Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,000 --> 00:00:08,000
So what happens if A now wants to ping a remote device in a separate subnet?
2
00:00:08,000 --> 00:00:11,000
So now for example, A with IP address 10.1.1.1
3
00:00:11,000 --> 00:00:17,000
Wants to ping device B with IP address 10.1.2.1
4
00:00:17,000 --> 00:00:21,000
In these examples I�m discussing ICMP or ping traffic
5
00:00:21,000 --> 00:00:23,000
but something similar would happen
6
00:00:23,000 --> 00:00:27,000
if you were sending HTTP, FTP or other traffic.
7
00:00:27,000 --> 00:00:33,000
what�s important to note here is that these devices are in separate subnets
8
00:00:33,000 --> 00:00:36,000
we are using a /24 mask in this topology.
9
00:00:36,000 --> 00:00:41,000
So host A is not in the same subnet as host B.
10
10
00:00:41,000 --> 00:00:44,000
now the first thing the PC will do is to check whether the IP address
11
11
00:00:44,000 --> 00:00:49,000
it's trying to communicate with is in a separate subnet
12
12
00:00:49,000 --> 00:00:52,000
or in the same subnet as itself.
13
13
00:00:52,000 --> 00:00:57,000
It does this by doing a logical end using the network mask.
14
14
00:00:57,000 --> 00:01:00,000
So in this case we�ve got /24 mask
15
15
00:01:00,000 --> 00:01:04,000
the IP address of PC A is 10.1.1.1
16
16
00:01:04,000 --> 00:01:09,000
and it�s trying to ping an IP address 10.1.2.1/24
17
17
00:01:09,000 --> 00:01:15,000
in dotted decimal notation looks like this 255.255.255.0
18
18
00:01:15,000 --> 00:01:19,000
Which means the network portion is the first 3 octets of the address.
19
19
00:01:19,000 --> 00:01:24,000
So the local PC 10.1.1.1 compares the network portion with the device that
20
20
00:01:24,000 --> 00:01:28,000
it's trying to communicate with to check if the device is local or remote.
21
21
00:01:28,000 --> 00:01:32,000
In this case the network portion of the address is different.
22
22
00:01:32,000 --> 00:01:38,000
So the local PC knows that the remote device is in a different subnet
23
23
00:01:38,000 --> 00:01:43,000
to itself and it will therefore send the traffic to its default gateway
24
24
00:01:43,000 --> 00:01:47,000
to get to the remote subnet on which the device resides.
25
25
00:01:47,000 --> 00:01:50,000
Now in this example we are assuming that device A
26
26
00:01:50,000 --> 00:01:52,000
has a default gateway configured.
27
27
00:01:52,000 --> 00:01:57,000
So device A has been configured with the default gateway of the router
28
28
00:01:57,000 --> 00:02:03,000
10.1.1.100 so the PC will firstly check if it has the router's MAC address
29
29
00:02:03,000 --> 00:02:05,000
in its local ARP cache
30
30
00:02:05,000 --> 00:02:08,000
It does this because its need to send the traffic
31
31
00:02:08,000 --> 00:02:11,000
to the router to get to the remote device.
32
32
00:02:11,000 --> 00:02:14,000
And because this is an Ethernet segment a layer 2
33
33
00:02:14,000 --> 00:02:16,000
Mac address is required for communication.
34
34
00:02:16,000 --> 00:02:20,000
Ethernet once again requires that MAC address is be use at
35
35
00:02:20,000 --> 00:02:23,000
layer 2 for transmission across an Ethernet network.
36
36
00:02:23,000 --> 00:02:27,000
So at layer 2 a Mac address is required by the PC
37
37
00:02:27,000 --> 00:02:32,000
the PC would have been configured with the default gateway of 10.1.1.100
38
38
00:02:32,000 --> 00:02:35,000
which is an IP address at layer 3
39
39
00:02:35,000 --> 00:02:38,000
but the MAC address of the default gateway wouldn�t have been
40
40
00:02:38,000 --> 00:02:41,000
configured on the PC, so there�s no entry on the local PC
41
41
00:02:41,000 --> 00:02:43,000
for the MAC address of its default gateway
42
42
00:02:43,000 --> 00:02:47,000
and thus it will need to send out a broadcast unto the segment
43
43
00:02:47,000 --> 00:02:52,000
asking who has IP address 10.1.1.100 in other words
44
44
00:02:52,000 --> 00:02:55,000
this is an ARP request looking for the MAC address
45
45
00:02:55,000 --> 00:02:59,000
associated with the IP address of the default gateway.
46
46
00:02:59,000 --> 00:03:04,000
When the broadcast is received by the hub, it will flood it out of all ports
47
47
00:03:04,000 --> 00:03:06,000
except the ports on which they arrived
48
48
00:03:06,000 --> 00:03:09,000
PC C will receive the broadcast at layer 2
49
49
00:03:09,000 --> 00:03:12,000
but when reading the layer 3 information it will see that
50
50
00:03:12,000 --> 00:03:18,000
this is an ARP for 10.1.1.100 which is not its IP address.
51
51
00:03:18,000 --> 00:03:22,000
So PC C will therefore drop the ARP request.
52
52
00:03:22,000 --> 00:03:25,000
The router however will process the ARP request.
53
53
00:03:25,000 --> 00:03:28,000
Firstly it will receive the traffic at layer 2
54
54
00:03:28,000 --> 00:03:33,000
because this is a broadcast and when it reads the layer 3 information
55
55
00:03:33,000 --> 00:03:37,000
it will see that this is an ARP request for its IP address.
56
56
00:03:37,000 --> 00:03:44,000
So the router will reply with an ARP reply to PC A ARP request.
57
57
00:03:44,000 --> 00:03:49,000
The ARP reply is a unicast address so source MAC address is G
58
58
00:03:49,000 --> 00:03:53,000
the router's MAC address, destination MAC address is A
59
59
00:03:53,000 --> 00:03:55,000
source IP address is the router's IP address
60
60
00:03:55,000 --> 00:03:59,000
destination IP address is A IP address.
61
61
00:03:59,000 --> 00:04:02,000
The hub will once again flood the traffic out of all ports
62
62
00:04:02,000 --> 00:04:05,000
except the port on which it arrived.
63
63
00:04:05,000 --> 00:04:08,000
C will drop the frame because it's not destined to itself.
64
64
00:04:08,000 --> 00:04:11,000
Notice in the frame the destination MAC address is A
65
65
00:04:11,000 --> 00:04:14,000
but the PCs MAC address is C, so it will drop the frame.
66
66
00:04:14,000 --> 00:04:18,000
And what�s important to note is that it�s the Network Interface Card
67
67
00:04:18,000 --> 00:04:23,000
that drops the frame and not the central CPU of the PC.
68
68
00:04:23,000 --> 00:04:28,000
A will receive the frame and upon a receipt will process the frame
69
69
00:04:28,000 --> 00:04:30,000
because the destination MAC address is itself.
70
70
00:04:30,000 --> 00:04:35,000
So at layer 2 the frame is accepted by the NIC or Network Interface Card .
71
71
00:04:35,000 --> 00:04:35,000
The layer 2 information is strip and forward it to high layer protocols.
72
72
00:04:35,000 --> 00:04:44,000
Because this is an ARP reply its process by high layer protocols
73
73
00:04:44,000 --> 00:04:51,000
and the ARP cache is updated with the MAC address of the router, so PC A
74
74
00:04:51,000 --> 00:04:57,000
now has a mapping saying that IP address 10.1.1.100 uses MAC address G
75
75
00:04:57,000 --> 00:05:02,000
so this is the important, PC A knows that the IP address
76
76
00:05:02,000 --> 00:05:05,000
10.1.1.100 is associated with MAC address G.
77
77
00:05:05,000 --> 00:05:13,000
So the PC can send traffic to the network destined for the remote PC 10.1.2.1
78
78
00:05:13,000 --> 00:05:18,000
with the source IP address set to 10.1.1.1 itself
79
79
00:05:18,000 --> 00:05:22,000
but notice please that the source MAC address is the local PC
80
80
00:05:22,000 --> 00:05:25,000
and the destination MAC address is the router.
81
81
00:05:25,000 --> 00:05:31,000
The layer 2 frame goes to the router and hence the layer 2
82
82
00:05:31,000 --> 00:05:35,000
information contains the local segment MAC addresses.
83
83
00:05:35,000 --> 00:05:39,000
Source MAC address the PC, destination MAC address the router.
84
84
00:05:39,000 --> 00:05:44,000
The layer 3 information contains the destination IP address
85
85
00:05:44,000 --> 00:05:48,000
of the remote host and the local PCs IP address.
86
86
00:05:48,000 --> 00:05:54,000
The hub will flood the frame to both c and G, C will drop the frame
87
87
00:05:54,000 --> 00:05:57,000
because the destination MAC address is not itself
88
88
00:05:57,000 --> 00:06:00,000
the router will receive the frame at layer 2
89
89
00:06:00,000 --> 00:06:03,000
because its destined to its MAC address of G.
90
90
00:06:03,000 --> 00:06:07,000
It will then strip the layer 2 information
91
91
00:06:07,000 --> 00:06:10,000
and read the layer 3 information in the packet.
92
92
00:06:10,000 --> 00:06:13,000
So now let�s look at a practical example
93
93
00:06:13,000 --> 00:06:18,000
I�m going to capture traffic in Wireshark, so I'll start the capture
94
94
00:06:18,000 --> 00:06:24,000
I�m gonna clear my ARP cache, so arp-a shows that no entries
95
95
00:06:24,000 --> 00:06:29,000
are in the ARP cache at the moment and then I�m gonna ping hp.com
96
96
00:06:29,000 --> 00:06:34,000
notice the DNS resolution has taking place, ICMP message has timing out
97
97
00:06:34,000 --> 00:06:38,000
because a firewall is blocking the ICMP messages to that server.
98
98
00:06:38,000 --> 00:06:43,000
So here�s another example, lets ping Google com.
99
99
00:06:43,000 --> 00:06:48,000
Notice pings are succeeding, so I�ll stop the capture.
100
100
00:06:48,000 --> 00:06:52,000
HP was using an IP address in the 15 range.
101
101
00:06:52,000 --> 00:06:55,000
So let�s have a look for that ICMP traffic
102
102
00:06:55,000 --> 00:06:58,000
so notice there�s an ICMP message to hp.com
103
103
00:06:58,000 --> 00:07:01,000
and you can see that because the address is 15.
104
104
00:07:01,000 --> 00:07:05,000
And HP own the 15 IP address range.
105
105
00:07:05,000 --> 00:07:10,000
We didn�t get a reply from the server but the echo request was sent.
106
106
00:07:10,000 --> 00:07:14,000
What I�d like you to see please is that at layer 2
107
107
00:07:14,000 --> 00:07:16,000
the source MAC address is my local pc
108
108
00:07:16,000 --> 00:07:20,000
but the destination MAC address is my local router.
109
109
00:07:20,000 --> 00:07:26,000
Notice I can see that this is a Cisco device because the MAC address
110
110
00:07:26,000 --> 00:07:31,000
is shown as Cisco for the OUI or vendor portion of the address.
111
111
00:07:31,000 --> 00:07:34,000
We can see that by typing arp-a
112
112
00:07:34,000 --> 00:07:38,000
notice this MAC address is the MAC address associated with IP address
113
113
00:07:38,000 --> 00:07:43,000
10.0.0.254 IP config shows us that
114
114
00:07:43,000 --> 00:07:46,000
that is the IP address of the default gateway.
115
115
00:07:46,000 --> 00:07:50,000
So the traffic is going from my local PC to hp.com
116
116
00:07:50,000 --> 00:07:53,000
but it�s being routed by my local router.
117
117
00:07:53,000 --> 00:07:56,000
At layer 3 we have the local PC's IP address
118
118
00:07:56,000 --> 00:08:00,000
the destination IP address is hp but at layer 2
119
119
00:08:00,000 --> 00:08:03,000
the source MAC address is my PC
120
120
00:08:03,000 --> 00:08:06,000
and the destination MAC address is the local router.
121
121
00:08:06,000 --> 00:08:13,000
And once again sending the traffic to my local default gateway at layer 2.
122
122
00:08:13,000 --> 00:08:18,000
I can filter the Wireshark capture to show only ICMP traffic again.
123
123
00:08:18,000 --> 00:08:23,000
Here�s traffic going to Google so source IP address is my local machine
124
124
00:08:23,000 --> 00:08:27,000
destination IP address is Google but notice at layer 2
125
125
00:08:27,000 --> 00:08:30,000
the source MAC address is my local PC
126
126
00:08:30,000 --> 00:08:35,000
and the destination MAC address is once again the local router.
12245
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.