Finding Your Mac Address On Wired And Wireless Network Cards

Finding Your Mac Address On Wired And Wireless Network Cards



Finding Your MAC Address On Wired and​ Wireless Network Cards
The Answer To the​ Media Access Control Question
----------------------------
Over the​ past few weeks I​ have received quite a​ few e-mails about Ethernet cards, both wired and​ wireless, and​ more specifically, about Media Access Control (MAC) addresses .​
I​ think the​ main reason I’ve received so many questions about Ethernet cards and​ MAC addresses is​ people trying to​ secure their home wireless networks and​ their desire to​ use MAC address filtering .​
This type of​ filtering in​ wireless networks can be configured to​ allow or​ deny specific computers to​ use or​ attach to​ the​ wireless network, based on the​ MAC address.
My first thought was to​ write an​ article just about MAC addresses and​ wireless Ethernet .​
After thinking about it​ I​ decided to​ expand on this and​ go over some specific information about Ethernet cards and​ communication.
Different Ways of​ Finding Your MAC Address and​ More
--------------------------------------------------
There are several ways of​ finding your Ethernet and​ communications protocol information .​
Many Ethernet card manufacturer’s have proprietary software that can reveal this information but they work differently depending on the​ manufacturer .​
So we will use the​ Windows 2000 and​ XP ipconfig utility since this is​ available in​ the​ majority of​ Windows Operating Systems.
First, go to​ start -> run and​ type cmd without the​ quotes .​
Then hit the​ enter key .​
At the​ command line type ipconfig /all, again without the​ quotes .​
Actually, just typing ipconfig without the​ /all will work but will only provide you with abbreviated information regarding your network cards .​
An example of​ what you might see by typing the​ ipconfig /all command is​ below with each item commented in​ green lettering:
Fault Tolerant and​ Highly Availability Computer Systems
----------------------------
There are several ways of​ finding your Ethernet and​ communications protocol information .​
Many Ethernet card manufacturer’s have proprietary software that can reveal this information but they work differently depending on the​ manufacturer .​
So we will use the​ Windows 2000 and​ XP ipconfig utility since this is​ available in​ the​ majority of​ Windows Operating Systems.
First, go to​ start -> run and​ type cmd without the​ quotes .​
Then hit the​ enter key .​
At the​ command line type ipconfig /all, again without the​ quotes .​
Actually, just typing ipconfig without the​ /all will work but will only provide you with abbreviated information regarding your network cards .​
An example of​ what you might see by typing the​ ipconfig /all command is​ below:
OutPut of​ the​ Ipconfig /All Command
----------------------------------------------------------
Windows IP Configuration
Host Name .​
.​
.​
.​
.​
.​
.​
.​
.​
.​
.​
.​
: Home Computer
This is​ the​ name of​ your computer, typically defined during the​ windows installation .​
However, it​ can be changed after installation .​
Primary Dns Suffix .​
.​
.​
.​
.​
.​
.​
: domain.com
If your computer participates in​ a​ network such as​ a​ Microsoft Windows domain this item may contain the​ name of​ the​ domain .​
Node Type .​
.​
.​
.​
.​
.​
.​
.​
.​
.​
.​
.​
: Unknown
The Node Type may say Unknown, or​ peer-to-peer, or​ in​ some cases hybrid .​
It is​ a​ setting that has to​ do with the​ Windows Internet Naming Services used in​ certain types of​ Windows domain networks .​
IP Routing Enabled .​
.​
.​
.​
.​
.​
.​
.​
: No
This setting determines if​ Windows XP or​ 2000 will function as​ an​ IP router .​
If you have two or​ more network cards you can setup your system to​ act as​ a​ router, forwarding communications requests from one network to​ another .​
Windows 2000 can be configured to​ do this in​ a​ pretty straight forward fashion; Windows XP will need a​ registry modification .​
WINS Proxy Enabled .​
.​
.​
.​
.​
.​
.​
.​
: No
WINS Proxy is​ another setting that is​ related to​ the​ Node Type we discussed earlier .​
It is​ normally not a​ required setting in​ a​ home or​ small office network, or​ newer types of​ Microsoft Windows domains .​
Ethernet adapter Wireless Network Connection 2:
If you have multiple Ethernet (network) cards in​ your systems, as​ I​ do in​ this laptop, you will have multiple listings .​
This one happens to​ be the​ second Ethernet card, an​ internal wireless Ethernet card .​
Description .​
.​
.​
.​
.​
.​
.​
.​
.​
.​
.​
: Broadcom 802.11b/g WLAN
This is​ the​ description of​ the​ Ethernet card, usually the​ Name / Manufacturer and​ type of​ Ethernet card .​
In this case, it​ is​ a​ Broadcom wireless Ethernet card built into my laptop .​
Physical Address .​
.​
.​
.​
.​
.​
.​
.​
.​
: 00-90-4B-F1-6E-4A
And here we have the​ MAC address .​
The MAC address is​ a​ 48 bit hexadecimal code and​ is​ suppose to​ be a​ totally unique address .​
It is​ 48 bits because each number or​ letter in​ hexadecimal represents 8 bits .​
Hexadecimal numbers range from 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E, F .​
There are 6 alpha-numeric codes hence 6*8=48(bits) .​
The first 3 codes identify the​ manufacturer of​ the​ card and​ the​ remaining codes are used to​ create a​ unique number .​
Theoretically there should never be a​ card with same MAC address on a​ local network .​
However, there are a​ few exceptions .​
There are software tools that allow you to​ change this code .​
In fact, this is​ a​ step some hackers take to​ attack other systems on a​ local network .​
I​ say local network because MAC addresses are not routable between network segments .​
By spoofing this address, you can impersonate another machine on the​ local network .​
Traffic that was bound for​ the​ intended target can be redirected to​ the​ hacker’s machine .​
This is​ the​ address you would also use to​ populate a​ MAC address, or​ physical address table when setting up your wireless access point to​ support MAC address filtering .​
DHCP Enabled .​
.​
.​
.​
.​
.​
.​
.​
.​
.​
.​
: Yes
DHCP, or​ the​ Dynamic Host Control Protocol, if​ enabled means your computers IP address is​ being provided by a​ DHCP server on you network .​
The DHCP server could be your wireless access point, cable/dsl router, cable modem, or​ a​ server on your network .​
Also, if​ a​ DHCP server is​ not enabled on your network, your computers Operating System will auto generate a​ random IP address within a​ certain predefined range .​
This means you could network a​ group of​ systems together without having to​ manually assign the​ IP settings .​
IP Address .​
.​
.​
.​
.​
.​
.​
.​
.​
.​
.​
.​
: 192.168.0.117
This parameter provides you with your current IP address .​
The address listed above is​ what is​ called a​ private address .​
There are certain classes of​ IP addresses that have been set aside for​ private use .​
This means for​ your internal, local, or​ private network at​ home or​ office .​
These addresses are not, or​ should not, be routable on the​ Internet .​
The Internet routes what are called valid IP addresses .​
Your cable/dsl router or​ cable modem has a​ valid IP address assigned to​ its external network interface .​
The external interface may be your phone line or​ cable TV cable .​
Subnet Mask .​
.​
.​
.​
.​
.​
.​
.​
.​
.​
.​
: 255.255.255.0
The Subnet Mask is​ a​ special number, or​ in​ some sense, filter, that breaks down your IP address, in​ this case private IP address, into certain groups .​
IP addresses and​ Subnet Masks can be a​ complicated matter and​ would take an​ entire article to​ go over .​
Default Gateway .​
.​
.​
.​
.​
.​
.​
.​
.​
: 192.168.0.254
The default gateway, the​ IP addresses listed above, is​ the​ IP address of​ the​ device that will route your request, such as​ when you try to​ browse a​ website, to​ the​ Internet .​
It is​ a​ bit more complicated than that though as​ gateways or​ routers can route traffic to​ various different networks, even other private networks .​
At your home or​ small office, this gateway most likely is​ your cable/dsl modem or​ router .​
DHCP Server .​
.​
.​
.​
.​
.​
.​
.​
.​
.​
.​
: 192.168.0.49
The DHCP server, remember we talked a​ little about this above, is​ the​ device that assigns your computer an​ IP address and​ other information .​
DHCP servers can assign all kinds of​ information such as; Default Gateway, Domain Name Servers (DNS), IP address, Subnet Mask, Time Server, and​ much more .​
DNS Servers .​
.​
.​
.​
.​
.​
.​
.​
.​
.​
.​
: 192.168.0.49, 64.105.197.58
DNS Servers are internal or​ external servers that resolve Fully Qualified Domain Names (FQDN), such as​ www.defendingthenet.com , to​ IP addresses .​
This is​ done because computers don’t actually transmit your requests using the​ domain name, they use the​ IP address assigned to​ the​ FQDN .​
For most home or​ small office users, the​ primary DNS server is​ the​ IP address of​ your cable/dsl router .​
Your cable/dsl router than queries an​ external DNS server on the​ Internet to​ perform the​ actual resolution of​ the​ FQDN to​ IP address .​
The address 192.168.0.49 is​ an​ internal private device on my network whereas the​ 64.105.197.58 is​ an​ external public Internet DNS server and​ is​ present just in​ case my router has trouble performing the​ DNS resolution tasks .​
Lease Obtained .​
.​
.​
.​
.​
.​
.​
.​
.​
.​
: Sunday, March 19, 2018 6:38:16 PM
This information tells you when your computer received its IP address and​ other information from a​ DHCP server .​
You will notice it​ says Lease Obtained, that is​ because most DHCP servers only lease the​ IP address to​ you from a​ pool of​ available address .​
For instance, your pool may be 192.168.1.1 through 192.168.1.50 .​
So your DHCP server has 50 IP addresses to​ choose from when assigning your computer its IP address .​
Lease Expires .​
.​
.​
.​
.​
.​
.​
.​
.​
.​
: Wednesday, March 29, 2018 9:38:16 PM
When the​ IP address, assigned by the​ DHCP server, lease expires it​ will attempt to​ lease you the​ same or​ another IP address .​
This function can typically be changed on the​ DHCP server .​
For instance, on some fully functional DHCP servers, you can configure the​ Lease to​ never expire, or​ to​ expire within 1 day and​ so on .​
Why Are MAC Addresses So Important and​ How Do They Work
------------------------------------------------------
To jump back to​ MAC address for​ just a​ bit .​
You may think that IP addresses are the​ most important thing when it​ comes to​ network communication .​
The reality is, MAC addresses are very important because without them computers would not be able to​ communicate over Ethernet networks .​
When a​ computer wants to​ speak with another computer on a​ local network, it​ will make a​ broadcast request, or​ ask a​ question, of​ who owns a​ particular IP address .​
For instance, your computer may say Who is​ 192.168.0.254 .​
Using the​ information above, my default gateway is​ 192.168.0.254 and​ will answer I​ am 00-90-4B-F1-6E-4A 192.168.0.254 .​
It sends back its MAC address .​
That MAC address then goes into what is​ called a​ Address Resolution Protocol (ARP) table on your computer .​
You can see this information by going to​ the​ command prompt like you did above and​ typing arp –a .​
You will get information like the​ following:
Internet Address Physical Address Type
192.168.0.49 00-12-17-5c-a2-27 dynamic
192.168.0.109 00-12-17-5c-a2-27 dynamic
192.168.0.112 00-0c-76-93-94-b2 dynamic
192.168.0.254 00-0e-2e-2e-15-61 dynamic
How a​ Hacker Can Use MAC Addresses In An Attack
----------------------------------------------
You will notice the​ IP addresses and​ to​ the​ right of​ them the​ MAC addresses .​
Without this information, without the​ MAC address, you would not be reading this article right now .​
MAC addresses are not routable like IP addresses .​
They work on your local or​ private network .​
However, devices on the​ Internet perform the​ same tasks .​
Routers and​ switches maintain a​ list of​ their peer devices MAC address just like your computers and​ devices on your home or​ office network .​
I​ mentioned above that MAC addresses can be changed in​ order to​ redirect requests .​
For instance, if​ I​ were on your office network and​ you had an​ internal web server that took personal information as​ input, I​ could tell your computer to​ go to​ my laptop for​ the​ web site by broadcasting my MAC address tied to​ the​ real web servers IP address .​
I​ would do this when you computer asked Who is​ the​ Real Web Server .​
I​ could setup a​ fake web server that looks just like the​ real thing, and​ start collecting information the​ real web server would normally collect .​
You can see how dangerous this can be.
Conclusion
-----------
There are several other easy ways you can find your MAC address but they can be a​ little confusing if​ you have more than one internal network card .​
Most external USB, or​ PCMCIA wired and​ wireless Ethernet cards have their MAC address printed on them .​
In cases where the​ wired or​ wireless network card are inside your computer, such as​ in​ laptops, the​ MAC address is​ sometimes printed on the​ bottom of​ the​ laptop .​
Even Desktop systems cards that are inserted in​ PCI slots have the​ MAC address printed on the​ Ethernet card.
You may reprint or​ publish this article free of​ charge as​ long as​ the​ bylines are included .​

Original URL (The Web version of​ the​ article)
------------
www.defendingthenet.com/NewsLetters/FindingYourMACAddressOnWiredAndWirelessNetworkCards.htm
About the​ Author
----------------
Darren Miller is​ an​ Information Security Consultant with over seventeen years experience .​
He has written many technology & security articles, some of​ which have been published in​ nationally circulated magazines & periodicals .​
if​ you would like to​ contact Darren you can e-mail him at​ Darren.Miller@defendingthenet.com .​
If you would like to​ know more about computer security please visit us at​ www.defendingthenet.com.




Related Articles:




Powered by Blogger.