| The Answer To The Media Access Control | | | | address. The address listed above is what is called |
| Question | | | | a "private" address. There are certain classes of |
| Over the past few weeks I have received quite a | | | | IP addresses that have been set aside for private |
| few e-mails about Ethernet cards, both wired and | | | | use. This means for your internal, local, or private |
| wireless, and more specifically, about Media | | | | network at home or office. These addresses are |
| Access Control (MAC) addresses. I think the main | | | | not, or should not, be routable on the Internet. |
| reason I’ve received so many questions | | | | The Internet routes what are called |
| about Ethernet cards and MAC addresses is | | | | “valid” IP addresses. Your cable/dsl router |
| people trying to secure their home wireless | | | | or cable modem has a valid IP address assigned |
| networks and their desire to use MAC address | | | | to its “external” network interface. The |
| filtering. This type of filtering in wireless networks | | | | external interface may be your phone line or |
| can be configured to allow or deny specific | | | | cable TV cable. |
| computers to use or attach to the wireless | | | | Subnet Mask . . . . . . . . . . . : 255.255.255.0 |
| network, based on the MAC address. | | | | The Subnet Mask is a special number, or in some |
| My first thought was to write an article just about | | | | sense, filter, that breaks down your IP address, in |
| MAC addresses and wireless Ethernet. After | | | | this case private IP address, into certain groups. |
| thinking about it I decided to expand on this and | | | | IP addresses and Subnet Masks can be a |
| go over some specific information about Ethernet | | | | complicated matter and would take an entire |
| cards and communication. | | | | article to go over. |
| Different Ways of Finding Your MAC Address and | | | | Default Gateway . . . . . . . . . : 192.168.0.254 |
| More | | | | The default gateway, the IP addresses listed |
| There are several ways of finding your Ethernet | | | | above, is the IP address of the device that will |
| and communications protocol information. Many | | | | route your request, such as when you try to |
| Ethernet card manufacturer’s have | | | | browse a website, to the Internet. It is a bit more |
| proprietary software that can reveal this | | | | complicated than that though as gateways or |
| information but they work differently depending | | | | routers can route traffic to various different |
| on the manufacturer. So we will use the Windows | | | | networks, even other private networks. At your |
| 2000 and XP “ipconfig” utility since this is | | | | home or small office, this gateway most likely is |
| available in the majority of Windows Operating | | | | your cable/dsl modem or router. |
| Systems. | | | | DHCP Server . . . . . . . . . . . : 192.168.0.49 |
| First, go to “start” -> “run” and | | | | The DHCP server, remember we talked a little |
| type “cmd” without the quotes. Then hit | | | | about this above, is the device that assigns your |
| the enter key. At the command line type | | | | computer an IP address and other information. |
| “ipconfig /all”, again without the quotes. | | | | DHCP servers can assign all kinds of information |
| Actually, just typing ipconfig without the /all will | | | | such as; Default Gateway, Domain Name Servers |
| work but will only provide you with abbreviated | | | | (DNS), IP address, Subnet Mask, Time Server, |
| information regarding your network cards. An | | | | and much more. |
| example of what you might see by typing the | | | | DNS Servers . . . . . . . . . . . : 192.168.0.49, |
| “ipconfig /all” command is below with each | | | | 64.105.197.58 |
| item commented in green lettering: | | | | DNS Servers are internal or external servers that |
| Fault Tolerant And Highly Availability Computer | | | | resolve Fully Qualified Domain Names (FQDN), to |
| Systems | | | | IP addresses. This is done because computers |
| There are several ways of finding your Ethernet | | | | don’t actually transmit your requests using |
| and communications protocol information. Many | | | | the domain name, they use the IP address |
| Ethernet card manufacturer’s have | | | | assigned to the FQDN. For most home or small |
| proprietary software that can reveal this | | | | office users, the primary DNS server is the IP |
| information but they work differently depending | | | | address of your cable/dsl router. Your cable/dsl |
| on the manufacturer. So we will use the Windows | | | | router than queries an external DNS server on |
| 2000 and XP “ipconfig” utility since this is | | | | the Internet to perform the actual resolution of |
| available in the majority of Windows Operating | | | | the FQDN to IP address. The address 192.168.0.49 |
| Systems. | | | | is an internal private device on my network |
| First, go to “start” -> “run” and | | | | whereas the 64.105.197.58 is an external public |
| type “cmd” without the quotes. Then hit | | | | Internet DNS server and is present just in case |
| the enter key. At the command line type | | | | my router has trouble performing the DNS |
| “ipconfig /all”, again without the quotes. | | | | resolution tasks. |
| Actually, just typing ipconfig without the /all will | | | | Lease Obtained . . . . . . . . . .: Sunday, March 19, |
| work but will only provide you with abbreviated | | | | 2006 6:38:16 PM |
| information regarding your network cards. An | | | | This information tells you when your computer |
| example of what you might see by typing the | | | | received its IP address and other information |
| “ipconfig /all” command is below: | | | | from a DHCP server. You will notice it says |
| OutPut Of The “Ipconfig /All” Command | | | | “Lease Obtained”, that is because most |
| Windows IP Configuration | | | | DHCP servers only lease the IP address to you |
| Host Name . . . . . . . . . . . . : Home Computer | | | | from a pool of available address. For instance, |
| This is the name of your computer, typically | | | | your pool may be 192.168.1.1 through 192.168.1.50. |
| defined during the windows installation. However, it | | | | So your DHCP server has 50 IP addresses to |
| can be changed after installation. | | | | choose from when assigning your computer its IP |
| Primary Dns Suffix . . . . . . . : If your computer | | | | address. |
| participates in a network such as a Microsoft | | | | Lease Expires . . . . . . . . . . : Wednesday, March 29, |
| Windows domain this item may contain the name | | | | 2006 9:38:16 PM |
| of the domain. | | | | When the IP address, assigned by the DHCP |
| Node Type . . . . . . . . . . . . : Unknown | | | | server, lease expires it will attempt to lease you |
| The Node Type may say Unknown, or | | | | the same or another IP address. This function can |
| peer-to-peer, or in some cases “hybrid”. It | | | | typically be changed on the DHCP server. For |
| is a setting that has to do with the Windows | | | | instance, on some fully functional DHCP servers, |
| Internet Naming Services used in certain types of | | | | you can configure the Lease to never expire, or |
| Windows domain networks. | | | | to expire within 1 day and so on. |
| IP Routing Enabled. . . . . . . . : No | | | | Why Are MAC Addresses So Important And |
| This setting determines if Windows XP or 2000 | | | | How Do They Work |
| will function as an IP router. If you have two or | | | | To jump back to MAC address for just a bit. You |
| more network cards you can setup your system | | | | may think that IP addresses are the most |
| to act as a router, forwarding communications | | | | important thing when it comes to network |
| requests from one network to another. Windows | | | | communication. The reality is, MAC addresses are |
| 2000 can be configured to do this in a pretty | | | | very important because without them computers |
| straight forward fashion; Windows XP will need a | | | | would not be able to communicate over Ethernet |
| registry modification. | | | | networks. When a computer wants to speak with |
| WINS Proxy Enabled. . . . . . . . : No | | | | another computer on a local network, it will make |
| WINS Proxy is another setting that is related to | | | | a broadcast request, or ask a question, of who |
| the “Node Type” we discussed earlier. It | | | | owns a particular IP address. For instance, your |
| is normally not a required setting in a home or | | | | computer may say “Who is |
| small office network, or newer types of Microsoft | | | | 192.168.0.254”. Using the information above, |
| Windows domains. | | | | my default gateway is 192.168.0.254 and will |
| Ethernet adapter Wireless Network Connection 2: | | | | answer “I am “00-90-4B-F1-6E-4A” |
| If you have multiple Ethernet (network) cards in | | | | 192.168.0.254”. It sends back its MAC address. |
| your systems, as I do in this laptop, you will have | | | | That MAC address then goes into what is called a |
| multiple listings. This one happens to be the | | | | Address Resolution Protocol (ARP) table on your |
| second Ethernet card, an internal wireless | | | | computer. You can see this information by going |
| Ethernet card. | | | | to the command prompt like you did above and |
| Description . . . . . . . . . . . : Broadcom 802.11b/g | | | | typing "arp –a". You will get information like |
| WLAN | | | | the following: |
| This is the description of the Ethernet card, | | | | Internet Address Physical Address Type |
| usually the Name / Manufacturer and type of | | | | 192.168.0.49 00-12-17-5c-a2-27 dynamic |
| Ethernet card. In this case, it is a Broadcom | | | | 192.168.0.109 00-12-17-5c-a2-27 dynamic |
| wireless Ethernet card built into my laptop. | | | | 192.168.0.112 00-0c-76-93-94-b2 dynamic |
| Physical Address. . . . . . . . . : 00-90-4B-F1-6E-4A | | | | 192.168.0.254 00-0e-2e-2e-15-61 dynamic |
| And here we have the MAC address. The MAC | | | | How A Hacker Can Use MAC Addresses In An |
| address is a 48 bit hexadecimal code and is | | | | Attack |
| suppose to be a totally unique address. It is 48 | | | | You will notice the IP addresses and to the right |
| bits because each number or letter in hexadecimal | | | | of them the MAC addresses. Without this |
| represents 8 bits. Hexadecimal numbers range | | | | information, without the MAC address, you would |
| from 0,1,2,3,4,5,6,7,8,9,A, B, C, D, E, F. There are | | | | not be reading this article right now. MAC |
| 6 alphanumeric codes hence 6*8=48(bits). The | | | | addresses are not routable like IP addresses. |
| first 3 codes identify the manufacturer of the | | | | They work on your local or private network. |
| card and the remaining codes are used to create | | | | However, devices on the Internet perform the |
| a unique number. Theoretically there should never | | | | same tasks. Routers and switches maintain a list |
| be a card with same MAC address on a local | | | | of their peer device MAC address just like your |
| network. However, there are a few exceptions. | | | | computers and devices on your home or office |
| There are software tools that allow you to | | | | network. I mentioned above that MAC addresses |
| change this code. In fact, this is a step some | | | | can be changed in order to redirect requests. For |
| hackers take to attack other systems on a local | | | | instance, if I were on your office network and |
| network. I say local network because MAC | | | | you had an internal web server that took personal |
| addresses are not routable between network | | | | information as input, I could tell your computer to |
| segments. By spoofing this address, you can | | | | go to my laptop for the web site by broadcasting |
| impersonate another machine on the local | | | | my MAC address tied to the real web servers IP |
| network. Traffic that was bound for the intended | | | | address. I would do this when you computer |
| target can be redirected to the hacker’s | | | | asked “Who is the “Real Web |
| machine. This is the address you would also use | | | | Server””. I could setup a fake web server |
| to populate a MAC address, or physical address | | | | that looks just like the real thing, and start |
| table when setting up your wireless access point | | | | collecting information the real web server would |
| to support MAC address filtering. | | | | normally collect. You can see how dangerous this |
| DHCP Enabled. . . . . . . . . . . : Yes | | | | can be. |
| DHCP, or the Dynamic Host Control Protocol, if | | | | Conclusion |
| enabled means your computers IP address is | | | | There are several other easy ways you can find |
| being provided by a DHCP server on you | | | | your MAC address but they can be a little |
| network. The DHCP server could be your wireless | | | | confusing if you have more than one internal |
| access point, cable/dsl router, cable modem, or a | | | | network card. Most external USB or PCMCIA |
| server on your network. Also, if a DHCP server is | | | | wired and wireless Ethernet cards have their MAC |
| not enabled on your network, your computers | | | | address printed on them. In cases where the |
| Operating System will auto generate a random IP | | | | wired or wireless network card is inside your |
| address within a certain predefined range. This | | | | computer, such as in laptops, the MAC address is |
| means you could network a group of systems | | | | sometimes printed on the bottom of the laptop. |
| together without having to manually assign the IP | | | | Even Desktop systems cards that are inserted in |
| settings. | | | | PCI slots have the MAC address printed on the |
| IP Address. . . . . . . . . . . . : 192.168.0.117 | | | | Ethernet card. |
| This parameter provides you with your current IP | | | | |