MAC tracking software

[Sauron]

It may be just a idiotic notion on my part; but why do most work off the IP tracking systems? IP's are easy (more or less) to change or rout off in a matter of speaking. Are MAC addresses available for tracking? It would seem to be a great deal easier to use a MAC which supposedly is hard burned into a NIC card and therefore not as easy to copy. Am I wrong in thinking this?

[Statica]

For a number of reasons MAC addresses are not the definitive identity on the internet. Here are some of the ones that I can think of, I am sure that there are tons more:
* It is a logistics nightmare! Right now, you are getting the most direct information of a packet source and its destination. Think about using a MAC as an ID, you would now need to have something on top of IP resolution to now track which MAC a particular packet is coming/going. I am sure that you can just imagine the nightmarish situation to deal with that. Heck even for a services point of view; think about it from your ISP's level, it's going to have to take the packets out of 00-50-BF-FE-C0-4D -> 209.68.45.231 ->*-> your IP address -> 0A-D0-AF-1E-C0-4E ; as you can see the last step becomes entirely redundant
* There is a much more finite number of MAC addresses possible than is possible in the entire realm of the way the IP networks are laid out. By your needs, you could not really take a MAC address out of public use and call it a private IP. Remember that MAC's are not just used by network cards but a LOT of non-ethernet devices and networking options like bluetooth and IR. What happens to discarded MACs? IPs can be re-used when they are vacated.
* It's a security nightmare; spoofing a MAC is not out of the realm of possiblity at all. But now spoofing a MAC has much wider implications than spoofing an IP address. IMO its much easier to spoof a MAC than it is to spoof public IPs.
wow there are so much more reasons out there am sure it will come up

Of course, if your goal is to track and audit MACs over a very small private network, that is available out there from a number of vendors.

[doctorgonzo]

Keep in mind that the IP protocol does use MAC addresses at the Data Link layer of the OSI model. For example, when you connect to an IP address outside of your network (like this website), your computer knows that it has to send the packet to the Default Gateway (router) to get it there. How does it know how to address the Default Gateway, though? By learning it's MAC address and sending the Ethernet frame to that MAC address.

The IPX protocol used MAC addresses as the node portion of an IPX address. IP doesn't do this because it doesn't have a consistent data length for the node (as opposed to network) part of the IP address. Not only that, but IP addresses themselves are shorter than MAC addresses: 32 bits versus 48 bits.

If you want to see what MAC addresses are in your IP protocol stack's ARP table, go to a command prompt and type "arp -a"

[Sauron]

Ok - I was just wondering. It just seemed more logical to me to use something thats a burned in address - but I thought it was only made for NIC cards and such. Ah how I live and learn. Thanks.