To properly learn something, we have to start at the beginning. We will be learning one concept at a time, process it, and move to the next.

The goal is consistent learning and absorbing information while feeling engaged and not overwhelmed.

I have divided the data link layer articles in five parts.

  1. Introduction to Data link layer
  2. Error Detection and Correction in Data link layer
  3. Flow and Error Control in Data link layer
  4. Protocols used in Data link layer
  5. Switches in Data link layer

Goal of this article

I will be explaining the most common protocols used in the data link layer of the TCP/IP Five-layer network model.

You might remember from my networking basics article about hubs and switches that a collision domain is a network segment where only one device can speak at a time and I have also explained error control in the previous article.

When a network segment is a collision domain, it means that all devices on that segment receive all communication across the entire segment. This means we need a way to identify which node the transmission was meant for.

This is where something known as a media access control address or MAC address comes into play. I will first explain about MAC addresses and then we will dive into different LAN protocols.

MAC Addresses

  • Hosts and routers have data link layer addresses. It is not hosts and routers that have data link layer addresses but rather their adapters (network interfaces) that have data link layer addresses.

  • A data link layer address is variously called a LAN address, a physical address, or a MAC address.

  • The MAC address is 6 bytes long, giving 281,474,976,710,656(2^48) possible MAC addresses.

  • These 6-byte addresses are typically expressed in hexadecimal notation, with each byte of the address expressed as a pair of hexadecimal numbers.

  • A MAC address is split into two sections.

    • The first three octets of a MAC address are known as the organizationally unique identifier or OUI. These are assigned to individual hardware manufacturers by the IEEE or the Institute of Electrical and Electronics Engineers. This is a useful bit of information to keeping your back pocket because it means that you can always identify the manufacturer of a network interface purely by its MAC address.
    • The last three octets of MAC address can be assigned in any way that the manufacturer would like with the condition that they only assign each possible address once to keep all MAC addresses globally unique.

Types of MAC Address

  • Unicast – A Unicast addressed frame is only sent out to the interface leading to a specific NIC. If the LSB (least significant bit) of the first octet of an address is set to zero, the frame is meant to reach only one receiving NIC. MAC Address of source machine is always Unicast.

  • Multicast – Multicast address allow the source to send a frame to a group of devices. In the Layer-2 (Ethernet) Multicast address, LSB (least significant bit) of the first octet of an address is set to one. IEEE has allocated the address block 01-80-C2-xx-xx-xx (01-80-C2-00-00-00 to 01-80-C2-FF-FF-FF) for group addresses for use by standard protocols.

  • Broadcast – Frames with ones in all bits of the destination address FF-FF-FF-FF-FF-FF are referred to as broadcast address. Frames which are destined with MAC address FF-FF-FF-FF-FF-FF will reach every computer belong to that LAN segment.


  • Ethernet is by far the most prevalent wired LAN technology, and it is likely to remain so for the foreseeable future. One might say that Ethernet has been to local area networking what the Internet has been to global networking.

  • The reason behind its wide usability is Ethernet is easy to understand, implement, maintain, and allows low-cost network implementation.

  • In order to handle collision, the Access control mechanism used in Ethernet is CSMA/CD.

  • A data packet is an all-encompassing term that represents any single set of binary data being sent across a network link. Data packets at the Ethernet level are known as Ethernet frames.

  • An Ethernet frame is a highly structured collection of information presented in a specific order. This way network interfaces at the physical layer can convert a string of bits, traveling across a link into meaningful data or vice versa.

Ethernet Frame Structure

  • Preamble

    • A preamble is 8 bytes or 64 bits long and can itself be split into two sections.
    • The first seven bytes are a series of alternating ones and zeros. These act partially as a buffer between frames and can also be used by the network interfaces to synchronize internal clocks they use to regulate the speed at which they send data.
    • The last byte in the preamble is known as the start frame delimiter(SFD).
    • SFD signals to a receiving device that the preamble is over and that the actual frame contents will now follow.
  • Destination Address

    • This is the MAC address of the intended destination adapter.
  • Source Address

    • This field contains the MAC address of the adapter that transmits the frame onto the LAN.
  • VLAN Header

    • It's a technique that lets to have multiple logical LANs

operating on the same physical equipment. - Any frame with a VLAN tag will only be delivered out of a switch interface configured to relay that specific tag.

  • Ether-Type field

    • It's 16 bits long and used to describe the protocol of the contents of the frame.
  • Payload

    • A payload in networking terms is the actual data being transported, which is everything that isn't a header.
    • This contains all of the data from higher layers such as the IP, transport, and application layers that are being transmitted.
    • The data payload of a traditional Ethernet frame can be anywhere from 46 to 1500 bytes long.
  • Frame Check Sequence

    • This is a 4-byte or 32-bit number that represents a checksum value for the entire frame.
    • This checksum value is calculated by performing CRC.

WiFi 802.11 Wireless LANs

  • Wi-Fi compatible devices can connect to the internet via a WLAN network and a wireless access point. Every WLAN has an access point that is responsible for receiving and transmitting data to and from users.

  • The fundamental building block of the 802.11 architecture is the basic service set (BSS). A BSS contains one or more wireless stations and a central base station, known as an access point (AP) in 802.11 parlances.

  • Access Point(AP) is a wireless LAN base station that can connect one or many wireless devices simultaneously to the internet.

  • Each 802.11 wireless station has a 6-byte MAC address that is stored in the firmware of the station’s adapter (802.11 network interface card).

  • In 802.11, each wireless station needs to associate with an AP before it can send or receive network layer data.

  • The 802.11 standard requires that an AP periodically send beacon frames, each of which includes the AP’s service set identifier(SSID) and MAC address.

  • Inspired by the huge success of Ethernet and its random access protocol, the designers of 802.11 chose a random access protocol for 802.11 wireless LANs. This random access protocol is referred to as CSMA/CA.

The IEEE 802.11 Frame Structure

  • Frame Control(FC)

    • It is 2 bytes long field that defines the type of frame and some control information.
    • Various fields present in FC are:
      • Protocol version: It is a 2-bit long field that indicates the current protocol version which is fixed to be 0 for now.
      • Type: It is a 2-bit long field that determines the function of the frame i.e management(00), control(01), or data(10). The value 11 is reserved.
      • Subtype: It is a 4-bit long field that indicates sub-type of the frame like 0000 for association request, 1000 for the beacon.
      • To AP: It is a 1-bit long field which when set indicates that the destination frame is for the access point(AP).
      • From AP: It is a 1-bit long field which when set indicates the frame coming from the access point.
      • More frag (More fragments): It is a 1-bit long field which when set to 1 means the frame is followed by other fragments.
      • Retry: It is a 1-bit long field, if the current frame is a retransmission of an earlier frame, this bit is set to 1.
      • Power Mgmt (Power management): It is a 1-bit long field that indicates the mode of a station after successful transmission of a frame. Set to 1 the field indicates that the station goes into power-save mode. If the field is set to 0, the station stays active.
      • More data: It is a 1-bit long field that is used to indicates a receiver that a sender has more data to send than the current frame. This can be used by an access point to indicate to a station in the power-save mode that more packets are buffered or it can be used by a station to indicate to an access point after being polled that more polling is necessary as the station has more data ready to transmit.
      • WEP: It is a 1-bit long field which indicates that the standard security mechanism of 802.11 is applied.
      • Order: It is a 1-bit long field, if this bit is set to 1 the received frames must be processed in strict order.
  • Duration/ID

    • It is 2 bytes long field that contains the value indicating the period in which the medium is occupied(in µs).
  • Address 1

    • It s the MAC address of the wireless station that is to receive the frame.

    • If a mobile wireless station transmits the frame, address 1 contains the MAC address of the destination AP.

    • If an AP transmits the frame, address 1 contains the MAC address of the destination wireless station.

  • Address 2

    • It is the MAC address of the station that transmits the frame.

    • If a wireless station transmits the frame, that station’s MAC address is inserted in the address 2 fields.

    • If an AP transmits the frame, the AP’s MAC address is inserted in the address 2 fields.

  • Address 3

    • The BSS (consisting of the AP and wireless stations) is part of a subnet that connects to other subnets via some router interface.

    • It contains the MAC address of the router ­interface.

    • It plays a crucial role in internetworking the BSS with a wired LAN.

  • Sequence control

    • It is 2 bytes long field that consists of 2 sub-fields, i.e., the Sequence number (12 bits) and Fragment number (4 bits). Since acknowledgment mechanism frames may be duplicated hence, a sequence number is used to filter duplicate frames.
  • Payload

    • The field is permitted to be as long as 2,312 bytes, it is typically fewer than 1500 bytes, holding an IP datagram or an ARP packet.

    • It contains information specific to individual frames that are transferred transparently from a sender to the receiver(s).

  • CRC (Cyclic redundancy check)

    • It is 4 bytes long field that contains a 32 bit CRC error detection sequence to ensure an error-free frame.

Dealing with Hidden Terminals: RTS and CTS

The 802.11 protocol also includes a nifty reservation scheme that helps avoid collisions even in the presence of hidden terminals.

  • To avoid hidden terminals problems, the IEEE 802.11 protocol allows a station to use a short Request to Send (RTS) control frame and a short Clear to Send (CTS) control frame to reserve access to the channel.

  • When a sender wants to send a data frame, it can first send an RTS frame to the AP, indicating the total time required to transmit the data frame and the acknowledgment (ACK) frame.

  • When the AP receives the RTS frame, it responds by broadcasting a CTS frame.

  • This CTS frame serves two purposes:

    • It gives the sender explicit permission to send.
    • It instructs the other stations not to send for the reserved duration.
  • The use of the RTS and CTS frames can improve performance in two important ways:

    • The hidden station problem is mitigated since a long DATA frame is transmitted only after the channel has been reserved.
    • Because the RTS and CTS frames are short, a collision involving an RTS or CTS frame will last only for the duration of the short RTS or CTS frame. Once the RTS and CTS frames are correctly transmitted, the following DATA and ACK frames should be transmitted without collisions.

Although the RTS/CTS exchange can help reduce collisions, it also introduces delay and consumes channel resources. For this reason, the RTS/CTS exchange is only used (if at all) to reserve the channel for the transmission of a long DATA frame. In practice, each wireless station can set an RTS threshold such that the RTS/CTS sequence is used only when the frame is longer than the threshold. For many wireless stations, the default RTS threshold value is larger than the maximum frame length, so the RTS/CTS sequence is skipped for all data frames sent.

Why 802.11 protocol does not implement collision detection?

  • The ability to detect collisions requires the ability to send (the station’s ­signal) and receive (to determine whether another station is also transmitting) at the same time. Because the strength of the received signal is typically very small compared to the strength of the transmitted signal at the 802.11 adapters, it is costly to build hardware that can detect a collision.

  • More importantly, even if the adapter could transmit and listen at the same time (and presumably abort transmission when it senses a busy channel), the adapter would still not be able to detect all collisions, due to the hidden terminal problem and fading.

Why do CSMA/CD and CDMA/CA take different approaches for transmission?

Let’s consider a scenario in which two stations each have a data frame to transmit, but neither station transmits immediately because each senses that a third station is already transmitting.


    • The two stations would each transmit as soon as they detect that the third station has finished transmitting.
    • This would cause a collision, which isn’t a serious issue in CSMA/CD since both stations would abort their transmissions and thus avoid the useless transmissions of the remainders of their frames.

    • The 802.11 does not detect a collision and abort transmission, a frame suffering a collision will be transmitted in its entirety.
    • The goal in 802.11 is thus to avoid collisions whenever possible.
    • If the two stations since the channel busy, they both immediately enter random backoff, hopefully choosing different backoff values.
    • If the values are indeed different and once the channel becomes idle. One of the two stations will begin transmitting before the other, and (if the two stations are not hidden from each other) the “losing station” will hear the “winning station’s” signal, freeze its counter, and refrain from transmitting until the winning station has completed its transmission. In this manner, a costly collision is avoided.

Did you find this post useful?

I would be grateful if you let me know by sharing it on Twitter!

Follow me @ParthS0007 for more tech and blogging content :)