Go Premium for a chance to win a PS4. Enter to Win


Packets vs Frames

Posted on 2008-10-24
Medium Priority
Last Modified: 2012-05-05
I am new to networking and I am reading books and articles about this so later I will take some certification tests.
I have two simple questions about networking:
1).  I have trouble understanding the difference some books indicate that frame is smaller than packets and some said packet travel the the network by frams so I am confused.
My initial understanding is that packet is smaller and are carried by frams.
2). Why there is no mention to Bridges in networking books even here in EE they are not listed with the networking  hardware. Are they not available any more or switches or other hardware do the same job?
I appreciate all coments and answer. Please say everything I really need to understand them

Question by:jean11
  • 3
  • 2
  • 2
  • +2

Expert Comment

ID: 22795955

1) when you look at Layer2 in the OSI-model the data is contained in frames (like Ethernet-frames). In Layer3 the data is contained in packets. This means that data from upper level protocols are put into IP-packets. On each Layer2-link the IP-packet it put into a L2-frame together with control data.

2) A bridge is simply a unit working on Layer2. It[ an old terminology barely used but like 10 years ago a hub or switch was also called a multiport-bridge. That was in contrast to a "standard" bridge which was only 2-legged. A bridge (no matter the number of "legs") is a unit shuffling frames between interfaces based on the location of the destination MAC-address. So Yes, a switch and a bridge is basically the same.

Br Jimmy
LVL 68

Expert Comment

ID: 22796136
You can also define frames and packets this way>
A frame is the unit of data transferred across the network, defined at the datalink (network access, L2) layer of the protocol stack, as JimmyLarsson wrote.
A packet can be seen as the unit of data at any layer of the protocol stack, prior to, or after transmission. (not only L3 as JimmyLarsson said).
But, after all, the difference is more or less 'academic'.

Expert Comment

ID: 22796437
I strongly agree to the "academic" part.  :-)

Br Jimmy
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!


Author Comment

ID: 22797129
Thanks a lot for the information.
Ok each one works at a different layer but you define them all as " the unit of data"
so which one is bigger? or which one contains the other?
or an email message for example, is divided into packets or frams?

No there no bridges? but a book defines a bridge as connect two networks of different technologies like Ethernet and Wireless
Is that right? and can you call a device like this a switch? the book is new and still call it a bridge not a switch.
LVL 13

Expert Comment

ID: 22803432
The packet size is dependent on what Layer3/4 protocol is used: IP, IPX, etc.
The frame size is dependent on what Layer2 technology is used: ethernet, token ring, ATM, frame-relay, etc.

Author Comment

ID: 22803491
Thanks kdearing
Please clarify I need more details on what you said. you mean the packet could be bigger than the fram or vice versa?

Please let me know
LVL 13

Expert Comment

ID: 22803615
Maybe this will explain it clearer:
LVL 23

Expert Comment

ID: 22810158
Regarding (1)..  This can be true, in case a single packet can be split into multiple frames.

Some protocols may allow this.   In general, IP does not  one packet = one frame.
The frame that conveys a certain packet will often be larger than the packet.
Because (for example), when an IP packet is transmitted using the Ethernet datalink protocol,  a 'frame header'  is applied.

There are parts of the  'frame header' that identify the Ethernet protocol,  the the source and destination MAC addresses, the frame length, then the data,
and at the very end of an Ethernet frame, there is a checksum appended (that verifies the data is transmitted without transmission error).

(2) Hubs and repeaters are rarely used anymore with Ethernet.  Switches are very popular,  and you may think of a switch as a big dynamic (learning) bridge, with each PC connected to a different segment.

Bridges used to be a separate class of devices.  Think back 20 years ago..
Ethernet was a popular protocol, and there were several different types of media; for example    Thicknet coaxial Ethernet 10Base5, cheapernet/thinnet coaxial Ethernet 10Base2,  and then  twisted pair Ethernet 10BaseT.

These were very different media, but the same Ethernet protocol was used regardless of the physical medium.  If you wanted to join a 10Base2  network to network using 10BaseT media, you had to use a bridge to properly perform the media conversion.

Also, even when 10BaseT  became popular,  bridges were still needed with Ethernet:

Bridges divide your Ethernet segments into separate collision domains.
Recall that Ethernet   is a shared broadcast network medium that uses CSMA/CD to cope with congestion on shared lines.

It turns out that after you exceed a certain number of hosts on your LAN, collisions became a serious problem,  and there was a need to divide the LAN into multiple collision domains to obtain a usable level of network performance.

There is a historical rule called the 5-4-3  rule  which dictates how you can design a network and have acceptable performance;  which is that between any 2 PCs on your network within the same collision domain, there can be a maximum of 5 attached segments, connected by 4 repeaters, and at most  3 of those attached segments may be populated with hosts.

If you strung too many repeaters together in an Ethernet network, and all PCs were in the same collision domain  (no bridges in between),  you would eventually reach a point where you have many late collisions.

Increased numbers of collisions between hosts attempting to transmit at the same time  (especially late collisions),  kills throughput of the Ethernet broadcast network.

Separating major areas of the network with bridges would reduce the number of collisions,  since PCs on disjoint networks  then do not need to see traffic addressed to other segments.

It also reduces the risk of passive sniffers.

Since not all PCs see all traffic, it is much harder for an unauthorized individual to snoop on all traffic.

LVL 23

Accepted Solution

Mysidia earned 750 total points
ID: 22810197
Addendum: Although bridges are not that popular anymore on the LAN, there are still cases where they are used.. especially on the WAN.

Generally, if you have two geographically diverse areas, say two offices, and a private circuit in between then.
You might configure each site's router to operate in a "bridge" mode, then you can use the same IP space at both sites,  it will be as if they are the same LAN.

Although there is a cost in that broadcast traffic may have to pass the WAN link that has limited capacity.

Often people will call the bridge in this situation a "router", even though it is really being used as a bridge.

It in effect _IS_ a router, because it has routing capabilities, in addition to the dumb bridging it is used for: essentially the device is used just for the types of interfaces it has,  and the traffic is passed based on a "bridging table".

Bridges used to be devices with  2 or 3  ports.
All switches are bridges, and the same protocols may be involved MAC bridging (802.1d), but it's more precise to call them switches than bridges,  when they have many ports.

Ethernet Bridges may be "static"  or  "dynamic"

In a static bridge, the administrator manually configures the list of hardware addresses associated with each port.

When a frame arrives destined for a certain hardware address, it is sent out the destination port   (provided it does not arrive on the destination port); if the destination hardware address is unknown, the frame will be dropped.

These are not normally used with Ethernet protocol, although they may be used with some WAN protocols.

Dynamic bridges on an Ethernet network build a bridging table in the same way modern dynamic switches do.   When a frame arrives with a given source hardware address, the bridge examines the 'source' address of the frame, and adds that address to a bridge table for the port that the frame was received from.

A later frame destined for that hardware address in the future coming in from another port in the future is forwarded at that port.

A frame destined for that hardware address coming in from THAT port itself is filtered  (discarded), since as a basic rule a bridge will NEVER send a frame out the port it arrived to that bridge on.

A frame destined for an unknown hardware address (on an Ethernet bridge), or a broadcast address is flooded out all ports ALLOWED for that source port except the one it came in on.

When I say "allowed" ;  I mean, that the network administrator may have created rules that  only allow certain segments to talk with each other.

Some hosts may be required to use a router to communicate with hosts on the "secured"  segments.

The  Marketing  department  may have no need to access the Accounting department's  servers,    and  by placing them on a different broadcast domain,
and allowing a router to filter traffic,  you introduce some security.

In  modern networks,  this is commonly done using VLANs  (Virtual LANs)
that most enterprise level switches provide.

Multilayer switches may even provide the routing capabilities, so there is
no need to spend extra money on dedicated bridges.


Author Comment

ID: 22879906
good - thanks

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month6 days, 7 hours left to enroll

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question