Networking fundamentals question

benjamin2000 · September 15, 2022, 9:42am

Hi all,

Sorry for the lengthy post, I want to clearly describe the problem I’m having.

At the moment I am doing the “Intro to Network Analysis” module while also doing some heavy Googling trying to understand network fundamentals. There is one concept I’m having trouble understanding and thought I could get an answer here.

The problem basically is the following: I have trouble understanding how layer 2 of the OSI model works.

From my understanding, layer 2 concerns itself with communications between hosts on the same LAN. Hosts can be addressed using their unique MAC-address. Communications happen through ethernet frames.

I’m having trouble understanding how these ethernet frames are “routed”.

Say we have 3 hosts on the same LAN:
Host A: 192.168.1.2 (MAC AA:AA:AA:AA:AA:00)
Host B: 192.168.1.3 (MAC AA:AA:AA:AA:AA:01)
Host C: 192.168.1.4 (MAC AA:AA:AA:AA:AA:02)

If Host A sends a packet to host B, Host A constructs an ethernet frame with destination address AA:AA:AA:AA:AA:01.

In Academy, the following is stated:

To capture network traffic from "off the wire," it uses the libraries pcap and libpcap, paired with an 
interface in promiscuous mode to listen for data. This allows the program to see and capture packets 
sourcing from or destined for any device in the local area network, not just the packets destined for us.

The question I have is: How does the ethernet frame actually get delivered to host B? The academy quote above insinuates that somehow, the ethernet frame gets delivered to all hosts on the local network (meaning that host C could snoop on the traffic between host A and B).

I thought that the routing of these frames was done through a switch, meaning that traffic not intended for our PC/MAC address will not ever reach our PC.

Maybe the quote was talking about a wireless LAN? Would it be possible to capture all layer 2 traffic on a wireless LAN, since no switch is involved? If so, does that mean that a switched LAN is inherently safer than a wireless LAN?

Sorry for the long post, I hope someone here is able to clear things up a bit.

ST_oma · September 16, 2022, 8:27pm

I think you miss some basic knowledge. I also took the module and for me it was a refreshments that clarified some stuff but most Academy modules are (just my opinion) not the best if you are completly new to the subject matter nor do they explain everything. A lot is left to yourself to find out.

I think it’s good to know that a packet gets build from the ground up (layer 1 to 7) and then gets deconstructed from layer 7 to 1. This happen always and has nothing to do wether how they will travel. So layer 2 has nothing to do wether a package will be routed within a LAN or WLAN.

If you are new to the subject there are some good exams/studies (comptia) that give you a bit more basic from the ground up guidance. Also I recommend books because (if you do some research) there is usually more educational value in them in that there is put a lot of work and effort in them (and that’s often not the case with youtube content and blogs although there are some very good ones out there). Do some study and return to the module and you will see that it makes a lot more sense.

There is no shortcuts, just study outside the module and return and see you progressed. Good luck!