The reason for changable MAC address - mac-address

To my understanding, the mac address is supposed to be hard wired on the network card. It is also the so called physical address, and it should be unique. But it is allowed to be modified by the OS, say Window 10. So, is it really communicate with other machine by the new MAC address? Or is the old MAC address still existing on a mapping table somewhere? Is there any rule for creating the custom MAC address? Also, if it is changeable, then it is not unique anymore. What is the point for a hard wired MAC address if it is changeable?
Thanks

What is a Mac Address?
The real Mac address of the network card is unique and immutable.
the Mac address is used on the local network to route the packets :
the router/pc will say : "who has 192.168.1.4?"
The pc with this ip will answer "192.168.1.4 has DC:23:F5:B5:FF:31:94"
The PC/Router will send the packet via ARP protocol to the specified Mac address.
Why virtual MAC Address?
The Mac address allow everyone on the network to identify informations like the brand of your network card, and to follow you're connections on the network through the time. Some router will use the ip address to attribute a same ip address to the same device at each connection.
Fact is, on a public network, you prefer to have a fake Mac address in order to be annonymous. Reducing the risk of attack targeting a specific network card brand.
Problems related to MAC Address
if 2 devices (E.g. VMs) have the same Mac address but different IPs, half of the packets will be received by each network card. And on the computer you will see unexpected disconnection/reconnection really often.
another related problem would be an attack by ARP poisoning, which is an attackant saying " < has <mac_attackant>" resulting in packets sent to an attackant instead of the router (man in the middle)
Rules for creating a virtual MAC address
the macchanger tool on Linux allow you to change your Mac address and can be configured to take a complete random Mac address, a random Mac address belonging to a valid manufacturer, or to have a Mac address from the same manufacturer as the real Mac address, or a specific Mac address you can specify. So, except the size of the Mac address there are no specific rules.
(* The MAC and ip i chose are totally random.)

Related

Getting MAC Address of devices using Local Network IP Address(192.168.xxx.xxx)

I am building a Mini-Project and I came across this problem..I have to find MAC Addresses of all Devices that were in my Home Network .Here I got all the devices local IP addresses (I pinged from 1 to 255 and noted down all responded devices IP's).Here i am using Windows with python 2.7.x .I do also need the Network Card Manufacturer Name.
In other words I just want the raw data that the WI-FI Watcher shows.
My aim to get MAC and Network Card Manufacturer Name
First of all please make sure you ping all the hosts in your subnet. I would ping the broadcast address first, then just in case all of them, maybe some of them did not respond to your broadcast.
This way you will fill the local ARP cache of your machine. Then you can run this executable:
arp -a -v
Which will output information on all the IP addresses and their corresponding MAC address.
Then it's just a matter of looking up the OUI of the MAC address.
In pure python, as you mention in your comment, you can use "Scapy". you can find an ARP ping example here:
https://freezion.com/2009/01/22/arp-ping-using-scapy/
Basically:
from scapy import srp,Ether,ARP,conf
conf.verb=0
ans,unans=srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=sys.argv[1]),
timeout=2)
For OUI lookup, you can use this small bit of code, although it has an external dependency:
import requests
for addr in ['88:53:2E:67:07:BE', 'FC:FB:FB:01:FA:21',
'D4:F4:6F:C9:EF:8D', '23:45:67']:
vendor = requests.get('http://api.macvendors.com/' + addr).text
print(addr, vendor)
Also, you can try the OUI parser lib from Wireshark.
NOTE: this does not work if ICMP is disabled on the destination hosts, in that case you have to run a traditional portscan and find open ports.

Mac address of router or adapter

Hope someone can enlighten me. I have been wondering if the mac address visible to other sites using javascript is the mac address of router or the adapter in my pc or laptop? I am aware that the router strips my adapter's mac address and just sends the info to and fro the web. Thanks
Not sure what you mean, so I'll make a larger answer.
You can not get MAC addresses from Javascript in a browser. You can refer this thread.
If you meant IP address, then you can get all the computer IP addresses (usually referred as "private IP addresses" when you are behind a router) using WebRTC. You can check this thread and this site.
You can also get a visible IP address (usually referred as public IP in most cases) by querying a remote server, as this one.

How to allow Windows 7 accept UDP messages from an external device with address "127.0.0.2"?

My firm produces some devices with a network interface. The devices are sent with a IP address = 0.0.0.0. The customers plugs the device on the private net in the field and, by using a tiny app written with VB6, discover it and set the correct IP address.
This working by using UDP messages: the app broadcast a "Who's there?" UDP message, read back the answer(s) containing the MAC address of the device(s), and the the user send another UDP message containing the new IP address for target MAC.
Now, for some unknown reasons, one of these device get its IP address set to 127.0.0.2. The problem is that now the VB app can't find (via UDP) the device anymore, making it impossible to change the IP address to a valid one.
Further analisys revealed than if the app is running on Windows XP it sees the device, but if the app is running on Windows 7 the UDP message does'nt arrive to to the "socket" (while Wireshark can see the answer from the device).
Now, there a solution to allow Win7 to let "pass" an UDP message sent from a 127.0.0.2 external address? If yes, we could avoid to ship around the world a replacement device with a correct IP address and all the trouble of phisically mounting it in the field.
Here's a Wireshark capture of the "question" and the "answer" not "detected" by the VB app:
cap.pcapng
Now, for some unknown reasons, one of these device get its IP address set to 127.0.0.2.
You need to fix that.
The 127/8 block is reserved for the "loopback" address (ie. localhost). No packets sent to 127.0.0.2 will leave your systems NIC. Unless there are bugs in the drives (or hardware): this could be the case with WinXP.

Is eth0 only actual interface in Linux

I am confuse among various interfaces of ethernet .I am just going through this U-Boot Link
http://www.denx.de/wiki/DULG/UBootEnvVariables
Where it says
ethaddr: Ethernet MAC address for first/only ethernet interface (= eth0 in Linux).
Now my confusion is eth0 is only real interface whose address is programmed into efuse register
Is other interfaces like eth1 ,eth2 and so on virtula interface which will be configured by applcation later on .
Also from this link
http://e2e.ti.com/support/arm/sitara_arm/f/791/t/209421.aspx
Where it says
The MAC addresses programmed into the internal e-fuses will be from the TI address pool. Customer will need to add some type of storage device (Flash, EEPROM) which contains their MAC addresses if they want to use addresses from their own address pool.
Now are these two mac address one written in e-fuse and other in Flash by customer two different address for eth0?
This uboot documentation is for many different kinds of hardware, some of which have only 1 interface, and some of which have more. The language "Ethernet MAC address for first/only ethernet interface (= eth0 in Linux)" just means that referenced variable is for eth0, which is the first ethernet interface. If there is only one interface, it is still called eth0. If your hardware has multiple ethernet interfaces, the other variables are for them.
Regarding the second question: it appears that this hardware device has a built-in ethernet controller, which needs a unique MAC address to function on a network. The device ships with a MAC address already configured (written into the e-fuse of the device, and therefore read-only). If you don't want to use that MAC address, you can instead use flash or EEPROM to store your own MAC address to configure the ethernet controller. Only one of those choices will be active.
One reason you might want to change the MAC address is that MAC addresses are assign in blocks to different vendors, and the shipped address is from the TI block. That means network analyzers will think the overall product is a TI device. If you want your product to appear as a different vendor, you need to use your own MAC address drawn from your own pool. If you don't know what this means, don't worry about it: use the one that is preconfigured and built-in.

Is the mac address specification of wireless NIC conforming to that of wireless NIC?

By using OID_802_3_PERMANENT_ADDRESS, I can query the mac address of an ethernet card. Intuitively, I think there should exist corresponding OID_802_11_PERMANENT_ADDRESS. However, I find none.
If I direct use OID_802_3_PERMANENT_ADDRESS to query the mac address of 802.11, the result seems correct.
So my question is: Are the mac addresses of 802.3 and 802.11 the same in their respective specifications?
Although the Media Access Control for the Ethernet and wireless link layers are very different due to the nature of collision detection, to keep things simple for the Internet protocols, the MAC address – regardless of the link layer – is always a globally unique 48-bit number. This is significant for Ethernet and 802.11 since routers often aggregate devices onto a single subnet.
So to answer your question, the MAC addresses will not be same.

Resources