MAC Address Vendor Prefixes: nmap-mac-prefixes
Users rarely modify this file, which maps MAC address prefixes
to vendor names. Read on for the complete treatment.
Ethernet devices, which have become the dominant network
interface type, are each programmed with a unique 42-bit identifier
known as a MAC address. This address is placed in ethernet headers to
identify which machine on a local network sent a packet, and which
machine the packet is destined for. Humans usually represent it as a
hex string, such as 00:60:1D:38:32:90
.
To assure that MAC addresses are unique in a world with
thousands of vendors, the IEEE assigns an Organizationally Unique
Identifier (OUI) to each company manufacturing ethernet devices. The
company must use its own OUI for the first three bytes of MAC
addresses for equipment it produces. For example, the OUI of 00:60:1D:38:32:90
is 00601D
. It can choose the remaining
three bytes however it wishes, as long as they are unique. A counter is the
simple approach. Companies that assign all 24 million possible values
can obtain more OUIs.
nmap-mac-prefixes
maps each assigned OUI to the
name of the vendor that sells them. Example 14.5, “Excerpt from nmap-mac-prefixes
” is a typical
excerpt.
Example 14.5. Excerpt from nmap-mac-prefixes
006017 Tokimec
006018 Stellar ONE
006019 Roche Diagnostics
00601A Keithley Instruments
00601B Mesa Electronics
00601C Telxon
00601D Lucent Technologies
00601E Softlab
00601F Stallion Technologies
006020 Pivotal Networking
006021 DSC
006022 Vicom Systems
006023 Pericom Semiconductor
006024 Gradient Technologies
006025 Active Imaging PLC
006026 Viking Components
The first value is the 3-byte OUI as 6 hex digits. It is
followed by the company name. This file is created, using a simple
Perl script, from the complete list of OUIs available from http://standards.ieee.org/regauth/oui/oui.txt The IEEE also
offers an OUI FAQ at http://standards.ieee.org/faqs/OUI.html
Nmap can determine the MAC address of hosts on a local ethernet
LAN by reading the headers off the wire. It uses this table to look
up and report the manufacturer name based on the OUI. This can be
useful for roughly identifying the type of machine you are dealing
with. A device with a Cisco, Hewlett Packard, or Sun OUI probably
identifies a router, printer, or SPARCstation, respectively. Example 14.5, “Excerpt from nmap-mac-prefixes
” shows that the device
at 00:60:1D:38:32:90
was made by Lucent. It is in
fact the Lucent Orinoco wireless card in my laptop.