# Phisical Address (MAC) propagation and visibility

## Deathwing00

I'd like to know how far is visible the MAC address using TCP/IP. It might sound strange, but if I use arping for hosts beyond my ISP's gateways, the MAC shown isn't the hosts, but the gateways, for what I have seen. I'd like to know wether this is normal and if there is a possibility to have it removed or changed...   :Confused: 

----------

## krusty_ar

AFAIK MACs are used for ethernet so upper level protocols don't need it, this means that you should not see any MAC outside your LAN, now you got me thinking about hubs and switches but I would say those are transparent

----------

## Deathwing00

 *krusty_ar wrote:*   

> AFAIK MACs are used for ethernet so upper level protocols don't need it, this means that you should not see any MAC outside your LAN, now you got me thinking about hubs and switches but I would say those are transparent

 

You are not exactly correct. Novel networking uses directly MAC addresses. About HUBs and SWITCHes, they have no MAC address, as they are simple concentrators, they do not even count as nodes. In fact, they 'only' thing those do is to 'join' inter-connections, nothing else. And MACs are used in low-level protocols, not high-level, for what I have knowledge of.

----------

## puggy

If it goes out over your router I believe the MAC address will have gone, except for the external MAC address of your router of course...

----------

## devon

 *Quote:*   

> About HUBs and SWITCHes, they have no MAC address, as they are simple concentrators, they do not even count as nodes. 

 

Umm... my Cisco 2924XL switch has a MAC address.

```
#sh int vlan8

VLAN8 is up, line protocol is up

  Hardware is CPU Interface, address is 0001.63bb.b880 (bia 0001.63bb.b880)

  Description: blah

  Internet address is x.x.x.x/yy

  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA

  ARP type: ARPA, ARP Timeout 04:00:00
```

MAC addresses are used by switches/bridges to forward Ethernet frames to the correct port. 

When a router receieves an Ethernet frame, it will re-write the src/dst MAC addresses to foward to the next hop based on the routing table.

Here is something I wrote when I did a class. If it doesn't make sense, please let me know. I wrote it like 2 years ago.

 *Quote:*   

> When Host A wants to send a packet to Host B, the following steps are taken:
> 
> 1.	Host A looks at its kernel routing table for the correct route.
> 
> 2.	If Host B exists on the same subnet as Host A
> ...

 

Pic of Ethernet frame for reference:

[img:6e60b182f6]http://www.noved.org/~devon/pics/Ethernet_Data_Frame.png[/img:6e60b182f6]Last edited by devon on Tue Jul 22, 2003 10:22 pm; edited 1 time in total

----------

## Deathwing00

I know the procedure, what I didn't know was what happened to MAC addresses. Thanks to all, I have this clarified, now surges a new question: a way to bypass router in order to get external MACs?

----------

## ben

the only way I am aware of is...:

The phone

Meaning if you want to trace back a spoofed packet you can go as far as the objet you own, next you will need help from the next hop owner. And you have to act very quickly as the log won't store 6 months of that kind of data.

So the best is to have good contact with neighbourgh isp, and even to exchange those procedure so in case you need it you can trace back very efficiently.

In case I am completely off, could you please give an example as to why and how you will use this information.

HTH

Ben

----------

## Deathwing00

 *ben wrote:*   

> the only way I am aware of is...:
> 
> The phone
> 
> Meaning if you want to trace back a spoofed packet you can go as far as the objet you own, next you will need help from the next hop owner. And you have to act very quickly as the log won't store 6 months of that kind of data.
> ...

 

Thanks for your reply. The information I ask you is, for now, merely curiosity... doesn't go any further.   :Smile: 

----------

## ben

You are welcome   :Wink: 

Ben

----------

