At the data link layer, Ethernet specifies what the data should look like, including the header and trailer. The protocol is defined by IEEE 802.3 and actually divides the data link layer into two sublayers: the Logical Link Control (LLC) sublayer and the Media Access Control (MAC) sublayer.

The MAC Sublayer

802.3 specifies a sublayer within Ethernet called the Ethernet Media Access Control sublayer. This acts as an interface between the physical layer and the higher-level services of a network interface.

Ethernet Frame vs Ethernet Packet

Technically 802.3 defines both a Media Access Control (MAC) frame and a MAC packet.

An Ethernet MAC frame includes a destination address, source address, length/type, payload plus padding and finally a frame check sequence (FCS).

An Ethernet MAC Packet encapsulates the MAC frame, adding a preamble and a 'start of frame' delimiter.

Most texts (and engineers) will use ‘frame’ or ‘Ethernet frame’ to refer to the complete ‘Ethernet Packet’ from the preamble to the FCS. When people refer to a packet, they will almost always be referring to an IP packet at the internet layer.

The most common form of an Ethernet PDU is summarised below.

Ethernet Fields

Ethernet Header

Preamble

Length: 7 bytes (56 bits)

The Ethernet Preamble is a series of alternating ‘1s’ and ‘0s’ which enables a receiver to synchronise with the transmitter.

Start of Frame Delimiter

Length: 1 byte (8 bits)

The start of frame delimiter indicates to the receiver the end of the preamble and therefore the beginning of the other Ethernet header content.

Destination Address

The MAC address of the intended recipient, or recipients of the frame.

Source Address

The MAC address of the sender.

Type / Length

This field is typically used to indicate the length of the client data / payload being encapsulated. For a basic Ethernet frame, the maximum length of the client data is 1500 bytes and the minimum is 46 bytes.

Ethernet Payload / Layer 3 Data / Client Data

Payload

Data from a higher layer which is being encapsulated. This is most often an IPv4 or IPv6 packet. To fit in a typical frame, the maximum length of the packet is 1500 bytes. Therefore, we say that the layer 3 Maximum Transmission Unit (MTU) is 1500 bytes for Ethernet.

Padding

Because the minimum length of a payload is 46 bytes, if the payload is less than that then padding is added.

Ethernet Trailer

Frame Check Sequence (FCS)

The Ethernet FCS is a cyclic redundancy check which allows the recipient to check whether the data has been corrupted.

Ethernet Addresses

Ethernet frames include a source and a destination Media Access Control (MAC) address. Generally, each interface on a network will have a MAC address – whether it’s a port on a switch, a network interface card (NIC) in a computer or a WiFi chip in a phone. There are also special addresses for sending frames to multiple recipients.

All MAC addresses are 48 bits (6 bytes) long and are typically represented using hexadecimal (hex) notation. If the first bit of the destination address is 0, the address is a unicast address which means that it is intended for a single recipient. If the first bit is 1 then the address indicates a group address.

Unicast MAC Addresses

Messages being sent to a single device use a unicast or individual address. It is important that each device on a network has a unique Ethernet address so that frames get sent to the correct device. To ensure this, all ethernet hardware is assigned a globally unique MAC address for each interface by the manufacturer.

Consequently, MAC addresses are also called burned in addresses (BIA).

Some operating systems, or software make it possibly to alter the MAC address of a given interface. This can be done for privacy reasons, network requirements (for example, networking with virtual machines) or for more nefarious purposes.

Unicast addresses are formed of two equal parts: an Organizationally Unique Identifier for the manufacturer and an interface specific identifier.

Organizationally Unique Identifier (OUI)

Length: 24 bits (3 bytes)

Every vendor of Ethernet equipment should have their own unique OUI which has been assigned by the IEEE.

Vendor Assigned, Interface Specific Identifier

Length: 24 bits (3 bytes)

The vendor is responsible for assigning the last 24 bits which should an identifier unique to that manufacture so that now two devices have the same address.

Group Addresses

Other MAC addresses may be associated with none or more devices on a network.

Multicast MAC Addresses

Multicast addresses may be used to send messages to a specific group of devices on a network. The details of operation must be configured at a higher layer. For example, the Cisco Discovery Protocol (CDP) uses multicast addresses.

Broadcast Addresses

The broadcast address is used to send a frame to all devices on the local area network. The broadcast address has all bits set to ‘1’ which is FF:FF:FF:FF:FF:FF in hex.

Related Courses

Understand how modern computer networks work.

Other Related Skills

Wide Area Networks may use one of several layer 2 technologies to encapsulate data as it cross a service providers network between a customer’s sites.
Learn what network switches do in a TCP/IP network and how they work.