 maybe a router or a switch-- 83 00:03:15,866 --> 00:03:17,490 we'd use the appropriate command there. 84 00:03:17,490 --> 00:03:19,700 So the commands may vary a little bit between Juniper 85 00:03:19,700 --> 00:03:20,965 and HP and Cisco. 86 00:03:20,965 --> 00:03:22,340 So here on this Cisco device, I'm 87 00:03:22,340 --> 00:03:25,070 going to issue the command show interfaces fast 88 00:03:25,070 --> 00:03:28,190 ethernet 1/1, which will show us a lot of details regarding 89 00:03:28,190 --> 00:03:30,350 that interface, fast ethernet 1/1, 90 00:03:30,350 --> 00:03:31,760 including the layer 2 address. 91 00:03:31,760 --> 00:03:33,057 So we'll press Enter. 92 00:03:33,057 --> 00:03:34,640 So here, among a lot of other details, 93 00:03:34,640 --> 00:03:38,810 it's showing us the address is this bad boy right there. 94 00:03:38,810 --> 00:03:40,550 And so in this output, Cisco is giving us 95 00:03:40,550 --> 00:03:42,420 four characters and a period. 96 00:03:42,420 --> 00:03:44,690 So whether a vendor is using colons or periods 97 00:03:44,690 --> 00:03:47,090 to separate the numbers, they're doing so just 98 00:03:47,090 --> 00:03:48,825 to make it a little bit easier to read. 99 00:03:48,825 --> 00:03:51,200 And then one last thing that I thought would be fun to do 100 00:03:51,200 --> 00:03:54,860 is let's take a look at a packet capture in Wireshark 101 00:03:54,860 --> 00:03:57,020 to take a look at the layer 2 information 102 00:03:57,020 --> 00:03:59,120 and take a look at some ethernet frames that 103 00:03:59,120 --> 00:04:02,270 are including both the source and destination layer 2 104 00:04:02,270 --> 00:04:03,890 addresses in those frames. 105 00:04:03,890 --> 00:04:05,540 So we'll just pick this top one here. 106 00:04:05,540 --> 00:04:08,102 And here in the Layer 2 Information, if we expand that, 107 00:04:08,102 --> 00:04:10,060 that's showing us regarding this ping request-- 108 00:04:10,060 --> 00:04:12,080 I'm cheating a little bit by just seeing this 109 00:04:12,080 --> 00:04:13,580 is a ping request right here-- 110 00:04:13,580 --> 00:04:15,890 the layer 2 destination address in that layer 2 111 00:04:15,890 --> 00:04:18,620 header, this frame, is this guy right there. 112 00:04:18,620 --> 00:04:20,240 And the source address, the individual 113 00:04:20,240 --> 00:04:22,790 that's sourcing this frame on this network, 114 00:04:22,790 --> 00:04:26,035 has this layer 2 address, this MAC address right here. 115 00:04:26,035 --> 00:04:28,160 And one of the big benefits of including the source 116 00:04:28,160 --> 00:04:30,650 and destination layer 2 addresses inside of frames 117 00:04:30,650 --> 00:04:32,450 is that a network device-- 118 00:04:32,450 --> 00:04:34,370 for example, a layer 2 switch-- 119 00:04:34,370 --> 00:04:37,610 can now look at those addresses and make intelligent forwarding 120 00:04:37,610 --> 00:04:39,830 decisions on the local network based on where 121 00:04:39,830 --> 00:04:41,690 that frame needs to go. 122 00:04:41,690 --> 00:04:43,130 In this Nugget, we've taken a look 123 00:04:43,130 --> 00:04:45,140 at layer 2 Ethernet addresses. 124 00:04:45,140 --> 00:04:47,390 I hope this has been informative for you, 125 00:04:47,390 --> 00:04:50,478 and I'd like to thank you for viewing. 126 00:04:50,478 --> 00:04:50,978