A Media Access Control address or MAC address is a unique code assigned to every piece of hardware that connects to the Internet. Internet capable phones, Network Interface Cards for desktop or notebook computers, Wireless Access Cards, and even some memory cards are among the devices that are assigned MAC addresses.
When a manufacturer creates a network capable piece of hardware they will assign the MAC address which will usually begin with a code that is tied to the manufacturer. The code will be unique to every device, even two devices of the same type.
A device’s MAC address is composed of six pairs of hexadecimal numbers. The numbers are separated by colons as in the following example:
A hacker can easily find out the authorized MAC address, change their network card’s MAC address to the authorized ones and poison the ARP cache to prevent the owner’s machine from connecting to it. Here’s an example of Belkin Play Max F7D4401 v1 router. MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device. The MAC address that is hard-coded on a network interface controller (NIC) cannot be changed. However, many drivers allow the MAC address to be changed. Additionally, there are tools which can make an operating system believe that the NIC has the MAC. Feb 08, 2018 It can randomize the MAC address each time it’s run. If you’re concerned about tracking, this is the app for you. If all you want is a simple way to change the address, Mac MACSpoof does this. MAC addresses are primarily assigned by device manufacturers, and are therefore often referred to as the burned-in address, or as an Ethernet hardware address, hardware address, or physical address. Each address can be stored in hardware, such as the card's read-only memory, or by a firmware mechanism.
6E:51:F5:c1:11:00
MAC addresses are used at the data link layer of the OSI hardware model to allow packets to be passed directly between devices on a network. This helps to ensure that the data is sent to a physical device before being decoded and/or manipulated by a device.
A MAC address is similar to an IP address that the device also receives in that it ensures each device is unique and allows data to be passed among hardware devices. An IP address allows two devices to communicate across a LAN or network environment — normally IP addresses should also be unique and will allow the exchange of data.
Once assigned, the MAC address is used to ensure that each device connected to the LAN or other network is unique. With the recent advances in wireless networking technology, the address from a wireless card can be entered into the configuration pages for a network’s wireless router. From there the router can either allow or deny the device to connect based on its MAC address. This can provide additional security for the network.
Many people who use network connected devices will not ever need the MAC address to use the device. Some service providers will require the address of a device to be registered with them to ensure those who are paying for or are subscribed to the service are the only users who can connect. If this is the case, the MAC address can typically be found on a sticker on the device. If the device is portable, it may be printed inside the battery compartment.
9 March 2015 Network Traffic Monitoring,NetFort Blog
How To Find Mac Address
Associating Internet activity with MAC addresses
Tracking web activity is nothing new. For many years IT managers have tried to get some sort of visibility at the network edge so that they can see what is happening. One of the main drivers for this is the need to keep the network secure. As Internet usage is constantly growing, malicious, phishing, scamming and fraudulent sites are also evolving.
While some firewalls and proxy servers include reporting capabilities, most are not up to the job. These systems were designed to block or control access and reporting was just added on at a later date. Server log files do not always have the answer either. They are meant to provide server administrators with data about the behaviour of the server, not what users are doing on the Internet.
Some vendors are pitching flow type (NetFlow, IPFIX, etc…) tools to address the problem. The idea is that you get flow records from the edge of your network so you can see what IP address is connecting to what. However, as with server logs, NetFlow isn’t a web usage tracker. The main reason for this is that it does not look at HTTP headers where a lot of the important information is stored.
Use the deep packet inspection engine of LANGuardian to report on network activity by MAC, IP address or Username. Real time and historical reports available.
Mac Address Changer
One of the best data sources for web tracking is packet capture. You can enable packet capturing with SPANmirror ports, packet brokers, TAPs or by using promiscuous mode on virtual platforms. The trick is to pull the relevant information and discard the rest so you don’t end up storing massive packet captures.
What Can Mac Address Be Used For Windows
Relevant information includes things like MAC address, source IP, destination IP, time, website, URI and username. You only see the big picture when you have all of these variables in front of you.
Why track Internet activity?
- Root out the source of Ransomware and other security threats. Track it down to specific users, IP addresses or MAC addresses
- Maintain logs so that you can respond to third party requests. Finding the source of Bittorrent use would be a common requirement on open networks.
- Find out why your Internet connection is slow. Employees watching HD movies is a frequent cause.
- Out-of-band network forensics for troubleshooting or identifying odd network traffic.
Customer Use Case
End user is a very large airport in EMEA. Basic requirements and use case is tracking web activity, keeping a historical record of it for a period of one year, and because most of the users are just passing through (thousands of wireless users every hour!) the only way to uniquely identify each user or device is by MAC address.
What Is An Mac Address
Luckily for us, because the LANGuardian HTTP decoder captures and analyses wire data off a SPAN or mirror port it can easily track proxy or non-proxy traffic by IP or MAC address. The customer can also drill down to URI level when they need to investigate an incident. For them LANGuardian is an ideal solution for tracking BYOD activity as there are no modifications to the network and no agents, clients or logs required.
The MAC address variable is an important one when it comes to tracking devices on your network. Most networks use DHCP servers so you cannot rely on tracking activity based on IP addresses only. MAC addresses are unique per device so they will give you a reliable audit trail as to what is happening on your network.
Do you track web actvity on your network? If so, what data sources do you use? Comments welcome.
![Used Used](/uploads/1/1/8/9/118943530/320337478.jpg)
Darragh Delaney