I can't see any reason for MAC addresses to escape onto the internet. I certainly hope mine isn't. It may help prevent fraud, but would destroy personal privacy at a stroke.

Just had a quick discussion on this in the office. At a webpage level we reckon that this would be impossible - we know of no way of accessing that info. At http level its no good either as its not in the protocol so any scripting language would be screwed. However, if your working at tcp/ip level (and building your own webserver) you can get it. However, I'm told that this is not great as it'll be the MAC address of the last router (or whatever) that your request passed through.

Right, now I'm waiting for some JSP/PHP expert to tell me its possible now...

it'll be the MAC address of the last router (or whatever) that your request passed through.

Precisely. From my limited memory of networking, MAC addresses are purely on the "Physical" layer and carried in frames, which only exist from one node to the next. Only packets (encapsulated from hop to hop within frames) are transported from source to destination, and they only carry IP addresses.

As I said, if MAC addresses were advertised to the internet at large, it would be pointless having any hope of privacy.

I appreciate all of your help and understand the privacy concerns. The only goal is to prevent fraud - not to profile or do things that have privacy concerns. It is my understanding that some variation of it can be done.

Thanks for everybody's help.

David

Being in networking for over 9 years...

It is more than possible to detect a MAC address.
As a matter of fact, on a VPN connection you can specify that only a specific MAC address has the ability to connect to the VPN for example.

Any NIC placed in public, (IE connected to the internet directly) can have it's MAC address read.

If your network is behind a firewall, or is NAT'd you can hide yourself. However, the MAC address for the firewall or router you are using can be found.

What makes everyone so sure that the SE's and others are NOT using this info? 8-)

I'd sure be, if it related to cash in my pocket.

Anyone who has ever packet sniffed, can tell you the MAC address is VERY available.

Hope that clears that up.

Tera

[edited by: jatar_k at 6:01 pm (utc) on Oct. 10, 2005]
[edit reason] removed url [/edit]

Hmmm....

I was under the impression MAC address is a layer 2 routing protocol requirement. Therefore any IP information would be "wrapped" within such packet...

that is, presuming Ethernet type (And don't bite me if I missing parts, it's off of the top of my head):

[MAC source][MAC Destination][Ether Type][DATA][CRC]

then the [DATA] from above contains the IP (or ARP, RARP, ICMP, etc.), in the following format for :

{Version}{Hlength}{Service Type}{Total Length}{ID}{Flags}Frag Offs}{TTL}{{Protocol}{Header}{CRC}{Source Address}{Destination Address}{Opt.}{Data}

So the complete packet at Layer 2 is

[MAC source][MAC Destination][Ether Type][{Version}{Hlength}{Service Type}{Total Length}{ID}{Flags}Frag Offs}{TTL}{{Protocol}{Header}{CRC}{Source Address}{Destination Address}{Opt.}{Data}][CRC]

The MAC address HAS to be stripped at each hop. Therefore MAC addresses are not made for "routing".

For a VPN to function properly, it has to have access to layer 2 at the client side. This is why you have to install a "VPN client".

If you can craft a client side code, such as a Java, ActiveX, etc. piece that grabs this information and captures this in the {DATA} section, you have your solution.

As I said before, I might be wrong, so I am open to correction.

If you could identify users from their PC mac address then that would only work for those with NIC's. Anyone using a USB modem or a dialup modem would not have a MAC address.

Of course the MAC address can be detected, just not with ordinary JavaScript. You'll probably need some ActiveX component (on Windows) that performs some NetBIOS magic. The user will have to agree to use the ActiveX thing.

Terabytes is right. I use MAC Addresss all the time to allow users to connect to a WAN I manage. You do need to be firewalling at layer two to get this info.

aspdaddy, what kind of "WAN" is your WAN?

Might want to look at the ISO OSI layers, and how MAC addresses are handled. ;-)

Anyone using a USB modem or a dialup modem would not have a MAC address

USB (broadband) modems typically have a mac address. Dialup modems do not have a mac address.

Kaled.

what kind of "WAN" is your WAN?

The M$ Type.

Whats OSI Layers, something to do do with 7 onion skins, I slept thru most of that stuff ;)

Form the ISO/OSI Spec:

The data link layer's (thats layer 2!)protocol-specific header specifies the MAC address of the packet's source and destination.

Whats OSI Layers, something to do do with 7 onion skins, I slept thru most of that stuff

Form the ISO/OSI Spec:

The data link layer's (thats layer 2!)protocol-specific header specifies the MAC address of the packet's source and destination.

Right... Which would confirm my statement. ;-)

MAC addresses do not get included in the IP packet, therefore your IP information will not contain the MAC address of the source, unless you use something like a higher layer to store the MAC address in the DATA section... (You can't put your pocket inside a penny... but you can put the penny inside your pocket.)

They are Application/Presentation/Session/Transport/Network/Data Link/Physical.

MAC addresses on Ethernet follow the MAC-48, or EUI-48, and pretty much any device can have a MAC address as long as their function is to Control the Access to the Media on an Ethernet...

If MAC addresses were included in the IP packet, then why do we need ARP/RARP?

How about when the IP packet comes from a Token Ring or AppleTalk or SNA segment? What is "MAC address" for those packets?

Anyone using a USB modem or a dialup modem would not have a MAC address

USB (broadband) modems typically have a mac address. Dialup modems do not have a mac address.

Cable modems which are connected PC side via USB may have a MAC address for the modem itself but 'standard' ADSL / Broadband modems here in the UK do not. They are just seen as a 512K dial up modem.

I don't know the exact figures but the majority of broadband users in the UK could be using USB modems and that would equate to a few million without MAC addresses.