Identifying device vendors by MAC

By stretch | Friday, July 4, 2008 at 3:03 a.m. UTC

One resource I've found incredibly valuable in performing network reconnaissance is the IEEE's MAC OUI database. An Organizationally Unique Identifier (OUI) makes up the first 24 bits of a MAC address, and serves to identify the owner of an address range (typically the NIC manufacturer) with the goal of preserving global uniqueness.

Although the IEEE's instructions state that OUIs should be entered in XX-XX-XX format (the first half of a hexadecimal MAC address), dashes are optional, and you can also search by text string to identify all OUIs owned by a particular company (for example, "cisco systems"). Alternatively, the full list is available for download in plain text format.

The database isn't always 100% telling, as the IEEE notes many manufacturers subcontract the production of interface circuitry, consequently delegating the assignment of burned-in addresses. However, the database has helped me numerous times to identify a rogue router emplaced by a customer or a legitimate infrastructure device which was overlooked in existing documentation and not otherwise remotely identifiable.

About the Author

Jeremy Stretch is a networking engineer and the maintainer of PacketLife.net. He currently lives in the Raleigh-Durham area of North Carolina. Although employed full-time out of necessity, his true passion lies in improving the field of network engineering around the world. You can contact him by email or follow him on Twitter.

Posted in Resources

Comments

Kevin (guest) commented on Monday, July 7, 2008 at 3:41 p.m. UTC

Here is another good source for finding MAC addresses.

http://www.coffer.com/mac_find/

Leave a Comment


Register to comment as a member. You'll look cooler.

Optional; will not be displayed publicly or given out.

No commercial links. Only personal (e.g. blog, Twitter, or LinkedIn) and/or on-topic links, please.
What protocol is used to retrieve web pages?