Trying to understand every detail involved in creating an embedded product that communicates via Internet protocols can be a daunting task. These protocols were created for systems that generally have much more CPU power and memory than the average embedded design. So as an embedded engineer, it's very important that you know as much about TCP/IP as possible. Only then will you understand how to intelligently scale down these protocols to work in an embedded design.
This article provides the introductory steps necessary for integrating TCP/IP into a product. Creating the simple version of a Network Packet Sniffer de-scribed here will expose the Ethernet frame in detail and enable the investigation of data traffic on a local-area network (LAN).
Implementing embedded Ethernet requires a fundamental understanding of how to use an off-the-shelf Ethernet controller as an Internet-ready communication port in a design. Learning the general topology of a Packet Sniffer is the first step.
What's An Embedded Ethernet Sniffer? The word Sniffer is really shorthand for Packet Sniffer, a common networking term. A Packet Sniffer is a network-monitoring tool that captures data packets and decodes them into a desirable form for a user. Generally, they're employed to debug and monitor network problems.
An Embedded Sniffer occupies a spot in a LAN much as a normal computer would (Fig. 1). It simply displays a snapshot of the data traffic at a given moment. An Embedded Ethernet Sniffer is a passive device that never transmits data onto a LAN. It's configured to trap and capture data, based on a few parameters provided by a user.
The three parameters of interest are Ethernet addresses, IP addresses, and TCP port numbers. We'll begin by examining the fundamental concepts and building blocks for an Ethernet Sniffer used to monitor and capture TCP/IP frames.
Reviewing The TCP/IP Stack: When creating an embedded Ethernet application, a historical perspective of the Ethernet frame and knowledge of its modern-day implementation helps one to appreciate the peculiarities of the frame's composition. Just like every other form of communication, networking has its own protocols. TCP/IP, often referred to as the Internet Architecture, is a loose interpretation of the strictly layered architecture called the Open System Interconnection Model, otherwise known as the OSI Model. Seven layers compose this architecture.
The Upper layers—independent layers—prepare and present data to the user:
- Application: Interface to the end user.
- Presentation: Converts application data to a common format.
- Session: Organizes and routes data to/from application processes.
The Lower layers route, package, and verify data, regardless of the data:
- Transport: Establishes and maintains intercomputer communication.
- Network: Provides the physical routing between computers.
- Data Link: Corrects transmission errors.
- Physical: The wiring.
On the other hand, the TCP/IP Model (Stack) has only four layers:
- Application Layer: FTP, SMTP, Telnet, etc.
- Transport Layer: TCP, UDP, etc.
- Network Layer: IP, ICMP, etc.
- Link Layer: Ethernet, etc.
For this article, the layers of interest, in order of their importance, are the Link, Network, and Transport layers. Focus on the Link layer will concentrate on where the device driver lies. The Network layer will be examined only as it pertains to IP, and the Transport layer just as it relates to TCP. The Application layer won't be discussed.
The Link Layer—Ethernet Isn't Always Ethernet: In the early 1980s, a networking standard called Ethernet was created after approximately a decade of development. This technology uses Carrier-Sense Multiple Access with Collision Detection, or CSMA/CD. The three-part definition of CSMA/CD essentially defines the Ethernet concept. Consider a LAN configuration with multiple computers:
- Carrier Sense means that before a computer transmits data onto a network, it must monitor (sense) that network for data traffic. If the network is busy with other communication, the data transmission has to be suspended until the network is clear.
- Multiple Access refers to multiple computers that can communicate freely on a network.
- Collision Detection resolves erroneous simultaneous transmissions by two or more computers at the same time. Each computer introduces a random time before retransmission.
A short time after the introduction of the Ethernet standard, the IEEE created a committee called Project 802 to develop standards for the office network. Subsequent subcommittees under Project 802 were formed to handle different types of networks. For example, subcommittee IEEE 802.3 covered CSMA/CD networks, IEEE 802.4 covered token bus networks, and IEEE 802.5 covered token ring networks.
The IEEE 802.3 standard was defined to also support the original Ethernet standard. This ensures that equipment based on the two standards may operate on the same LAN. An Ethernet frame can be identified by the Length/Type field.
If the value of the Length/Type field is equal to or greater than 1536 decimal, this value indicates the Type of the MAC Client protocol relevant only to Ethernet frames (Fig. 2). Otherwise, this field is used to indicate the Length, which is the number of bytes in the subsequent MAC Client Data field of an IEEE 802.3 frame. Examples of common Type fields include:
- 0800h—IP (Internet Protocol), used exclusively here.
- 0806h—ARP (Address Resolution Protocol).
- 0835h—RARP (Reverse Address Resolution Protocol).
Note that ARP and RARP aren't discussed in this article. See the reference section at the end for further information.
Ethernet Payload: For the purpose of the Sniffer here, we'll focus on the Ethernet frame and IP packets containing TCP data. In a hierarchical fashion, an Ethernet frame encapsulates the data for the upper layers (Fig. 3). The Ethernet data, or payload, is an IP frame with its own header and trailer information, and its own data portion or IP payload. The IP payload is a TCP frame.
By now, you should have a good understanding of what Ethernet and IEEE 802.3 look like. Ethernet, contained neatly within the TCP/IP Link layer, is the shell/carrier of all data going to and coming from your computer on a LAN.