Skip to main content

The IEEE 802.3 Frame Format

The following is a description of the Ethernet Frame Format described in the IEEE 802.3 Specification. The 802.3 Specification defines a 14 byte Data Link Header followed by a Logical Link Control Header that is defined by the 802.2 Specification.

The Diagram below analyses the Ethernet 802.3 Frame:

The Data Link Header

ethernet-frames-802.3-1

Offset 0-5: The Destination Address

  • The first six bytes of an Ethernet frame make up the Destination Address. The Destination Address specifies to which adapter the data frame is being sent. A Destination Address of all ones specifies a Broadcast Message that is read in by all receiving Ethernet adapters.
  • The first three bytes of the Destination Address are assigned by the IEEE to the vendor of the adapter and are specific to the vendor.
  • The Destination Address format is identical in all implementations of Ethernet.

Offset 6-11: The Source Address

  • The next six bytes of an Ethernet frame make up the Source Address. The Source Address specifies from which adapter the message originated. Like the Destination Address, the first three bytes specify the vendor of the card.
  • The Source Address format is identical in all implementations of Ethernet.

Offset 12-13: Length

  • Bytes 13 and 14 of an Ethernet frame contain the length of the data in the frame frame, not including the preamble, 32 bit CRC, DLC addresses, or the Length field itself. An Ethernet frame can be no shorter than 64 bytes total length, and no longer than 1518 bytes total length.

The 802.2 Logical Link Control (LLC) Header

ethernet-frames-802.3-2

Following the Datalink Header is the Logical Link Control Header (LLC), which is described in the IEEE 802.2 Specification. The purpose of the LLC header is to provide a "hole in the ceiling" of the Datalink Layer. By specifying into which memory buffer the adapter places the data frame, the LLC header allows the upper layers to know where to find the data.

Offset 15: The Destination Service Access Point (DSAP)

  • The Destination Service Access Point (DSAP), is a 1 byte field that simply acts as a pointer to a memory buffer in the receiving station. It tells the receiving network interface card in which buffer to put this information. This functionality is crucial in situations where users are running multiple protocol stacks, etc...

Offset 16: The Source Service Access Point (SSAP)

  • The Source Service Access Point (SSAP) is analogous to the DSAP and specifies the Source of the sending process.

Offset 17: The Control Byte

  • Following the SAPs is a one byte control field that specifies the type of LLC frame that this is.

User Data And The Frame Check Sequence (FCS)

ethernet-frames-802.3-3

Data: 43-1497 Bytes

  • Following the 802.2 header are 43 to 1497 bytes of data, generally consisting of upper layer headers such as TCP/IP or IPX and then the actual user data.

FCS: Last 4 Bytes

  • The last 4 bytes that the adapter reads in are the Frame Check Sequence or CRC. When the voltage on the wire returns to zero, the adapter checks the last 4 bytes it received against a checksum that it generates via a complex polynomial. If the calculated checksum does not match the checksum on the frame, the frame is discarded and never reaches the memory buffers in the station.

This completes our anaylsis of the Ethernet 802.3 frame.

Back to Ethernet Frame Formats Section

Your IP address:

3.129.253.238

All-in-one protection for Microsoft 365

All-in-one protection for Microsoft 365

FREE Hyper-V & VMware Backup

FREE Hyper-V & VMware Backup

Wi-Fi Key Generator

Generate/Crack any
WEP, WPA, WPA2 Key!

Network and Server Monitoring

Network and Server Monitoring

Follow Firewall.cx

Cisco Password Crack

Decrypt Cisco Type-7 Passwords on the fly!

Decrypt Now!

Bandwidth Monitor

Zoho Netflow Analyzer Free Download

Free PatchManager

Free PatchManager

EventLog Analyzer

ManageEngine Eventlog Analyzer

Security Podcast

Hornet-Security-The-Swarm-Podcast

Firewall Analyzer

zoho firewall analyzer