[sllug-members]: mac address

Eric Swenson eric at sci.utah.edu
Sat Jul 15 09:53:05 MDT 2006 

Additionally, router always strip off the MAC address of 
incoming ethernet frames (de-encapsulation) and slap on 
their own MAC address for the outgoing interface 
(re-encapsulation) when they send it out.  Ethernet 
wouldn't work otherwise.  In fact, because of this, you 
can have duplicate MAC addresses as long as they're in 
separate segments - i.e., separated by at least one 
router.

Of course, Qwest used to use bridging mode instead of 
routing mode on their DSL links, which was slightly faster 
but would allow them to see all of your MAC addresses.

Cheers,
Eric

On Sat, 15 Jul 2006 07:33:32 -0600
  "brian Beck" <brian at planetbeck.com> wrote:
> ok, thanks, I learned somthing new.
> 
> Brian
> 
> On 7/15/06, Shaun Kruger <shaun.kruger at gmail.com> wrote:
>>
>> On 7/14/06, brian Beck <brian at planetbeck.com > wrote:
>> > on a discussion on another board, the subject of a isp 
>>knowing the mac
>> > address of computers behind a firewall came up, It was 
>>my understanding
>> that
>> > the ISP can find out the mac address of computers 
>>behind a
>> firewall/router,
>> > is it possible or am I misunderstanding the tcp/ip 
>>protocols?
>>
>> You can't find out the mac of a computer that is on the 
>>other side of
>> a router.  When you have a gateway doing NAT the 
>>internal addresses
>> (192.168.x.x) are not visible from the outside world. 
>> The mac address
>> is just the physical hardware address that becomes 
>>associated with a
>> particular ip address.  You can see this mapping by 
>>doing arp -a in
>> windows or cat /proc/net/arp in linux.  Ethernet frames 
>>know nothing
>> of IP addressing.  When you send data over ethernet II 
>>it has a 6 byte
>> destination mac, a 6 byte source mac (I forget order), 
>>and a 2 byte
>> protocol type identifier (original ethernet used this 2 
>>bytes as a
>> packet length identifier).  The destination mac lets a 
>>machine know it
>> is supposed to receive or ignore the frame.  It then 
>>checks to see if
>> it has a handler for the protocol type ID.
>>
>> If you wanted to find out what machine on an internal 
>>network accessed
>> a certian site a gateway would have to remember all the 
>>external
>> addresses that were connected to and what internal 
>>addresses requested
>> each connection.  It would also have to log the mac 
>>address of the
>> internal address for each connection (DHCP can assign 
>>the same address
>> to a new machine with a different mac).
>>
>> It's not impossible, it's just that no one is doing it.
>>
>> Shaun
>>
>> > I.E. a person uses a wireless card to access your 
>>wireless lan to lookup
>> > porn can the isp tell which computer did the 
>>lookup/protection from
>> > prosecution
>>
>>
>>
>> --
>> Visit my blog at http://hackerlog.blogspot.com
>> =====================================================
>> If more of us valued food and cheer and song above 
>>hoarded gold, it would
>> be a merrier world.
>>                 -- J.R.R. Tolkien
>> ______________________________________________________________________
>> See http://www.sllug.org/ for latest SLLUG news, 
>>information, links.
>> Join SLLUG and other UT LUG members on irc.FreeNode.net 
>>channel #Utah
>> sllug-members at sllug.org
>> http://www.sllug.org/cgi-bin/mailman/listinfo/sllug-members
>>

More information about the sllug-members mailing list