If you are connecting to the Internet through the campus network or community, you must have heard of the MAC address. What is a MAC address and what role does MAC address play in this LAN environment? Let’s introduce the knowledge of MAC addresses, the differences between MAC addresses and IP addresses, and the security issues involved in practical applications of MAC addresses.
1. Basic knowledge
Today's network is implemented in layers, just like building blocks, designing a specific function first.
Modules, and then put the modules together to form the entire network. Local area network is no exception. Generally speaking, we use the IEEE802 reference model on the network, which is divided from bottom to top: physical layer, media access control layer (MAC), and logical link control layer (LLC).
There are generally at least three methods to identify a computer in the network. The most commonly used are domain name address, IP address and MAC address, corresponding to the application layer, network layer, and physical layer respectively. Network management generally manages IP addresses at the network layer, but since the IP address of a computer can be set by the user, it is relatively difficult to manage, and the MAC address cannot be changed, so combining the IP address and the MAC address together becomes a common management method.
2. What is a MAC address
The MAC address is the address used on the media access layer, also called the physical address, hardware address or link address, which is written inside the hardware when produced by the network equipment manufacturer. The MAC address has nothing to do with the network, that is, no matter where the hardware (such as network cards, hubs, routers, etc.) with this address is connected to the network, there is a same MAC address, which is written by the manufacturer in the network card BIOS. The MAC address can be either 6 bytes (48 bits) or 2 bytes (16 bits). However, as the LAN becomes larger and larger, 6-byte MAC addresses are generally used. This 48 bit has its own meaning. The first 24 bits are the manufacturer's address applied to IEEE by the manufacturer that produces network cards. The current price is US$1,000 to buy an address block, and the last 24 bits are allocated by the manufacturer. This allocation makes any network card with a 48-bit MAC address uniquely identified. In addition, the 2-byte MAC address does not require the network card manufacturer to apply for.
The MAC address is usually represented as 12 hexadecimal numbers, separated by colons for each 2 hexadecimal numbers, such as: 08:00:20:0A:8C:6D is a MAC address, where the first 6 hexadecimal numbers 08:00:20 represent the number of the network hardware manufacturer, which is assigned by IEEE, and the next 3 hexadecimal numbers 0A:8C:6D represent the series number of a network product (such as a network card) manufactured by the manufacturer. Each network manufacturer must ensure that each Ethernet device it manufactures has the same first three bytes and a different last three bytes. This ensures that every Ethernet device in the world has a unique MAC address.
3. The difference between IP address and MAC address
IP addresses are logic-based, relatively flexible, not limited by hardware, and easy to remember. The MAC address is consistent with the hardware to a certain extent, and based on physics, it can identify the specificity. These two addresses have their own benefits, and different addresses are also adopted when used depending on the conditions.
4. Why use MAC address
This is determined by the networking method. The more popular way to access the Internet today (and the direction of future development) is to organize the hosts together through the local area network, and then connect to the Internet through the switch. This will lead to the problem of how to distinguish specific users and prevent theft. Since the IP is only logically identified and anyone can modify it at will, it cannot be used to identify users; while the MAC address is not the case, it is solidified in the network card. Theoretically speaking, unless the hardware (network card) is stolen, there is no way to impersonate it (note: it can actually be stolen, as will be introduced later).
Based on this feature of MAC address, the LAN adopts the method of using MAC addresses to identify specific users. Note: Specific implementation: The MAC address and IP address are one by one in the switch through the "table" method, which is called IP and MAC binding.
Specific communication method: During the reception process, when there is a packet sent to a host on the local LAN, the switch receives it, and then maps the IP address in the packet into a MAC address according to the corresponding relationship in the "table" and forwards it to the host of the corresponding MAC address. In this way, even if a host steals this IP address, since it does not have this MAC address, the packet will not be received. The sending process is similar to the receiving process, and will not be described due to space limitations.
In summary, it can be seen that only IP but no corresponding MAC address cannot access the Internet in such a LAN, so the problem of IP theft is solved.
5. How to get your own MAC address
The MAC address is solidified in the BIOS in the network card and can be obtained through the DOS command. Win9x users can use the winipcfg command, and Win2k/XP users can use the ipconfig/all command, where the 12-digit number represented in hexadecimal is the MAC address.
6. Security issues involved in MAC addresses
From the above introduction, we can see that this identification method is only based on the MAC address. If someone can change the MAC address, they can steal the IP and access the Internet for free. The current online method of stealing MAC addresses for community broadband is based on this idea. If you want to steal someone else's IP address, you must also know the corresponding MAC address in addition to the IP address. For example, to obtain the MAC address of a host in the LAN. For example, if you want to obtain the MAC address of the host named TARGET in the LAN, first use the PING command: PING TARGET, so that the destination address and MAC mapping records will be left in the cache of the ARP table on our host, and then query the ARP table through the ARP A command, so that the MAC address of the specified host is obtained. Finally, use the ARP-s IP network card MAC address and command to map the gateway's IP address and its MAC address.
If you want to get the MAC address in other network segments, you can use tool software to implement it. I think the tools that come with Windows Optimization Master are good. Click "System Performance Optimization" → "System Security Optimization" → "Additional Tools" → "Cluster Ping" to scan out the MAC address in batches and save it to a file.
Tips: ARP (Address Resolution Protocol) is an address resolution protocol, and ARP is a kind of
A protocol for converting IP addresses into physical addresses. There are two ways to map from IP addresses to physical addresses: tabular methods and non-table methods. ARP specifically refers to resolving the network layer (IP layer, which is equivalent to the third layer of OSI) address into the MAC address of the data connection layer (MAC layer, which is equivalent to the second layer of OSI). The ARP protocol obtains the MAC address through the IP address.
ARP principle: If a machine A wants to send a message to host B, it will query the local ARP cache table. After finding the MAC address corresponding to B's IP address, data transmission will be carried out. If not found, A broadcast A is broadcasted (carrying the IP address Ia of host A - physical address Pa), and requesting host B with IP address Ib to answer the physical address Pb. All hosts on the Internet, including B, receive ARP requests, but only host B recognizes its IP address, so it sends back an ARP response message to host A. It contains the MAC address of B. After A receives B's reply, it will update the local ARP cache. Then use this MAC address to send data (the MAC address is attached to the network card). Therefore, the ARP table in the local cache is the basis for local network circulation, and this cache is dynamic. ARP table: In order to recall the speed of communication, the recently commonly used MAC address and IP conversion does not rely on the switch to perform, but creates a local machine to record the commonly used host IP-MAC mapping table, that is, the ARP table.
7. How to modify your MAC address
The MAC address is solidified in the network card. The MAC address is unique. Is there no way to change it? No, we don’t need to modify the content of the EPROM at all, but can achieve the purpose of modifying the MAC address by just modifying the content of the storage unit. For example, in Windows, you can modify it through the registry.
Enter in the "Run" menu, open the registry editor, expand the registry to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318} subkey, search for DriverDesc in the branches such as 0000, 0001, 0002 under the subkey (if you have more than one network card, there is 0001, 0002... The information about your network card is saved here, and the content of DriverDesc is the information description of your network card. For example, my network card is Intel 21041 based Ethernet Controller), here, assume that your network card is 0000 subkey.
Add a string under the 0000 subkey, named "NetworkAddress". The key value is the modified MAC address and requires 12 consecutive hexadecimal numbers. Then create a new subkey named NetworkAddress in NDI\params under the "0000" subkey, and add a string named "default" under the subkey, and the key value is the modified MAC address.
Continue to create a string named "ParamDesc" under the subkey of NetworkAddress. Its function is to specify the description of NetworkAddress, and its value can be "MAC Address". In this way, open the "Properties" of the network neighbors in the future, double-click the corresponding network card and find that there is an "advanced" setting, which has the option of MAC Address, which is the new item NetworkAddress you added to the registry. In the future, just modify the MAC address here.
Close the registry and restart, your network card address has been changed. Open the properties of the network neighbors and double-click the corresponding network card item to find an advanced setting item of MAC Address, which is used to directly modify the MAC address.
Of course, you can also use tool software to modify the MAC address of the network card, such as MAC2001 software, which can achieve our goals.
8. How to solve the security problems caused by MAC addresses
We can bundle the IP address and the MAC address to solve this problem. Enter "MS-DOS mode" or "Command Prompt", enter the command: ARP -s 10.88.56.72 00-10-5C-AD-72-E3 to bundle the MAC address and IP address together. In this way, there will be no IP address stolen and the network cannot be used normally, which can effectively ensure the security of the cell network and the user's application.
Note: The ARP command is only useful for LAN Internet proxy servers, and is for static IP addresses. If Modem dial-up is used to access the Internet or dynamic IP addresses, it will not work.
However, simply binding IP and MAC addresses cannot completely solve the IP theft problem. As a network provider, they have the responsibility to solve these problems for users before handing them over to users, rather than leaving the security problems to users. Users should not be allowed to bear some unnecessary theft.
As a network supplier, the most common and most effective solution is to bind the port on the basis of IP and MAC binding, that is, IP-MAC-PORT is bound together. Port (PORT) refers to the port of the switch. This requires port timing management during wiring. When wiring, the junction box on the user's wall should be corresponding to the switch port one by one, and the registration should be done, and the MAC address handed over by the user should be filled in the corresponding switch port, and then bound with the IP to achieve the three bindings of IP-MAC-PORT. In this way, even if the thief has the MAC address corresponding to this IP, it cannot also have the port on the wall, so the thief is isolated from the physical channel.
I would like to know a little about MAC address through the above introduction! Remind everyone that what you learn should be applied and never use it to mock others!
1. Basic knowledge
Today's network is implemented in layers, just like building blocks, designing a specific function first.
Modules, and then put the modules together to form the entire network. Local area network is no exception. Generally speaking, we use the IEEE802 reference model on the network, which is divided from bottom to top: physical layer, media access control layer (MAC), and logical link control layer (LLC).
There are generally at least three methods to identify a computer in the network. The most commonly used are domain name address, IP address and MAC address, corresponding to the application layer, network layer, and physical layer respectively. Network management generally manages IP addresses at the network layer, but since the IP address of a computer can be set by the user, it is relatively difficult to manage, and the MAC address cannot be changed, so combining the IP address and the MAC address together becomes a common management method.
2. What is a MAC address
The MAC address is the address used on the media access layer, also called the physical address, hardware address or link address, which is written inside the hardware when produced by the network equipment manufacturer. The MAC address has nothing to do with the network, that is, no matter where the hardware (such as network cards, hubs, routers, etc.) with this address is connected to the network, there is a same MAC address, which is written by the manufacturer in the network card BIOS. The MAC address can be either 6 bytes (48 bits) or 2 bytes (16 bits). However, as the LAN becomes larger and larger, 6-byte MAC addresses are generally used. This 48 bit has its own meaning. The first 24 bits are the manufacturer's address applied to IEEE by the manufacturer that produces network cards. The current price is US$1,000 to buy an address block, and the last 24 bits are allocated by the manufacturer. This allocation makes any network card with a 48-bit MAC address uniquely identified. In addition, the 2-byte MAC address does not require the network card manufacturer to apply for.
The MAC address is usually represented as 12 hexadecimal numbers, separated by colons for each 2 hexadecimal numbers, such as: 08:00:20:0A:8C:6D is a MAC address, where the first 6 hexadecimal numbers 08:00:20 represent the number of the network hardware manufacturer, which is assigned by IEEE, and the next 3 hexadecimal numbers 0A:8C:6D represent the series number of a network product (such as a network card) manufactured by the manufacturer. Each network manufacturer must ensure that each Ethernet device it manufactures has the same first three bytes and a different last three bytes. This ensures that every Ethernet device in the world has a unique MAC address.
3. The difference between IP address and MAC address
IP addresses are logic-based, relatively flexible, not limited by hardware, and easy to remember. The MAC address is consistent with the hardware to a certain extent, and based on physics, it can identify the specificity. These two addresses have their own benefits, and different addresses are also adopted when used depending on the conditions.
4. Why use MAC address
This is determined by the networking method. The more popular way to access the Internet today (and the direction of future development) is to organize the hosts together through the local area network, and then connect to the Internet through the switch. This will lead to the problem of how to distinguish specific users and prevent theft. Since the IP is only logically identified and anyone can modify it at will, it cannot be used to identify users; while the MAC address is not the case, it is solidified in the network card. Theoretically speaking, unless the hardware (network card) is stolen, there is no way to impersonate it (note: it can actually be stolen, as will be introduced later).
Based on this feature of MAC address, the LAN adopts the method of using MAC addresses to identify specific users. Note: Specific implementation: The MAC address and IP address are one by one in the switch through the "table" method, which is called IP and MAC binding.
Specific communication method: During the reception process, when there is a packet sent to a host on the local LAN, the switch receives it, and then maps the IP address in the packet into a MAC address according to the corresponding relationship in the "table" and forwards it to the host of the corresponding MAC address. In this way, even if a host steals this IP address, since it does not have this MAC address, the packet will not be received. The sending process is similar to the receiving process, and will not be described due to space limitations.
In summary, it can be seen that only IP but no corresponding MAC address cannot access the Internet in such a LAN, so the problem of IP theft is solved.
5. How to get your own MAC address
The MAC address is solidified in the BIOS in the network card and can be obtained through the DOS command. Win9x users can use the winipcfg command, and Win2k/XP users can use the ipconfig/all command, where the 12-digit number represented in hexadecimal is the MAC address.
6. Security issues involved in MAC addresses
From the above introduction, we can see that this identification method is only based on the MAC address. If someone can change the MAC address, they can steal the IP and access the Internet for free. The current online method of stealing MAC addresses for community broadband is based on this idea. If you want to steal someone else's IP address, you must also know the corresponding MAC address in addition to the IP address. For example, to obtain the MAC address of a host in the LAN. For example, if you want to obtain the MAC address of the host named TARGET in the LAN, first use the PING command: PING TARGET, so that the destination address and MAC mapping records will be left in the cache of the ARP table on our host, and then query the ARP table through the ARP A command, so that the MAC address of the specified host is obtained. Finally, use the ARP-s IP network card MAC address and command to map the gateway's IP address and its MAC address.
If you want to get the MAC address in other network segments, you can use tool software to implement it. I think the tools that come with Windows Optimization Master are good. Click "System Performance Optimization" → "System Security Optimization" → "Additional Tools" → "Cluster Ping" to scan out the MAC address in batches and save it to a file.
Tips: ARP (Address Resolution Protocol) is an address resolution protocol, and ARP is a kind of
A protocol for converting IP addresses into physical addresses. There are two ways to map from IP addresses to physical addresses: tabular methods and non-table methods. ARP specifically refers to resolving the network layer (IP layer, which is equivalent to the third layer of OSI) address into the MAC address of the data connection layer (MAC layer, which is equivalent to the second layer of OSI). The ARP protocol obtains the MAC address through the IP address.
ARP principle: If a machine A wants to send a message to host B, it will query the local ARP cache table. After finding the MAC address corresponding to B's IP address, data transmission will be carried out. If not found, A broadcast A is broadcasted (carrying the IP address Ia of host A - physical address Pa), and requesting host B with IP address Ib to answer the physical address Pb. All hosts on the Internet, including B, receive ARP requests, but only host B recognizes its IP address, so it sends back an ARP response message to host A. It contains the MAC address of B. After A receives B's reply, it will update the local ARP cache. Then use this MAC address to send data (the MAC address is attached to the network card). Therefore, the ARP table in the local cache is the basis for local network circulation, and this cache is dynamic. ARP table: In order to recall the speed of communication, the recently commonly used MAC address and IP conversion does not rely on the switch to perform, but creates a local machine to record the commonly used host IP-MAC mapping table, that is, the ARP table.
7. How to modify your MAC address
The MAC address is solidified in the network card. The MAC address is unique. Is there no way to change it? No, we don’t need to modify the content of the EPROM at all, but can achieve the purpose of modifying the MAC address by just modifying the content of the storage unit. For example, in Windows, you can modify it through the registry.
Enter in the "Run" menu, open the registry editor, expand the registry to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318} subkey, search for DriverDesc in the branches such as 0000, 0001, 0002 under the subkey (if you have more than one network card, there is 0001, 0002... The information about your network card is saved here, and the content of DriverDesc is the information description of your network card. For example, my network card is Intel 21041 based Ethernet Controller), here, assume that your network card is 0000 subkey.
Add a string under the 0000 subkey, named "NetworkAddress". The key value is the modified MAC address and requires 12 consecutive hexadecimal numbers. Then create a new subkey named NetworkAddress in NDI\params under the "0000" subkey, and add a string named "default" under the subkey, and the key value is the modified MAC address.
Continue to create a string named "ParamDesc" under the subkey of NetworkAddress. Its function is to specify the description of NetworkAddress, and its value can be "MAC Address". In this way, open the "Properties" of the network neighbors in the future, double-click the corresponding network card and find that there is an "advanced" setting, which has the option of MAC Address, which is the new item NetworkAddress you added to the registry. In the future, just modify the MAC address here.
Close the registry and restart, your network card address has been changed. Open the properties of the network neighbors and double-click the corresponding network card item to find an advanced setting item of MAC Address, which is used to directly modify the MAC address.
Of course, you can also use tool software to modify the MAC address of the network card, such as MAC2001 software, which can achieve our goals.
8. How to solve the security problems caused by MAC addresses
We can bundle the IP address and the MAC address to solve this problem. Enter "MS-DOS mode" or "Command Prompt", enter the command: ARP -s 10.88.56.72 00-10-5C-AD-72-E3 to bundle the MAC address and IP address together. In this way, there will be no IP address stolen and the network cannot be used normally, which can effectively ensure the security of the cell network and the user's application.
Note: The ARP command is only useful for LAN Internet proxy servers, and is for static IP addresses. If Modem dial-up is used to access the Internet or dynamic IP addresses, it will not work.
However, simply binding IP and MAC addresses cannot completely solve the IP theft problem. As a network provider, they have the responsibility to solve these problems for users before handing them over to users, rather than leaving the security problems to users. Users should not be allowed to bear some unnecessary theft.
As a network supplier, the most common and most effective solution is to bind the port on the basis of IP and MAC binding, that is, IP-MAC-PORT is bound together. Port (PORT) refers to the port of the switch. This requires port timing management during wiring. When wiring, the junction box on the user's wall should be corresponding to the switch port one by one, and the registration should be done, and the MAC address handed over by the user should be filled in the corresponding switch port, and then bound with the IP to achieve the three bindings of IP-MAC-PORT. In this way, even if the thief has the MAC address corresponding to this IP, it cannot also have the port on the wall, so the thief is isolated from the physical channel.
I would like to know a little about MAC address through the above introduction! Remind everyone that what you learn should be applied and never use it to mock others!