First Know The Mac Address:
The MAC address is used by the Media Access Control sublayer of the Data-Link Layer (DLC) of telecommunication protocols. There is a different MAC sublayer for each physical device type. The other sublayer level in the DLC layer is the Logical Link Control sublayer.
On networks that do not conform to the IEEE 802 standards but do conform to the OSI Reference Model, the node address is called the Data Link Control (DLC) address.
HOW TO FIND A MAC ADDRESS IN WINDOWS OS:
TO DISPLAY YOUR MAC ADDRESS ON A WINDOWS NT/2000/2003/XP/VISA COMPUTER:
- Click START
- Go to ACCESSORIES
- Select Command Prompt
- Type: (no quotes) "ipconfig /all"
IN THE "IPCONFIG /ALL" RESULTS LOOK FOR THE ADAPTER YOU WANT TO FIND THE MAC ADDRESS OF. THE MAC ADDRESS IS THE NUMBER LOCATED NEXT TO "PHYSICAL ADDRESS" IN THE LIST.
DETERMINE MAC ADDRESS (MEDIA ACCESS CONTROL ADDRESS) IN CISCO IOS:
In Windows, you can find out your MAC address using the ipconfig /all command. Listing A offers an example.
In the command's output, you can find the MAC address under the Physical Address listing. You can find out similar information from the switch this PC connects to using the show mac-address-table command. Here's an example:
Switch# show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0014.1c40.b080 STATIC CPU
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0100.0cdd.dddd STATIC CPU
1 000f.1fd3.d85a DYNAMIC Fa0/14
ON A CISCO ROUTER, YOU CAN FIND OUT WHICH MAC ADDRESSES YOUR INTERFACES USE WITH THE SHOW INTERFACES COMMAND. HERE'S AN EXAMPLE:
RouterB# show interfaces
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 0003.e39b.9220 (bia 0003.e39b.9220)
Internet address is 1.1.1.1/8
On the second line of each interface, you'll see the hardware address line with the BIA (burned in address). In this case, the hardware address is 0003.e39b.9220
In Cisco Each Ethernet interface on a Cisco router has its own Ethernet MAC address. Special devices such as routers and switches have a number of special built-in addresses such as the four displayed above in the show mac-address-table output; these are the lines with the STATIC type listed.
CHANGE MY MAC ADDRESS:
Changing your MAC address from the default is what we call MAC spoofing. This term has a negative connotation because its more popular uses are for improper activities, particularly wireless network hacking. However, MAC spoofing does have legitimate uses, such as testing MAC filtering.
To change your MAC address on a Cisco router, use the mac-address command while in Interface Configuration Mode. Just use the command with the new MAC address—it's that simple. Here's an example:
RouterB# conf t
Enter configuration commands, one per line. End with CNTL/Z.
RouterB(config)# int e0/0
RouterB(config-if)# mac-address 0000.0000.0001
RouterB(config-if)#^Z
RouterB#
RouterB# show int e0/0
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 0000.0000.0001 (bia 0003.e39b.9220)
Internet address is 1.1.1.1/8
After changing the MAC address, you can view the new one using the show interfacecommand.
FILTER TRAFFIC BASED ON MAC ADDRESS:
Let's say that, through a protocol analyzer, you find a device sending unwanted traffic on your network. It looks like this device is multi-homed—that is, it's sending traffic from multiple IP addresses.
You could find the switch port it's on using the show mac-address-table command and perform a shutdown on the port. But what if it connects to a hub with other devices or comes from some network not under your control?
Another option is to filter the traffic on the router or switch using a MAC address filter. Here's an example.
Cat3750Switch(config)# mac access-list ext filtermac
Cat3750Switch(config-ext-macl)# deny host 0000.0000.0001 any
Cat3750Switch(config-ext-macl)# permit any any
Cat3750Switch(config-ext-macl)# exit
Cat3750Switch(config)# int g1/0/40
Cat3750Switch(config-if)# mac access-group filtermac in
In this example—using a Cisco Catalyst 3750 Gigabit Ethernet switch—we created an extended named MAC address access control list called filtermac.
This ACL denies all traffic with a source MAC address of 0000.0000.0001 and permits all other traffic. We then applied this MAC address ACL to Gigabit Ethernet interface 1/0/40, which prevents traffic from entering that port from any device with that MAC address, no matter what the IP address.
Keep in mind that filtering by MAC addresses is not a security measure—someone can easily change the MAC address in your operating system.
While you're probably familiar with Ethernet MAC addresses, how much do you know about working with them in the Cisco IOS? In this edition of Cisco Routers and Switches, David Davis tells you how to determine the MAC address, change it, and use it to filter traffic.
MAC spoofing - Change My MAC Address - Understanding Ethernet MAC Addresses:-
Chances are good that most of you know what an Ethernet MAC address is. But what you might not know is what you can do with MAC addresses in the Cisco IOS.
An Ethernet MAC address uniquely identifies every Ethernet device in the world. Each vendor that creates network devices (e.g., Ethernet NICs, wireless devices, routers, and switches) preprograms these addresses into their devices.
A MAC address can go by other names, including physical address (in Windows), Ethernet address, and hardware address. Whatever you call it, this address is a 12-character hexadecimal string. Here are some examples:
* 1234.5678.90ab
* 12-34-56-78-90-ab
* 12.34.56.78.90.ab
Determine your MAC address
In Windows, you can find out your MAC address using the ipconfig /all command. Listing A offers an example.
In the command's output, you can find the MAC address under the Physical Address listing. You can find out similar information from the switch this PC connects to using the show mac-address-table command. Here's an example:
Switch# show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0014.1c40.b080 STATIC CPU
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0100.0cdd.dddd STATIC CPU
1 000f.1fd3.d85a DYNAMIC Fa0/14
On a Cisco router, you can find out which MAC addresses your interfaces use with the show interfaces command. Here's an example:
RouterB# show interfaces
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 0003.e39b.9220 (bia 0003.e39b.9220)
Internet address is 1.1.1.1/8
On the second line of each interface, you'll see the hardware address line with the BIA (burned in address). In this case, the hardware address is 0003.e39b.9220.
Each Ethernet interface on a Cisco router has its own Ethernet MAC address. Special devices such as routers and switches have a number of special built-in addresses such as the four displayed above in the show mac-address-table output; these are the lines with the STATIC type listed.
Change my MAC address
Changing your MAC address from the default is what we call MAC spoofing.
( Media Access Control (MAC) Address Spoofing:-
Media Access Control (MAC) spoofing attacks involve the use of a known MAC address of another host to attempt to make the target switch forward frames destined for the remote host to the network attacker. When a single frame is sent with the source Ethernet address of the other host, the network attacker overwrites the CAM table entry so that the switch forwards packets destined for the host to the network attacker. Until the host sends traffic, it does not receive any traffic. When the host sends out traffic, the CAM table entry is rewritten once more so that it moves back to the original port.
Use the port security feature to mitigate MAC spoofing attacks. Port security provides the capability to specify the MAC address of the system connected to a particular port. This also provides the ability to specify an action to take if a port security violation occurs.)
This term has a negative connotation because its more popular uses are for improper activities, particularly wireless network hacking. However, MAC spoofing does have legitimate uses, such as testing MAC filtering.
To change your MAC address on a Cisco router, use the mac-address command while in Interface Configuration Mode. Just use the command with the new MAC address—it's that simple. Here's an example:
RouterB# conf t
Enter configuration commands, one per line. End with CNTL/Z.
RouterB(config)# int e0/0
RouterB(config-if)# mac-address 0000.0000.0001
RouterB(config-if)#^Z
RouterB#
RouterB# show int e0/0
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 0000.0000.0001 (bia 0003.e39b.9220)
Internet address is 1.1.1.1/8
After changing the MAC address, you can view the new one using the show interfacecommand.
Filter traffic based on MAC address
Let's say that, through a protocol analyzer, you find a device sending unwanted traffic on your network. It looks like this device is multi-homed—that is, it's sending traffic from multiple IP addresses.
You could find the switch port it's on using the show mac-address-table command and perform a shutdown on the port. But what if it connects to a hub with other devices or comes from some network not under your control?
Another option is to filter the traffic on the router or switch using a MAC address filter. Here's an example.
Cat3750Switch(config)# mac access-list ext filtermac
Cat3750Switch(config-ext-macl)# deny host 0000.0000.0001 any
Cat3750Switch(config-ext-macl)# permit any any
Cat3750Switch(config-ext-macl)# exit
Cat3750Switch(config)# int g1/0/40
Cat3750Switch(config-if)# mac access-group filtermac in
In this example—using a Cisco Catalyst 3750 Gigabit Ethernet switch—we created an extended named MAC address access control list called filtermac. This ACL denies all traffic with a source MAC address of 0000.0000.0001 and permits all other traffic. We then applied this MAC address ACL to Gigabit Ethernet interface 1/0/40, which prevents traffic from entering that port from any device with that MAC address, no matter what the IP address.
Keep in mind that filtering by MAC addresses is not a security measure—someone can easily change the MAC address in your operating system.
This Article Written Author By: Premakumar Thevathasan. CCNA, CCNP, CCIP, MCSA, MCSE, MCSA - MSG, CIW Security Analyst, CompTIA Certified A+.
1 comment:
This is very excellent way of teaching every one can be easy to understand this Article.
Post a Comment