MAC tutorial
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: MAC tutorial

  1. #1
    Banned
    Join Date
    Jun 2002
    Posts
    458

    MAC tutorial

    A MAC address is a unique 12 digit 48 bit number assigned to every network adapter. They are often used to uniquely identify a MAC on a LAN. A MAC address is organized like this:
    XX-XX-XX-ZZ-ZZ-ZZ
    If you are using a network adapter and wish to see your own MAC address, you can use winipcfg for win9x systems
    ipconfig for win2000 and winNT
    ifconfig -a for linux
    And if you are using a macintosh, then you must do one of two things to find out your MAC address. Go into the TCP/IP control panel, then if you are using MacTCP click the ethernet icon or if you are using open transport then click info or user mode/advanced

    The first 3 sets of numbers, or the first 6 numbers indicate the manufacturer of the network adapter, and the last 3 sets of numbers or the last 6 numbers indicate the unique number that the manufacturer gave to that specific network adapter. So, right there, you can see that an obvious security issue exists. Which is just one more reason to obtain a good firewall and to block sites and other users on the internet from seeing your MAC address. Also, if you use Win2k or Linux you may be able to change what others see as your MAC address. To find instructions on this plz see my other tut on MACs at

    http://www.antionline.com/showthread...hreadid=231058

    MACs work at the data link layer in the OSI model, layer 2. Many IP networks maintain a list of the IP addresses for a device and the MAC addresses. That is what is where ARP comes in, this list, is the ARP table or ARP cache, (Address Resolution Protocol).

    I have included a list of MAC manufacturers and what their MAC prefix is, so that if you do not know the maker of your network adapter, consulting the list will porbably tell you.

    And one more thing, many broadband providers use DHCP to assign IPs to their users, so changing MAC addresses or tampering with them could cause you to be cut off from your broadband provider.

  2. #2
    Junior Member
    Join Date
    Jun 2002
    Posts
    1
    I have gone through your mac vendor list and I can't find my mac vendor on the list. By the way I using win2k pro. Is this as it should be? Appreciate any reply.

  3. #3
    Banned
    Join Date
    Jun 2002
    Posts
    458
    Well, I'm sorry. I know that list doesn't have evrey vendor, just most of them. Sorry if yours isn't on there but maybe if you searched google for you MAC address you could find the vendor. Hope this help, again, sorry.

  4. #4
    str34m3r
    Guest
    The first 3 sets of numbers, or the first 6 numbers indicate the manufacturer of the network adapter, and the last 3 sets of numbers or the last 6 numbers indicate the unique number that the manufacturer gave to that specific network adapter. So, right there, you can see that an obvious security issue exists. Which is just one more reason to obtain a good firewall and to block sites and other users on the internet from seeing your MAC address. Also, if you use Win2k or Linux you may be able to change what others see as your MAC address. To find instructions on this plz see my other tut on MACs at
    You don't seem to understand a very crucial piece of information about MAC addresses. You said that MAC addresses are used at the data link layer. Do you understand what that means? That means that when your box sends the packets across the wire towards their eventual destination, your box plants your MAC address inside the ethernet header. Then, the very next router that your packet hits along the way throws your MAC address away and put's its own MAC address in the ethernet header as it sends it along to the next router. So the only machine that ever sees your MAC address is the first router outside your personal network, regardless of how often you change and/or protect your MAC address. AKA, you can't protect yourself from people on the internet seeing your MAC address because they never see it anyway.

  5. #5
    Banned
    Join Date
    Jun 2002
    Posts
    458
    Actually, with netbios tools it is possible to see a user's MAC address.

  6. #6
    Banned
    Join Date
    Jul 2002
    Posts
    9
    how do you grab the MAC Address. I saw code for it using Ping and traceroute but i seem to have lost it. I'm not trying to do annything bad just want to know how.

  7. #7
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,211
    terminalillness someone already answered your question on this thread
    http://www.antionline.com/showthread...hreadid=232122

    You can use the arp command to get mac address of computers on your loacal network. Read up on arp tables for some more info. Unless a program sends you the mac address theres no way to get it. Mac address info is only used to go from one hop to the next.
    Its not software piracy. Im just making multiple off site backups.

  8. #8
    str34m3r
    Guest
    A little snippet from an AP I got, and since it wasn't signed I'll answer it here:
    i am guessing you have never visited grc.com because people with vulnerable computers can be
    shown their MACs there
    On the contrary, I have visited GRC back when I first got really interested in computer security. It's a great little site for people who don't have the resources to scan their own network from then outside. Just for the record, however, GRC can only retrieve your MAC address if you have netbios sharing enabled to the entire world. Even Microsoft is smart enough to tell you that that's a bad idea.

    But that's neither here nor there. We'll assume that you've got NETBIOS open to the entire world (/me cringes). Can anyone tell me of an attack that uses MAC addresses as a critical component of the attack? Before you answer dsniff, let me qualify that to be any attack that works on someone who is not on your local subnet. Because lets face it, no matter how good your security is, if you are using IP traffic at all, you cannot hide your MAC address from the people on your local segment.

    So, in conclusion, the only people who can harm you by knowing your MAC address are people on your local segment, and you can't hide your MAC address from them anyway. And you're right, NETBIOS does (stupidly) give away your MAC address if you haven't turned off file sharing to the entire world. But even if you leave that on, and someone gets your MAC address, they still can't do anything with it because it's worthless grabage to anyone who isn't on your segment.

    So my question remains, why are you trying so hard to protect you MAC address?

  9. #9
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,211
    So my question remains, why are you trying so hard to protect you MAC address
    Protecting your mac address seems silly. But maybe its because its unique to your network card and there for great evidence if you were do something illegal. Or maybe its because hes a paranoid nut who thinks everyone is out to get him. In conclusion you can change you mac address if you feel inclined to do so.

    See this thread on changing mac's
    http://www.antionline.com/showthread...ge+mac+address

  10. #10
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Like str34m3r and the others said, the only way to get a remote host's MAC addy is if you are on the same ethernet segment. However, nothing stops an application layer protocol from giving it away as data... (Just like it ain't possible to know someone's credit card number by a phone call, but nothing stops that person from telling you his CC # during that call...)

    The only situation I am aware of where changing your MAC addy is necessary is if your DSL or cable ISP uses registered MAC addresses to allow access (like static DHCP records or just plain MAC filtering) and you need to use a NIC diffrent from the original the ISP has registered...

    On the other hand, wanting to keep your MAC private from public might not be that paranoid: if I recall correctly, the author of the Melissa virus (or one of those...) identity was confirmed because he add edited the the macro with Word, which marked .docs with a GUID which included the MAC address if availible...

    Ammo
    Credit travels up, blame travels down -- The Boss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •