Reading Cisco CCNP official cert guide book and the MACSec part relly hard to follow. Phil bring us the AHA moment just straight to the point what MACSec is and why we need it.
Let's think about that question a bit and tear it down... MACSec is a layer 2 thing... but a TCP/IP network, in a more overall sense, is also operating at layer 3 so that when that layer 2 frame hits the local router and gets decrypted, that device can know where the layer 3 packet that was encapsulated within that frame needs to go. So yes, things work together, but the technology of MACSec is working at layer 2 before it moves up the OSI model and gets out over the network at the higher levels. Think about a dumb switch... It works at layer 2 to figure out where to move frames. What is inside those frames doesn't matter to the dumb switch because it only cares about the MAC address and what port to move the frame to. If our switch becomes a little smarter, we can start using encryption to ensure that nothing listening between the endpoint and our smarter switch can see the entire frame. Maybe more importantly, frames between the smarter switch to the local router can be encrypted, again making sure all the frames have encryption to protect data while it is still moving around inside our LAN. If protecting data in motion is very important at the LAN level, this solves many security concerns about data moving in an unencrypted way.
What is a PCAP file? Key word there is Packet. But you want to go lower than Layer 3... So your question is can you get to those Layer 2 frames from data in a PCAP file? If the capture was made with Wireshark, you can filter the capture down to individual MAC frames where you can see the the encrypted contents. If the PCAP was captured in some other way, I'm not sure if that level of detail would be there. Perahps someone with more experience can provide a better answer around different tools and their ability to go down to individual frames.
I cannot believe I am only now finding this channel...
Reading Cisco CCNP official cert guide book and the MACSec part relly hard to follow.
Phil bring us the AHA moment just straight to the point what MACSec is and why we need it.
Hello Phil,
Thanks for the video, maybe go a bit deeper on the way the encryption is done ?
Great explanation Phil! Thank you
it was very nice explanation thank you!
Thanks for sharing the information. It is very useful
i would be glad to get something more in dept from you!
Thank you. Is it possible to use macsec on a layer3 network.
Let's think about that question a bit and tear it down... MACSec is a layer 2 thing... but a TCP/IP network, in a more overall sense, is also operating at layer 3 so that when that layer 2 frame hits the local router and gets decrypted, that device can know where the layer 3 packet that was encapsulated within that frame needs to go. So yes, things work together, but the technology of MACSec is working at layer 2 before it moves up the OSI model and gets out over the network at the higher levels.
Think about a dumb switch... It works at layer 2 to figure out where to move frames. What is inside those frames doesn't matter to the dumb switch because it only cares about the MAC address and what port to move the frame to. If our switch becomes a little smarter, we can start using encryption to ensure that nothing listening between the endpoint and our smarter switch can see the entire frame. Maybe more importantly, frames between the smarter switch to the local router can be encrypted, again making sure all the frames have encryption to protect data while it is still moving around inside our LAN. If protecting data in motion is very important at the LAN level, this solves many security concerns about data moving in an unencrypted way.
How can I understand it through pcap?
What is a PCAP file? Key word there is Packet. But you want to go lower than Layer 3... So your question is can you get to those Layer 2 frames from data in a PCAP file?
If the capture was made with Wireshark, you can filter the capture down to individual MAC frames where you can see the the encrypted contents.
If the PCAP was captured in some other way, I'm not sure if that level of detail would be there.
Perahps someone with more experience can provide a better answer around different tools and their ability to go down to individual frames.