Identifying device vendors by MAC
One resource I've found incredibly valuable in performing network reconnaissance is the IEEE's MAC OUI database. An Organizationally Unique Identifier (OUI) makes up the first 24 bits of a MAC address, and serves to identify the owner of an address range (typically the NIC manufacturer) with the goal of preserving global uniqueness.
Although the IEEE's instructions state that OUIs should be entered in XX-XX-XX format (the first half of a hexadecimal MAC address), dashes are optional, and you can also search by text string to identify all OUIs owned by a particular company (for example, "cisco systems"). Alternatively, the full list is available for download in plain text format.
The database isn't always 100% telling, as the IEEE notes many manufacturers subcontract the production of interface circuitry, consequently delegating the assignment of burned-in addresses. However, the database has helped me numerous times to identify a rogue router emplaced by a customer or a legitimate infrastructure device which was overlooked in existing documentation and not otherwise remotely identifiable.
About the Author
Jeremy Stretch is a freelance networking engineer, instructor, and the maintainer of PacketLife.net. He currently lives in Fairfax, Virginia, on the edge of the Washington, DC metro area. Although primarily an R&S guy, he likes to get into everything, and runs a free network training lab out of his basement for fun. You can contact him by email or follow him on Twitter.
Here is another good source for finding MAC addresses.
http://www.coffer.com/mac_find/