Description of MAC address format

To make the frames sent by a network adapter receive and process the frames correctly, IEEE stipulates that each network adapter has a unique ethernet address-MAC address (which is called MAC address by IEEE ).
Because the addressing details are defined by MAC protocols such as 802.3 ). The MAC address has 48 bits (6 bytes), which are usually expressed in hexadecimal notation. For example, 0000.0c12.3456 is
Valid Ethernet addresses.
To ensure the uniqueness of the MAC address, the ethernet card manufacturer fixes the MAC address to the NIC. The first half of the address (24-bit) identifies the manufacturer of the NIC, which is assigned by IEEE and is called the OUI (organization unique identifier ); the second half of the address is assigned a unique ID by the NIC manufacturer.
The address used to identify a network card is called "Unicast address" (unicast), which is also called BIA (burned-in
Address), uaa (universally administered
Address ). Many people refer to unicast addresses as LAN addresses, Ethernet addresses, or MAC addresses, regardless of BIA or other names.
The Group address is used to identify multiple Ethernet cards. IEEE defines two types of Ethernet Group addresses:
● Broadcast address (broadcast): identifies all devices in the LAN, with a value of FF-FF-FF-FF-FF-FF (that is, when all is 1, it indicates a broadcast address );
●
Multicast address (Multicast): identifies some devices in the LAN. Some applications need to communicate with multiple devices. By sending a multicast frame, all devices want to receive the data sent by the application
This frame can be processed, while other devices ignore it. The multicast MAC address is in the format of 01-00-5e-xx-xx-xx, where X can be any value. Multicast addresses seem to have complicated rules. They should be resolved later ..... As shown in, the six-byte Mac is divided into two segments, three bytes each. The first three bytes are used to identify the manufacturer (oui-organistionally unique identifier ), the last three bytes are used to identify different network devices of the vendor. The content of the last three bytes is arranged by the manufacturer according to their preferences, therefore, large manufacturers will apply for multiple ouis.

Among the six most effective bytes, the lowest effective bit (B1) is used to identify unicast, and mulcast, that is, unicast and multicast.

The minimum valid bits (B2) are used to identify the universally administered address.
And

Locally administered address

Where:Universally administered address refers to the address specified by the manufacturer in the firmware, that is, the MAC address that everyone generally understands,

While


The locally administered address is the address specified by the network administrator to enhance network management,





The U/L bit of the locally administered address must be set to 1.




If the address is locally administered
The first byte of the MAC address should be


0x02. Therefore, you cannot change the MAC address to another
Universally administered address. But in general, many people do not follow the above conventions. Because
MAC addresses can only play a role in the LAN, because the MAC addresses are constantly replaced when transmitted over the network. So even if you use


Occupied by the vendor
You do not have to worry about conflicts.

Let's make it clearer. After all,


Locally administered address and


The difference between the adminally administered address is determined by yourself during production. However, they differ in the U/L-bit theory, but no one cares about them in practical application. So

The range of locally administered address is:

 

1: 0000 0000 0001-FFFF fffd

2: Do not use the address with the lowest valid bit of 1 in the first byte as they are multicast.

3: At the same time, do not use all 0 and all 1.

Http://www.intel.com/support/network/adapter/pro100/sb/CS-029402.htm#laa

 

Http://www.synapse.de/ban/HTML/P_LAYER2/Eng/P_lay207.html

U/L = 1

Locally administered address:
Adapter uses a logical address (assigned by network administrator ).
U/L = 1 may result in a hex code of 0x02 in the first byte. The U/L bit is
Always set when
Logical Address is assigned (even if the assigned address doesn't follow
This Convention). Therefore, it is impossible to imitate a burned-in
Address; but other logical address may be imitated at any
Time.

And once



The locally administered address is set by the network administrator, and overridding is replaced)


Universally administered address is used.

As for why


Locally administered address
The address is not clear. Keep the address and try again later.

 

Locally administered address has the following functions:

Http://www.irongeek.com/ I .php? Page = Security/changemac

1. To get past MAC address filtering on a router. Valid Mac
   Addresses can be found by sniffing them and then the deviant user cocould
   Assume the MAC of a valid host. Having two hosts on the same network can cause some network stability problems,
   But much of the time it's workable. This is one of the reasons why mic
   Address filtering on a wireless router is pointless. An attacker can just
   Sniff the MAC address out of the air while in monitor mode and set his WiFi
   Nic to use it. Interestingly, a lot of hotels use Mac filtering in their
   "Pay to surf" schemes, so this method can be an instant in for cheap skate
   Road Warriors.
   
   
2. Sniffing other connections on the network. By assuming
   Another host's Mac as their own they may receive packets not meant for them.
   However, ARP attack oning is generally a better method than Mac spoofing
   Accomplish this task.
   
   
3. So as to keep their burned in MAC address out of IDs and
   Security logs, thus keeping deviant behavior from being connected to their
   Hardware. For example, two of the main things a DHCP server logs when it
   Leases an IP to a client is the MAC address and host name. If you have
   Wireless Router look around on it's Web interface for where it logs this
   Info. Luckily there are tools to randomize this information (madmacs
   ).
   
   
4. To pull off a denial of service attack, for instance
   Assuming the MAC of the gateway to a sub net might cause traffic problems.
   Also, a lot of WiFi routers will lock up if a client tries to connect
   The same Mac as the router's bssid.
   
   

For




L
Ocally administered address. Some switches and bridges do not forward frames containing such addresses.

Unicast and multicasting are not much to be said.
Address details

In, we can see that U/L and G/I are not the highest and secondary highs of the style we usually see, for example

01-00-5e-xx-xx-xx (0000 0001-00-5e-xx-xx-xx) g/I bit is 1 rather than 0. The reason for this design is that our computer sends data by bit (for the number of digits, it needs to accept data by one digit ), most of our PCs use small-Endian (small-edian). Therefore, to enable the computer to first accept the g/I and U/L bits of a frame, put the two bits to the lowest valid bits of the highest byte. In this case, you can easily send them out.

Universally administered address

The original IEEE 802
MAC address comes from the original Xerox
Ethernet addressing scheme.<sup>[1]

This 48-bit address space contains potentially 248
Or 281,474,976,710,656 possible MAC addresses.</sup>

All three numbering systems use the same format and differ only in
The length of the identifier. addresses can either be "universally
Administered addresses "or" locally administered addresses ".

A universally administered address is uniquely assigned to a device
By its manufacturer; these are sometimes called "Burned-In addresses"
(BIA). The first three octets
(In transmission order) Identify the organization that issued the identifier and are known as the organizationally Unique Identifier
(Oui ).<sup>[2]

The following three (MAC-48 and EUI-48) or five (EUI-64) octets are
Assigned by that organization in nearly any manner they please, Subject
To the constraint of uniqueness. the IEEE expects the Mac-48 space to be
Exhausted no sooner than the year 2100;[3]

EUI-64s are not expected to run out in the foreseeable future.</sup>

A locally administered address is assigned to a device by a network
Administrator, overriding the burned-in address. locally administered
Addresses do not contain ouis.

Universally administered and locally administered addresses are distinguished by setting the second least significant bit
Of the most significant byte of the address. If the bit is 0,
Address is universally administered. If it is 1, the address is locally
Administered. In the example address 06-00-00-00-00-01 the most
Significant byte is 06 (HEX), the binary form of which is 00000110,
Where the second least significant bit is 1. Therefore, it is a locally
Administered address.<sup>[4]

Consequently, this bit is 0 in all ouis.</sup>

If the least significant bit of the most significant octet of
Address is set to 0 (zero), the frame is meant to reach only one
Using ing Nic
.<sup>[Citation needed

]
This type of transmission is called unicast
. A unicast frame is transmitted to all nodes within the collision domain
, Which typically ends at the nearest network switch
Or Router
.
Only the node with the matching hardware MAC address will accept
Frame; Network frames with non-matching Mac-addresses are ignored,
Unless the device is in promiscuous mode
.[Citation needed

]</sup>

If the least significant bit of the most significant address OCTET is
Set to 1, the packet will still be sent only once; however, cannot will
Choose to accept it based on different criteria than a matching Mac
Address: for example, based on a retriable list of accepted Multicast
MAC addresses. This is called Multicast
Addressing.