Ethernet at the Data-Link Layer


At the data link layer, Ethernet specifies what the data should look like, including the header and trailer. The protocol is defined by IEEE 802.3 and divides the data link layer into two sublayers: the Logical Link Control (LLC) sublayer and the Media Access Control (MAC) sublayer.

The MAC Sublayer

802.3 specifies a sublayer within Ethernet called the Ethernet Media Access Control sublayer. This acts as an interface between the physical layer and the higher-level services of a network interface.

Ethernet Frame vs Ethernet Packet

Technically 802.3 defines both a Media Access Control (MAC) frame and a MAC packet.

An Ethernet MAC frame includes a destination address, source address, length/type, payload plus padding and finally a frame check sequence (FCS).

An Ethernet MAC Packet encapsulates the MAC frame, adding a preamble and a 'start of frame' delimiter.

Most texts (and engineers) will use ‘frame’ or ‘Ethernet frame’ to refer to the complete ‘Ethernet Packet’ from the preamble to the FCS. When people refer to a packet, they will almost always be referring to an IP packet at the internet layer.

The most common form of an Ethernet PDU is summarised below.

Ethernet Shared Media compared to Point to Point links

Historically, LANs could use 'shared media' which meant that layer 2 devices called hubs were used to connect devices on the network. Hubs simply repeated the signals received on one port out of all the other ports which meant that the total bandwidth was shared across the whole network. This means that if different devices transmit data at the same time, the electrical signals may 'collide'.

Modern networks use switches at layer two. Switches are more advanced than hubs and treat each port as a separate, point to point link. This means that bandwidth is no longer shared across the whole LAN. Therefore the switch acts as a boundary to prevent collisions from happening across the network.

Ethernet Fields

Ethernet Header


Length: 7 bytes (56 bits)

The Ethernet Preamble is a series of alternating ‘1s’ and ‘0s’ which enables a receiver to synchronise with the transmitter.

Start of Frame Delimiter

Length: 1 byte (8 bits)

The start of frame delimiter indicates to the receiver the end of the preamble and therefore the beginning of the other Ethernet header content.

Destination Address

The MAC address of the intended recipient, or recipients of the frame.

Source Address

The MAC address of the sender.

Type / Length

In modern networks, this field is used for the EtherType which indicates what type of data is encapsulated. For example, a value of 0x0800 would mean that the frame encapsulates IP data. The IEEE maintains the official registry of available EtherTypes.

Ethernet Payload / Layer 3 Data / Client Data


Data from a higher layer which is being encapsulated. This is most often an IPv4 or IPv6 packet. To fit in a typical frame, the maximum length of the packet is 1500 bytes. Therefore, we say that the layer 3 Maximum Transmission Unit (MTU) is 1500 bytes for Ethernet.


Because the minimum length of a payload is 46 bytes, if the payload is less than that then padding is added.

Ethernet Trailer

Frame Check Sequence (FCS)

The Ethernet FCS is a cyclic redundancy check which allows the recipient to check whether the data has been corrupted.

Ethernet Addresses

Ethernet frames include a source and a destination Media Access Control (MAC) address. Generally, each interface on a network will have a MAC address – whether it’s a port on a switch, a network interface card (NIC) in a computer or a WiFi chip in a phone. There are also special addresses for sending frames to multiple recipients.

All MAC addresses are 48 bits (6 bytes) long and are typically represented using hexadecimal (hex) notation. If the first bit of the destination address is 0, the address is a unicast address which means that it is intended for a single recipient. If the first bit is 1 then the address indicates a group address.

Unicast MAC Addresses

Messages being sent to a single device use a unicast or individual address. It is important that each device on a network has a unique Ethernet address so that frames get sent to the correct device. To ensure this, all ethernet hardware is assigned a globally unique MAC address for each interface by the manufacturer.

Consequently, MAC addresses are also called burned-in addresses (BIA).

Some operating systems, or software make it possible to alter the MAC address of a given interface. This can be done for privacy reasons, network requirements (for example, networking with virtual machines) or for more nefarious purposes.

Unicast addresses are formed of two equal parts: an Organizationally Unique Identifier for the manufacturer and an interface specific identifier.

Organizationally Unique Identifier (OUI)

Length: 24 bits (3 bytes)

Every vendor of Ethernet equipment should have their own unique OUI which has been assigned by the IEEE.

Vendor Assigned, Interface Specific Identifier

Length: 24 bits (3 bytes)

The vendor is responsible for assigning the last 24 bits which should an identifier unique to that manufacturer so that no two devices have the same address.

Group Addresses

Other MAC addresses may be associated with none or more devices on a network.

Multicast MAC Addresses

Multicast addresses may be used to send messages to a specific group of devices on a network. The details of operation must be configured at a higher layer. For example, the Cisco Discovery Protocol (CDP) uses multicast addresses.

Broadcast Addresses

The broadcast address is used to send a frame to all devices on the local area network. The broadcast address has all bits set to ‘1’ which is FF:FF:FF:FF:FF:FF in hex.


Test your knowledge with these questions.

MAC stands for Media Access Control.

Organizationally Unique Identifier

1500 bytes

Confirmation for the sender that data has reached the recipient.


Learn more about this topic by checking out these references.

Other Lessons

Learn more by checking out these related lessons

Same layer and adjacent layer interactions



WAN Technologies - HDLC, PPP, Frame Relay and Ethernet



What do network switches do?




This lesson is part of the following courses.

Computer Networking Foundations