MAC address, also known as physical address, hardware address or link address, is written into hardware by network equipment manufacturers during production. In a computer, both IP address and MAC address are represented in binary. The IP address is 32 bits and the MAC address is 48 bits. The length of MAC address is 48 bits (6 bytes), which is usually expressed as 12 hexadecimal digits. Every two hexadecimal digits of 16 are separated by colons. For example, 08:00:20:0A:8C:6D is a MAC address, where the first 6 digits are 16 hexadecimal digits. Designated by IEEE (Institute of Electrical and Electronics Engineers), the last three digits of the hexadecimal number of 16 represent the serial number of a network product (such as a network card) manufactured by the manufacturer. As long as you don't change your MAC address, then your MAC address is unique in the world.
Function of MAC address
The IP address is like a position, and the MAC address seems to be the person who applies for this position. There is room for both a and B. Similarly, the ip address of a node does not need a network card, and basically any vendor can use it, that is, there is no binding relationship between the IP address and the MAC address. Some computers are more mobile, just as the same person can work in different units, so are talents. The correspondence between position and talent is a bit like the correspondence between IP address and MAC address. For example, if the network card is broken, it can be replaced without obtaining a new IP address. If an IP host moves from one network to another, it can get a new IP address without a new network card. Of course, this function of MAC address is not enough. Let's make an analogy between human society and the internet. Through analogy, we can find similarities and better understand the function of MAC address.
The communication between computers in both local area network and wide area network is ultimately manifested in some form of link from the initial node, from one node to another node and finally to the destination node. The movement of data packets between these nodes is accomplished by mapping IP addresses to MAC addresses through ARP (Address Resolution Protocol). In fact, human society and the Internet are similar. Imagine, in the interpersonal network, A wants to take a message to Ding, through B and C, and finally C tells Ding. In the network, this message is like a data packet in the network. In the process of data packet transmission, the MAC addresses of neighboring nodes will be constantly asked, which is just like the message transmission process of human society. I believe that through these two examples, we can further understand the function of MAC address.
Commands and software related to MAC addresses
In human communication, we often only know a person's name, but the ID number will be ignored in general interpersonal communication. Similarly, in the network, we often only know the IP address of colleagues or netizens, and don't care too much about each other's MAC address. When you grow up to be a network expert, you can know each other's MAC address in some ways. Here are two commonly used methods, WinIPcfg in Windows 9x and IPconfig- in Windows 2000/XP.
You can only get a single MAC address by using the command, which is also very troublesome to use. For the network administrator, we hope to have a software to simplify the operation, and we can use the "MAC scanner" to obtain MAC addresses remotely in batches. It is a network management software, which is used to obtain the physical addresses of remote computer network cards in batches. The software runs on a machine in the network (LAN or Internet), which can monitor the connection of the whole network, detect the IP, MAC, host name and user name of each user in real time and record them for query, and users can make comments by themselves. It can scan across network segments, compare it with IP and MAC addresses in the database, and report to the police if there is any IP modification or false MAC address.
Change MAC address
In general, the MAC address in the network card is fixed. Of course, some network experts will try their best to modify their MAC addresses. There are two ways to modify your MAC address, one is hardware modification and the other is software modification.
The hardware method is to directly operate the network card and modify the MAC address stored in the EPROM of the network card. The address in the memory can be changed by a modification program provided by the network card manufacturer. So what is EPROM? EPROM is a technical term for a memory in electronics. It is erasable, that is, a blank piece of paper can't be erased after you write it with a pen, while EPROM can be erased after you write it with a pencil, and the memory where the data is located can be changed repeatedly.
Of course, the method of software modification is much simpler. In Windows, the MAC of the network card is stored in the registry, and the actual use is also extracted from the registry, so the MAC can be changed by modifying the registry. Modify in Windows 9x: Open the Registry Editor and click HKEY _ Local _ Machine \ System \ Current Control Set \
0000,00010002 in service \ category \ network \
Modification in Windows 2000/XP: Open the Registry Editor at the same time, HKEY _ Local _ Machine \ System \ Current Control Set \ Controls \
Class \ 4d36e970-E325-11ce-bfc1-08002be10002, if it is 0000.
Just restart after completing the above operations. Generally, the source MAC address of the packet sent by the network card is not written by the network card itself, but provided by the application. But in the usual implementation, the application first obtains the MAC address from the network card, and uses this MAC as the source MAC every time it is sent. The MAC address in the registry is read from the network card when installing Windows. As long as your operating system is not reinstalled, there should be no problem.
Application of MAC address
On weekdays, the role of ID card is not great, but at some critical moments, ID card is used to prove your identity. For example, if you want to withdraw cash from the bank, you need an ID card. Then the binding of MAC address and IP address is just like carrying ID card to do important things in our daily life. Sometimes, in order to prevent the IP address from being stolen, we can prevent the modified MAC address from being stolen through simple switch port binding (the MAC table of the port uses static entries) when only one host is connected to each switch port. If it is a three-layer device, we can also provide the binding of switch port /IP/MAC to prevent IP theft of modified MAC. Generally, bound MAC addresses are configured on switches and routers, and only network administrators can access them. For ordinary computer users, it is enough to understand the role of binding. For example, if you change your laptop to another dormitory in the campus network, you can't surf the Internet, which is caused by the binding of MAC address and IP address (port).
Security issues involved in MAC address
As can be seen from the above introduction, this identification method is only based on MAC address. If someone can change the MAC address, they can steal IP and surf the Internet for free. At present, the online free access method of stealing MAC address in residential broadband is based on this idea. If you want to steal someone else's IP address, you should know the corresponding MAC address in addition to the IP address. For example, to obtain the MAC address of a host in the LAN, for example, to obtain the MAC address of a host named TARGET in the LAN, first use the PING command: PING TARGET, so that a record of the target address and MAC mapping will be left in the cache of the ARP table above our host, and then query the ARP table through the ARP A command to obtain the MAC address of the specified host. Finally, the MAC address of the ARP -s IP network card is used to command the mapping of the IP address of the gateway with its MAC address.
If you want to get the MAC address of other network segments, you can use tool software to achieve it. I think the tools brought by the Windows optimizer are good. Click System Performance Optimization → System Security Optimization → Additional Tools → Cluster Ping to scan out MAC addresses in batches and save them in a file.
Tips: ARP (Address Resolution Protocol) is an address resolution protocol, and ARP is a protocol for converting IP addresses into physical addresses. There are two ways to map IP addresses to physical addresses: list and non-list. Specifically, ARP is to resolve the address of the network layer (IP layer, equivalent to the third layer of OSI) into the MAC address of the data connection layer (MAC layer, equivalent to the second layer of OSI). ARP protocol obtains MAC address through IP address.
ARP principle: When a machine A wants to send a message to the host B, it will query the local ARP cache table to find the MAC address corresponding to B's IP address, and then it will transmit data. If it is not found, broadcast an ARP request message of A (carrying the IP address IA- physical address Pa of host A), and request host B with IP address Ib to reply to the physical address Pb. All hosts (including B) on the Internet have received ARP requests, but only host B can recognize its IP address, so it sends back an ARP response message to host A ... which contains B's MAC address. After A receives B's reply, it will update the local ARP cache. Then use this MAC address to send data (MAC address is attached to the network card). Therefore, this ARP table of local cache is the basis of local network circulation, and this cache is dynamic. ARP table: In order to recall the communication speed, the recent conversion of commonly used MAC addresses and IP does not depend on the switch, but an ARP table is established in this machine to record the IP-MAC mapping of commonly used hosts.
How to solve the security problems caused by MAC address
We can solve this problem by binding IP address and MAC address. Enter "MS-DOS mode" or "command prompt", and enter the command at the command prompt: ARP-s10.88.56.7200-10-5c-ad-72-E3, and the MAC address and IP address can be bound together. In this way, the IP address will not be stolen and the network will not be used normally, which can effectively ensure the security of the community network and the application of users.
Note: ARP command is only useful for Internet proxy server of LAN, and it is aimed at static IP address. If the modem is used for dial-up Internet access or dynamic IP address, it will not work.
But simply binding IP and MAC addresses can't completely solve the problem of IP theft. As network providers, they have the responsibility to solve these problems for users first, and then give them to users, instead of giving them security problems to solve. Users should not be allowed to bear some unnecessary misappropriation losses.
As a network provider, the most common and effective solution is to bind IP and MAC together, and then bind the ports together, that is, IP-MAC-port, which refers to the ports of the switch. Therefore, port timing management should be done well when wiring. When wiring, the junction box on the user's wall should correspond to the ports of the switch one by one, do a good job of registration, then fill in the MAC address handed in by the user in the corresponding port of the switch, and then bind with IP to realize the binding of IP-MAC-port. In this way, even if the thief has the MAC address corresponding to this IP, he can't have the port on the wall at the same time, so the thief is isolated from the physical channel.