Chinaunix首页 | 论坛 | 博客
  • 博客访问: 4534067
  • 博文数量: 252
  • 博客积分: 5347
  • 博客等级: 大校
  • 技术积分: 13838
  • 用 户 组: 普通用户
  • 注册时间: 2009-09-30 10:13
文章分类
文章存档

2022年(12)

2017年(11)

2016年(7)

2015年(14)

2014年(20)

2012年(9)

2011年(20)

2010年(153)

2009年(6)

分类: LINUX

2011-09-22 19:20:36

    为了能使某网卡发出的帧被正确的网卡接收并处理,IEEE规定:每块网卡都有一个唯一的以太网地址----MAC地址(IEEE之所以将其称为MAC地址,是因为编址细节是由诸如802.3等MAC协议定义的)。MAC地址有48位(6字节),通常用十六进制来表示,如0000.0c12.3456是一个合法的以太网地址。
为确保MAC地址的唯一性,以太网卡制造商将MAC地址固化到网卡中。地址的前半部分(24位)标识网卡的制造商,由IEEE分配,称为OUI(组织唯一标识符);地址的后半部分由网卡制造商为其网卡分配一个唯一的编号。
用于标识某一块网卡的地址叫做“单播地址”(Unicast),该地址又叫做BIA(Burned-in Address)、UAA(Universally administered address)。无论使用BIA还是其它名称,很多人都将单播地址称为LAN地址、以太网地址或MAC地址。
“组地址”(group address)用于标识多个以太网卡,IEEE定义了两类以太网组地址:
● 广播地址(broadcast):标识LAN内所有的设备,值为FF-FF-FF-FF-FF-FF(即全为1时表示是广播地址);
● 组播地址(multicast):标识LAN中的部分设备。有些应用程序需要同多台设备通信,通过发送一个组播帧,所有想接收该应用程序发送的数据的设备都可以对这个帧进行处理,而其它的设备则忽略它。组播MAC地址的形式为:01-00-5e-xx-xx-xx,其中X可为任意值。组播地址似乎有复杂的规定,留着以后解决。。。。。如下图所示,6个字节的MAC地被分成两段,各三个字节,前面三个字节用来标识生产厂商(OUI-Organistionally Unique Identifier),后三个字节则用来标识这个厂商的不同的网络设备,这后三个字节的内容则由生产厂商按照自己的喜好来安排了,所以大的生产厂商就会去申请很多个OUI。

而这个6个字节中的最高有效字节中的最低有效位(b1)用来标识 unicast,和mulcast,即单播 和多播

而次最低有效位(b2)则用来标识 universally administered address

locally administered address

其中:universally administered address 是指烧录在固件中由厂商指定的地址,也也即大家通常所理解的MAC地址,

locally administered address 则是指由网络管理员为了加强自己对网络管理而指定的地址,由定义可知, locally administered address的U/L位要设置成1.所以 要表示 locally administered address的话,那
MAC 地址的第一个字节应该是
0x02, 因此不能够把MAC地址改成其它已经被厂商占用的 universally administered address了。但是通常情况下,很多人都不会遵守上面的约定。因为
MAC地址通常只能在局域网里发挥作用,因为在网络上传输,MAC地址是会被不断的替换掉的。所以即使你用了
已经被厂商占用的 universally administered address也不用担心会产生冲突。

说到着就更清楚了吧。说到底, locally administered address 和 universally administered address的区别在于是直接由生产的时候确定的还是由你自己修改过的。而它们两者理论是U/L位来区别的,但是在实际应用中,却没有人管这些。所以

locally administered address 的范围是:

 

1: 0000 0000 0001 - FFFF FFFF FFFD

 2:在1中定义的,还不要用第一个字节中的最低有效位为1的地址,因为它们是多播的

 3:同时还不要用全是0的和全是1的




 



U/L = 1

Locally administered address: the adapter uses a logical address (assigned by network administrator). U/L=1 may result in a hex code of 0x02 in the first byte. The U/L bit is always set when a logical address is assigned (even if the assigned address doesn't follow this convention). Therefore, it is impossible to imitate a burned-in address; but other logical address may be imitated at any time.


而且一旦 locally administered address地址由网管设定,它就会取代(overridding) universally administered address地址代发挥作用了。

至于为什么要设定 locally administered address 地址,则不清楚,留着以后再查。

 

Locally administered address主要有以下作用:

  http://www.irongeek.com/i.php?page=security/changemac


  1. To get past MAC address filtering on a router. Valid MAC addresses can be found by sniffing them and then the deviant user could assume the MAC of a valid host. Having two hosts on the same network can cause some network stability problems, but much of the time it's workable. This is one of the reasons why MIC Address filtering on a wireless router is pointless. An attacker can just sniff the MAC address out of the air while in monitor mode and set his WiFi NIC to use it. Interestingly, a lot of hotels use MAC filtering in their "pay to surf" schemes, so this method can be an instant in for cheap skate road warriors. 
  2. Sniffing other connections on the network. By assuming another host's MAC as their own they may receive packets not meant for them. However, ARP poisoning is generally a better method than MAC spoofing to accomplish this task.
  3. So as to keep their burned in MAC address out of IDS and security logs, thus keeping deviant behavior from being connected to their hardware. For example, two of the main things a DHCP server logs when it leases an IP to a client is the MAC address and host name. If you have a wireless router look around on it's web interface for where it logs this info. Luckily there are tools to randomize this information (MadMACs ).
  4. To pull off a denial of service attack, for instance assuming the MAC of the gateway to a sub net might cause traffic problems. Also, a lot of WiFi routers will lock up if a client tries to connect with the same MAC as the router's BSSID.

对于 l ocally administered address地址,有些交换机和网桥不会转发包含了这样地址的帧。

而单播和多播就不多说了。
Address details
在上图中,我们可以看到U/L位和  G/I 位并不是在我们平时看到的样式的最高位和次高位,比如说 01-00-5e-xx-xx-xx(0000 0001-00-5e-xx-xx-xx)G/I位是1而不是0。之所以这样子设计,是因为我们的电脑发送数据是按位发送的(面向位数的,它要一位一位的接受数据),并且我们的大多PC机采用的是小端(Small-edian),因此要想让电脑先能接受到一个帧的G/I位和 U/L位,那就要把这两个位放到最高字节的最低有效位。这时就可以把它们轻松发出去了。


The original MAC address comes from the original Ethernet addressing scheme. This 48-bit address space contains potentially 248 or 281,474,976,710,656 possible MAC addresses.

All three numbering systems use the same format and differ only in the length of the identifier. Addresses can either be "universally administered addresses" or "locally administered addresses".

A universally administered address is uniquely assigned to a device by its manufacturer; these are sometimes called "burned-in addresses" (BIA). The first three (in transmission order) identify the organization that issued the identifier and are known as the (OUI). The following three (MAC-48 and EUI-48) or five (EUI-64) octets are assigned by that organization in nearly any manner they please, subject to the constraint of uniqueness. The IEEE expects the MAC-48 space to be exhausted no sooner than the year 2100; EUI-64s are not expected to run out in the foreseeable future.

A locally administered address is assigned to a device by a network administrator, overriding the burned-in address. Locally administered addresses do not contain OUIs.

Universally administered and locally administered addresses are distinguished by setting the second of the most significant byte of the address. If the bit is 0, the address is universally administered. If it is 1, the address is locally administered. In the example address 06-00-00-00-00-01 the most significant byte is 06 (hex), the binary form of which is 00000110, where the second least significant bit is 1. Therefore, it is a locally administered address. Consequently, this bit is 0 in all OUIs.

If the least significant bit of the most significant octet of an address is set to 0 (zero), the frame is meant to reach only one receiving .[ ] This type of transmission is called . A unicast frame is transmitted to all nodes within the , which typically ends at the nearest or . Only the node with the matching hardware MAC address will accept the frame; network frames with non-matching MAC-addresses are ignored, unless the device is in promiscuous mode .[ ]

If the least significant bit of the most significant address octet is set to 1, the packet will still be sent only once; however, NICs will choose to accept it based on different criteria than a matching MAC address: for example, based on a configurable list of accepted multicast MAC addresses. This is called addressing.

阅读(28328) | 评论(0) | 转发(2) |
给主人留下些什么吧!~~