[CALUG] ethernet network analyser
Walt Smith
waltechmail at yahoo.com
Tue Nov 15 12:32:54 EST 2011
FYI:
I couldn't find an ethernet spec except at ieee
where they want money. The next closest thing was to look up
a spec for an ethernet chip.
I looked briefly at 2 chips.
The chip grabs stuff from the physical wires.
But it may need a voltage interface chip first.
At this level, I ( and a few others) were interested in the actual
physical layer signal. The chip will produce a raw ethernet
frame which is then FIFO'd into memory ( probably a hardware
hidden DMA after initialization?). The raw physical signal is
not available to software.
And it sorta makes sense: there need to be extra bits
on the physical wire for the chip to lock onto in order to
grab an "ethernet frame" which looks like a frame.
But the idea/request was to see it with a scope.
So if the scope is on the physical ethernet wire, the real bits can
be seen, including noise and bad bits, and sync stuff necessary for
the nic chip itself to "work". One could connect the scope
between the buffer/translator chip and the nic chip, but theres
no advantage.
Looks like ethernet cable voltages are (O) of +/- 2.5 volts, and the
cable is 100 ohms with terminations of 50 - 100 ohms ( in
general). The actual specs take a few more "pages" depending
on the various ethernet and cable types.
Walt.........
Message: 3
Date: Mon, 14 Nov 2011 15:43:37 -0500
From: James Ewing Cottrell 3rd <JECottrell3 at Comcast.NET>
Subject: Re: [CALUG] ethernet network analyser
To: calug at unknownlamer.org
Message-ID: <4EC17D79.6040708 at Comcast.NET>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
A good book on the subject is Practical Packet Analysis...available in
a Library Near You.
The book tells you what you need to know...from the physical (you need a
hub or a promiscuous switch), how to use tcpdump and wireshark either
together or separately, and cooks up some scenarios and shows how to use
wireshark to analyze them. Thorough, but Easy to Read.
http://www.amazon.com/Practical-Packet-Analysis-Wireshark-Real-World/dp/1593271492
JIM
P.S. There is also a Curses based tool called iptraf, which is useful in
certain cases
There's a shortage of technical workers for jobs that don't exist yet.
More information about the CALUG
mailing list