Visible Intro: In this simulation, you will analyze how addressing works across different layers of the OSI model. Understanding the distinction between logical and physical addressing is fundamental for configuring firewalls, switches, and interpreting packet captures during network defense operations.
CND (312-38) Network Defense Simulation
Network Scenario
An Enterprise LAN consists of multiple VLANs connected via a Layer 3 switch and a perimeter firewall. As a Network Security Analyst, you are investigating an Internal ARP Spoofing alert. The security system flagged a device attempting to associate its hardware address with the default gateway's IP address to intercept traffic (Man-in-the-Middle). To mitigate this, you need to implement port security on the access layer switches, which requires a firm grasp of which OSI layer handles the hardware-to-interface mapping.
Traffic & Logs
[TIMESTAMP] 2023-10-24T14:22:01.442
[SRC MAC] 00:0C:29:4F:8B:12 -> [TARGET IP] 192.168.1.1
[INFO] Conflict detected: IP 192.168.1.1 previously associated with 00:50:56:A1:B2:C3
VLAN | MAC Address | Type | Port
------+--------------------+-----------+-------
10 | 00:0c:29:4f:8b:12 | DYNAMIC | Fa0/5
10 | 00:50:56:a1:b2:c3 | DYNAMIC | Gi0/1 (Trunk)
Question
Which of the following layers of the OSI model provides physical addressing?
Think about where Media Access Control (MAC) addresses reside and which layer prepares data for the local network segment using hardware identifiers.
Expert Analysis
1. Network Observation: The scenario describes an ARP Spoofing attack. In this context, the attacker is manipulating the mapping between IP addresses (Layer 3) and MAC addresses (Layer 2) to intercept traffic meant for the gateway.
2. Attack Identification: This is a Layer 2 attack. Detection relies on monitoring ARP traffic patterns and MAC-to-IP consistency. Defensive controls like "Dynamic ARP Inspection" (DAI) or "Port Security" specifically target this layer.
3. Why Correct (D): The Data Link Layer (Layer 2) is responsible for physical addressing through MAC addresses. It manages the communication between adjacent nodes on the same network segment. It encapsulates packets into frames, adding the Source and Destination MAC addresses necessary for local delivery.
4. Why Others are Wrong:
- Application Layer: Deals with user interfaces and network services (HTTP, DNS). It does not handle addressing.
- Network Layer: Provides logical addressing (IP addresses) for routing across different networks.
- Physical Layer: Deals with the actual bit transmission over hardware (cables, radio waves, voltages). It does not possess addressing logic; it only understands signals.
5. Defensive Action: As a defender, you would enable MAC-address-to-port binding (Static MAC) or limit the number of MAC addresses allowed on Fa0/5 to prevent the attacker from impersonating the gateway.
MINI LESSON: Protocol Behavior & Addressing
In Network Defense, identifying the layer of an attack is critical for choosing the right countermeasure. Physical Addressing (MAC) occurs at the Data Link layer. Logical Addressing (IP) occurs at the Network layer. An IDS alert showing a MAC address mismatch is inherently a Layer 2 event, even if the target is a Layer 3 IP address.
Explore more CND simulations
Practice More at ExamRange