MAC Address Identification
MAC Address stands for ‘Media Access Control’ addresses and no,it is not related to any Apple Macintosh Computers. A MAC address is a hardware identification number that uniquely identifies each devices on a network. The MAC address burned into every network card ( Network Interface Card ) such as an Ethernet card or Wifi card. We can name it as a physical address of a device.
Because there are millions of network devices in existence , and each devices need to have a unique mac address , there must be very wide ranges of possible addresses. For this reason mac addresses are two digit hexadecimal numbers.separated by colons.For example , a NIC card may have a mac address of 00:0d:83:b1:c0:8e.
The 48 bit address space contains 2**48 possible MAC addresses. A MAC address contains 6 octets . The first 3 octets is an identifier for the manufacturer called OUI and last 3 octets for NIC specific.
Now that we have understood what a MAC address is , let us understand how to identify the manufacturer. There are lot of ways in which we can identify the manufacturer however ,I’ll limit myself for few.
macchanger
The macchanger , as the name suggests changes the MAC address to your desired address and comes pre-installed with Kali Linux . What I like about this tool is , it gives you a lot of flexibility and have a option(-b) of Pretending to be a burned-in-address which is very cool.
It has an option (-l) of printing known vendors and their OUI. Okay, how we can use this tool to identify manufacturer detail? Suppose , while doing some wireless hacking , you found a particular MAC address (3c:77:e6:72:dc:7f) is connected to the access point and you want to know about the OEM and use the output as better planning for the attack.
What you can do is , copy the first 3 octet of the MAC address and grep it with the option (-l) of macchanger and if the OUI address is there with macchanger, you will get an output like below.
Wireshark
Ok, we all know wireshark is a wireless network analyzer and interactive dump tool. We can use wireshark to identify the OEM of the MAC address floating around our access point. How to do it?
First go the Wireshark directory present in /usr/share/wireshark and there you can find a unicode text file called ‘manuf’ . This file contains the list of MAC addresses and corresponding OEMs.Wireshark use this file to identify OEMs in its GUI . From here as you might have already guessed , you need to cat and grep it against the MAC address you have.
TELNET
We can take use of Telnet to identify the OEM of a particular MAC address. 1 year back I found a online server which you can use to do couple of cool things. We can use that server to identify the OEM of a piece of MAC address. The server can be useful for lot of things like reading RFCs,cryptography. Go check that out and don’t forget to check Eliza, the psychotherapist. Cool,isn’t it?
Airodump-ng
Ok, this one is simple and most of you may aware of it . Airodump-ng has an option of dumping the manufacturer detail of a MAC address and it is super simple to use . Just use the option — manufacturer and it will give you the details.
Online Lookup tools
Internet has dozens of sites available to do this. You can find many by doing a simple google search. I just queried “MAC vendor lookup” here .
I hope you have enjoyed this guide and learned something new. If you have any suggestions and additions to this , please reach out to me on twitter : @SecurityBoy0x01. I’ll be happy to connect with you.
