MAC Addressing Demystified
by protonigger
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Section 1: The Introduction
I have written this tutorial to educate it's readers on the scheme
used for assigning MAC addresses to NICs (network interface cards).
With such knowledge at hand, one can identify the type of NIC used
on a remote computer to better understand the network that it is a part
of. So sit back, read and learn...
Section 2: An Overview of MAC Addressing
A MAC (Media Access Control) address is a fixed address associated
with the networking hardware that is used to uniquely identify a
node on a network. This address is crutial for data to be able
to transmit to it's proper destination over a network. Putting the
OSI model into concept, this address is appended to frames at the
Data Link layer, within the Media Access Control sublayer, which is
why it is also referred to as the Data Link layer address (it's also
known as the physical address, as well as the hardware address). The
address itself is broken up into two parts; a 6 digit block id, and a
6 digital device id. Shown below is an example of its structure...
Block ID Device ID
/ \ / \
00608C:005499
The block id is the part of the address that is unique to it's vendor,
while the device id is assigned by the vendor, depending on the NIC's
model and manufacture date. The addressing scheme uses the hexadecimal
numerical system (Base16), which is represented by characters A-F and
0-9. So now that we understand the structure of a MAC address, how
would be go about obtaining this information remotely? Well, the only
way to accomplish this task remotely is to find an open netbios session
service (port 139) running. If you scan a selected range used by
the targeted network, or scan a specific target, and find such a
service, then you would go to command prompt (MS-DOS as you may know
it) and type in "nbtstat -A ip.address.here" and press Enter. You will
see a menu come up with shared resources and such within the
localized network that are being used. Then at the bottom you will see
the MAC address of the NIC used on the box you are connected to.
You can consult the below link for a reference of Block/Device IDs to
help you identify the NIC being used...
http://home.worldonline.dk/finth/pci.html
Section 3: The Conclusion
Well that pretty much concludes it for this tutorial. As explained
earlier, armed with this information you will be able to remotely
identify the NIC being used on the remote side, which will better
help you understand the layout of the network you are targeting.
Good luck...
Note: If you have a question or comment and feel the need to get in
touch with me then you can do so at [email protected] and I will
try to get back with you as soon as possible.
www.information-leak.tk
arm yourself with knowledge
|