fiber, cable, wire-4814456.jpg

Network+ Preparation Series: Network Traffic Concepts

Certain characteristics may be used to identify network traffic. What occurs before the communication is sent, and who hears it, for example. Let’s take a closer look at these ideas.

Domains for Broadcasting

A broadcast domain is a collection of devices that can hear each other’s broadcast communications. ARP (Address Resolution Protocol) queries, which attempt to map a known IP address to a device’s unknown MAC address, are always broadcast and heard by all devices on the network. Broadcasts are forwarded out of all interfaces save the one where the message originated. Routers, on the other hand, break up a broadcast domain since they never relay broadcasts to other networks from other interfaces.

A broadcast domain is similar to what occurs when I teach a class in one room while another professor teaches in another. My broadcast, which is a lecture to the whole class, does not leave the room via the door, which is the default exit. The lecture of the other professor does not leave his room and enter mine. My students only hear my broadcast and lecture, whereas the students of the other professor only hear that professor’s lecture.

What is CSMA/CD?

Carrier sense multiple access with collision detection (CSMA/CD) was used in older Ethernet networks that utilised half-duplex communications, where a node could only send or receive at one time (not concurrently), to decide which computer should use the shared media at any given time.

Each computer on the network checks the cable before transmitting a data frame, which is known as carrier sense. When another computer connects to the network, the node detects traffic and waits for the cable to become available. If no traffic is detected, the node transmits its data frame.

Before transmitting a data frame, a node on an Ethernet network waits for other traffic.

If the line is free, an Ethernet node does not need permission to utilise it; it just does so. It makes no difference what function the node performs from the standpoint of Ethernet. A Windows client, Windows server, Linux machine, or Mac may be the node. All nodes in Ethernet are created equal. But what happens if two computers listen to the cable and decide that it is free at the same time? They’re both attempting to transmit.

What are domains of Collision?

A collision happens when two nodes utilise the cable at the same time, and both transmissions are lost. Two nodes broadcasting at the same time are similar to two individuals conversing at the same time: the listener hears a mix of the two voices and is unable to comprehend either.

When two nodes collide, both nodes listen to their own broadcasts to detect the collision. They can tell whether another node has broadcast at the same moment by comparing their own transmissions to the signal they receive. If a collision is detected, both nodes stop transmitting and wait for a brief, random amount of time before retrying.

As a result, a collision domain represents all devices whose messages may collide with messages from other devices. When hubs were utilised decades ago, and even when switches employed half-duplex communications, this was the norm.

Ethernet NICs (network interface cards) are very inexpensive because CSMA/CD is simple to implement in hardware. This ease comes at a cost: an Ethernet node will spend some time dealing with collisions rather than transmitting data. The number of collisions on the network will grow as the nodes produce more frames when you add more devices to the network and/or increase the quantity of traffic—for example, by putting new, data-intensive apps on the network. Because of these collisions, every Ethernet network wastes part of its available capacity.

Half-duplex communication has been superseded with full-duplex communication, which allows devices to send and receive data at the same time. Around the year 2000, full-duplex became the standard. When a NIC and the switch port to which it is attached are set to full-duplex communication, CSMA/CD is deactivated, and there is no longer any listening before sending. The device can now transmit to the switch port at the same time that the switch port can send to the device. Collisions are almost non-existent!

In contrast to Ethernet, CSMA/CA Wi-Fi networks are based on the IEEE 802.11 specifications and have certain unique challenges to solve in order to communicate effectively. For two reasons, CSMA/CD will not work for wireless networking. For starters, a wireless device cannot transmit and receive at the same time, which is how half-duplex Ethernet networks identify collisions Second, owing to signal intensity, wireless clients may be unaware of the presence of another client. The issue is known as the concealed node problem. A wireless access point (WAP) may be in range of two devices, but they cannot be in range of each other. As a result, these devices have no way of knowing when the other is talking, and they may both transmit traffic to the access point at the same time, causing a collision.

With these two factors in mind, wireless networks need a new method of preventing accidents. Instead of CSMA/CD, Wi-Fi networks utilise carrier sense multiple access with collision avoidance (CSMA/CA). As the name suggests, the CSMA/CA access technique, like CSMA/CD, takes proactive efforts to prevent collisions.

Collision avoidance is defined by CSMA/CA in two ways. First, if a wireless network node senses that the network is congested, it waits a short backoff time before attempting to connect to it again. So far, this is identical to CSMA/CD. Receiving nodes, on the other hand, are required by CSMA/CA to provide an acknowledgement for each frame they process. If the transmitting node does not get an ACK, it thinks there has been a collision and retransmits the same data frame until it receives confirmation that it has arrived at its destination. Nodes may also transmit a request-to-send (RTS) message to the access point, which is followed by a clear-to-send (CTS) message that is received by all nodes within range of the access point, even those that were not in range for the request-to-send message.

Data Units for Protocols

At each layer of an OSI model, a protocol data unit (PDU) represents a particular collection of data.

The PDU is merely data, also known as payload, at OSI Layers 7, 6, and 5. The PDU is either a segment or a datagram at Layer 4. The PDU is a packet at Layer 3. The PDU is a frame at Layer 2. Finally, the PDU is just a collection of bits and bytes, all those ones and zeros, at Layer 1. PDU for OSI Layer Information about the application (payload) Data for the Presentation (payload) Data from the Session (payload) TCP (Transport Control Protocol) or Datagram (UDP) Data Link Frame for Network Packets Physical Bits/bytes MTU

The Maximum Transmission Unit (MTU) of Ethernet is 1500 bytes, which implies that an Ethernet frame cannot include more than 1500 bytes of IP header and data. Due to the inclusion of an extra 8 bytes in the form of a PPPoE (Point-to-Point Protocol over Ethernet) header, DSL users have an MTU of 1492 while sending data to their ISP.

If a packet’s MTU is exceeded, it must be split into several packets that remain under or at the MTU. Fragmentation is the term for this phenomenon. If a connection to another router/network has an MTU that is configured to a value lower than the size of an IP packet that has to be transmitted over the link, IPv4 routers may fragment IPv4 packets 68 bytes or bigger (they must be able to forward packets smaller than 68 bytes without fragmentation). For example, if the MTU between two routers is 1000 bytes and an IP packet is 500 bytes, the first router may split a 1500-byte message into two smaller packets, one of which is 1000 bytes and the other 500 bytes. When the packets arrive at their destination, three elements in the IP header containing fragmentation information are used to reassemble them:

Recognization (2-byte value) The same value is used to connect pieces of the same packet together, acting as a label to group these fragments together.

Flags are a kind of decoration (1-bit values)

Reserved bit (always 0), Don’t Fragment (more on this later), and More Fragments make up this section (all fragments but the last will have a value of 1, indicating to the destination that more fragments are on the way).

offset of a fragment (2-byte value)

This parameter determines how the destination arranges the pieces. The initial fragment offset is 0, and each successive offset grows by the size of the preceding fragment.

According to RFC 1191, it’s better for TCP-related traffic (such as HTTP and SSL/TLS) to find the least MTU in a route first, rather than breaking up every packet bigger than the lowest MTU into several packets (fragmentation). For most TCP-related traffic, the “Don’t Fragment” flag bit will be set in the IP header. When this flag is set, IPv4 routers are instructed to reject the packet rather than fragment it and send an ICMP error message (Fragmentation Needed) back to the source with the MTU that was exceeded. The source will no longer transmit packets that are larger than that. So, in our Web server example, when the ICMP Fragmentation Needed message arrives, the Web server will transmit packets of 1000 bytes or less. Because no time is required for the routers to fragment the packets and for the destination to reassemble the packets, the total throughput will be greater and the latency will be reduced.

A broadcast is when a single device transmits a packet to a group of interested computers; a multicast is when a single device delivers a packet to a group of interested computers; and a unicast is when one device sends a message directly to another device.


Layer 2 and Layer 3 addresses (if appropriate) will always be the same type: unicast, broadcast, or multicast.

Unicast communications are transmitted from a single source to a single recipient. Every system in the broadcast domain receives a broadcast. An ARP request, which is used to discover a MAC address given a device’s IP address, is a typical example of a broadcast. FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF-FF- Because ARP occurs at Layer 2, there is no IP header. ARP responses, on the other hand, are unicast.

A DHCP Discover message, which is how a DHCP client discovers DHCP servers and begins negotiating a lease, is another example of a broadcast. The destination MAC address of DHCP Discovers is FF-FF-FF-FF-FF-FF, while the destination IP address is

Multicasts are used for streaming, gaming, and video conferencing, among other things. Instead of delivering several unicast packets to all interested listening clients, a server sends a single multicast packet.

IGMP (Internet Group Management Protocol) is a multicast group membership protocol that is directly wrapped within IPv4 packets and is used by hosts and routers on IPv4 networks. MLD (Multicast Listener Discovery), which is part of ICMPv6, is used instead in IPv6 networks.

Routers send multicast messages to networks with at least one interested client. The packet is opened by interested clients that have subscribed to that multicast group. Uninterested clients that haven’t joined the multicast group just discard the packet. Switches use IGMP snooping (for IPv4) and MLD snooping (for IPv6) to prevent disinterested clients from receiving multicast packets.

Leave a Comment

Shopping Cart