Solved

How far beyond a router/gateway can a MAC address be traced, and how?

Posted on 2007-12-05
8
1,191 Views
Last Modified: 2008-02-18
This is a question about the traceability of MAC adresses beyond their immediate router/gateway.

I've been wondering how far beyond a router a LAN computer's MAC address is broadcast and/or traceable? Let's say there's a cafe with free internet access, and for an hour a user will occupy 192.168.0.XXX, broadcasting his MAC address to the router. Is this traceable by the upstream ISP, or anyone else, and if so, how?  

As a sidenote, most routers I don't think keep good logs by default - so  once the user is gone from the cafe/IP address, where are there any traces of him having been there?

 Any information WITH solid documentation (on the Internet) is most welcome.

Thanks,

Peter
0
Comment
Question by:pax
  • 4
  • 3
8 Comments
 
LVL 50

Accepted Solution

by:
Don Johnston earned 200 total points
ID: 20414964
No. MAC addresses (source and destination) are stripped off at each router. Nobody past the first router your traffic hits can determine your MAC address.

While the routers may not keep detailed information, it is possible to monitor the activity of users.
0
 

Author Comment

by:pax
ID: 20475614
don,

Thanks - but can you also point me to something in writing that states/explains that in at least as much detail as you mention?

Regarding monitoring, can you say what you mean by that, or how you mean that?
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 200 total points
ID: 20475930
>but can you also point me to something in writing that states/explains that in at least as much detail as you mention?

The OSI model.

>Regarding monitoring, can you say what you mean by that, or how you mean that?

By using a protocol analyzer, it is possible to observe the traffic that crosses a network. If it is a switched network, the switch will have to be configured to forward the traffic to the port with the analyzer.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:pax
ID: 20543741
Don,

I sure would appreciate if you could point me to more than just 'the osi model' - I've looked it up, but it does not answer my question. I understand this is a non-brainer to you, but I would just like to have some published information that talks about the stripping of the MAC address at the first point of routing.

Regarding monitoring, could you be specific with terms and names about, let's say, a wifi network in a coffee shop that gets its pipe from the local telco via dsl? What has to be installed, where, confiugred how, roughly, to monitor how much of the lan traffic? What's an example of such software?

Thanks!
0
 

Author Comment

by:pax
ID: 20638451
Anybody: another expert, or a bit more detailed response from Don, would be very helpful in order to wrap up this question. I  am increasing the points a bit.

Thanbks,

Peter
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 200 total points
ID: 20638846
Might as well go directly to the source. :-)

http://www.faqs.org/rfcs/rfc791.html

Regarding monitoring, a wireless protocol analyzer such as linkferret will allow you to see traffic transmitted over a WIFi network.
0
 

Author Comment

by:pax
ID: 20654990
Don,

I appreciate your pointers, however they are not very helpful to me. Your pointer to rfc791 leads to a 33 page document that mentions neither the words MAC or router - I am sure I would learn something by reading through it all, as would have been true with your before reference to the long explanation of the OSI model, however if I have to do all the research, then I would not need to post here at EE. As such, your pointer to rfc 791 does not answer my questions about MAC addresses.

Regarding wireless network monitoring, it appears that linkferret is no longer available as software, and that the last versions available require a  Cisco/Aironet or WaveLAN/Orinoco card in order to use it successfully. I have neither, as don't most people I imagine.

I understand that the latter question was not part of my original post, and therefore will gladly award the points once my original questions is successfully and satisfingly answered.

I would of course greatly appreciate if you or someone else could point me to a implementable solution on how I could monitor traffic on a wireless network I am on, so that I could understand how that works practically. I will be happy to open that as a new question.

Peter
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now