Nmap Security Scanner
*Ref Guide
Security Lists
Security Tools
Site News
Advertising
About/Contact
Credits
Sponsors





Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
MAC Address Vendor Prefixes: nmap-mac-prefixes
Prev Chapter 14. Understanding and Customizing Nmap Data Files Next

MAC Address Vendor Prefixes: nmap-mac-prefixes

Users rarely modify this file, which maps MAC address prefixes to vendor names. Read on for the complete treatment.

Ethernet devices, which have become the dominant network interface type, are each programmed with a unique 42-bit identifier known as a MAC address. This address is placed in ethernet headers to identify which machine on a local network sent a packet, and which machine the packet is destined for. Humans usually represent it as a hex string, such as 00:60:1D:38:32:90.

To assure that MAC addresses are unique in a world with thousands of vendors, the IEEE assigns an Organizationally Unique Identifier (OUI) to each company manufacturing ethernet devices. The company must use its own OUI for the first three bytes of MAC addresses for equipment it produces. For example, the OUI of 00:60:1D:38:32:90 is 00601D. It can choose the remaining three bytes however it wishes, as long as they are unique. A counter is the simple approach. Companies that assign all 24 million possible values can obtain more OUIs. nmap-mac-prefixes maps each assigned OUI to the name of the vendor that sells them. Example 14.5, “Excerpt from nmap-mac-prefixes” is a typical excerpt.

Example 14.5. Excerpt from nmap-mac-prefixes

006017 Tokimec
006018 Stellar ONE
006019 Roche Diagnostics
00601A Keithley Instruments
00601B Mesa Electronics
00601C Telxon
00601D Lucent Technologies
00601E Softlab
00601F Stallion Technologies
006020 Pivotal Networking
006021 DSC
006022 Vicom Systems
006023 Pericom Semiconductor
006024 Gradient Technologies
006025 Active Imaging PLC
006026 Viking Components

The first value is the 3-byte OUI as 6 hex digits. It is followed by the company name. This file is created, using a simple Perl script, from the complete list of OUIs available from http://standards.ieee.org/regauth/oui/oui.txt The IEEE also offers an OUI FAQ at http://standards.ieee.org/faqs/OUI.html

Nmap can determine the MAC address of hosts on a local ethernet LAN by reading the headers off the wire. It uses this table to look up and report the manufacturer name based on the OUI. This can be useful for roughly identifying the type of machine you are dealing with. A device with a Cisco, Hewlett Packard, or Sun OUI probably identifies a router, printer, or SPARCstation, respectively. Example 14.5, “Excerpt from nmap-mac-prefixes” shows that the device at 00:60:1D:38:32:90 was made by Lucent. It is in fact the Lucent Orinoco wireless card in my laptop.


Prev Up Next
Nmap OS Detection DB: nmap-os-db Home IP Protocol Number List: nmap-protocols
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]