Homework Question

Not all ISPs work with MAC addresses in the Netherlands the local cable does and the modem's MAC addy is then "registered", a manual process.. this is performed when one logs in for the very first time. The ISP can see the mac address from one's modem, when it's online, in this example and if the modem is changed, then the new MAC address from the modem would need to be registered. This is not the case everywhere..and my ISP (ADSL) works with a different system where the connection belongs to the IP address. I know you know all this and I think you already know the answer too :) In my case it would be possible for my ISP to see all the MAC addresses of all the connected hardware as I do have specific MAC addresses registered by my ISP, belonging to the hardware on different LAN connections; for routing and network security reasons.
 
I can't think of any reason for you wanting this information, this information is only used at the arp address level of the TCP/IP subsystem.

The answer is yes you can obtain that information from wherever you happen to be, however there are some possible conditions that mean the information you'd get would be wrong. The primary one of which is a TCP/IP option called proxy-arp, this allows a device to advertise it's self at the arp address level as being the route to forward packets for the specified MAC address to/through. This is what clusters use if they need the cluster nodes to share the MAC address The other one that could make it meaningless is if the IP address is being round robbined between several different devices with different MAC addresses.

Because the MAC address is only used at the arp address level (that's within a segment) it is of no value to anyone outside of the segment, however every packet that a device generates will contain it's MAC address, assuming that it isn't using a local MAC addressing scheme (that's where the TCP/IP stack writes a user defined MAC address into every packet (that's what is used to make it possible for all of the network cards in one device to share the same MAC address(generally only used in big enterprise stuff where the device can be accessed over multiple routes)) and assuming that the packet doesn't undergo some serious packet mangling as it passes through another device on it's route to you, and assuming that the packet isn't a broadcast or multicast packet, they use the MAC address FF:FF:FF:FF:FF:FF and are not supposed to be routeable.

The information you want could only really be of any use for an arp poisoning attack and to use that you'd have to have access to the arp address level inside the segment, as you are very unlikely to have that level of access to any remote device the information is useless even if you can get it.

The only other reason that I can think of for obtaining this information is to allow MAC filtering to be bypassed on a wireless router... and if you wanted it for use on a router that you will be close enough to be able to use it on at some point in the future then you'd be quicker to sniff the wireless packets and take it from them... after you break the encryption of course.

Of course with me being on ignore you'll not be able to read any of this :lol:
 
manicgeek said:
I can't think of any reason for you wanting this information, this information is only used at the arp address level of the TCP/IP subsystem.

The answer is yes you can obtain that information from wherever you happen to be, however there are some possible conditions that mean the information you'd get would be wrong. The primary one of which is a TCP/IP option called proxy-arp, this allows a device to advertise it's self at the arp address level as being the route to forward packets for the specified MAC address to/through. This is what clusters use if they need the cluster nodes to share the MAC address The other one that could make it meaningless is if the IP address is being round robbined between several different devices with different MAC addresses.

Because the MAC address is only used at the arp address level (that's within a segment) it is of no value to anyone outside of the segment, however every packet that a device generates will contain it's MAC address, assuming that it isn't using a local MAC addressing scheme (that's where the TCP/IP stack writes a user defined MAC address into every packet (that's what is used to make it possible for all of the network cards in one device to share the same MAC address(generally only used in big enterprise stuff where the device can be accessed over multiple routes)) and assuming that the packet doesn't undergo some serious packet mangling as it passes through another device on it's route to you, and assuming that the packet isn't a broadcast or multicast packet, they use the MAC address FF:FF:FF:FF:FF:FF and are not supposed to be routeable.

The information you want could only really be of any use for an arp poisoning attack and to use that you'd have to have access to the arp address level inside the segment, as you are very unlikely to have that level of access to any remote device the information is useless even if you can get it.

The only other reason that I can think of for obtaining this information is to allow MAC filtering to be bypassed on a wireless router... and if you wanted it for use on a router that you will be close enough to be able to use it on at some point in the future then you'd be quicker to sniff the wireless packets and take it from them... after you break the encryption of course.

Of course with me being on ignore you'll not be able to read any of this :lol:
Click to expand...

sorted
 
Back
Top