|
windows
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Some beginner questions about spoofinga single ISP provider, who probably gives its users the modem to use, and thus, these modems are all probably of a certain make, and all have the same first 3 hexadecimal numbers. Thus, since all users in that IP range would share identical hex values in the first 3 digits of their MAC address, if you randomized your entire MAC address, you would stand out as the user with a different beginning MAC address than the rest. It would be better, for the sake of anonimity, to keep the original first 3 numbers and randomize only the last 3. Am I correct? 2) Using a sniffer, I can see that random packages sent to my IP address by all those bots and whatever that are out there, already know my MAC address without any communication from my part. This happens even when I start my internet connection and I have been online for only half a second, the first random bit of internet noise that hits me already knows my MAC address despite my not communicating with anyone besides my ISP to establish the connection. How does this work? Is my modem changing the MAC on incoming packets? Or my ISP? 3) If I open my ISP monitoring window it shows me sent/received bytes to the internet. By carefully following this flow with the sniffer, I realized that there is a discrepancy, and that almost every packet sent/received, according to the sniffer, is 20 bytes longer than according to the ISP window. Any reason why (and which) 20 bytes would be underreported from every packet (almost every packet)? The ECHO packet behaves differently: my ISP window shows a flow of about 20 bytes per packet, while the sniffer program reports 50 to 60 bytes (don't remember the exact number). 4) Is there a website that will show you a print out of the packet you send it, the same way there are web sites that show you the details of your web request (such as IP address, what IE you're using, etc.)? On 12 Oct 2006 13:41:17 -0700, ret***@techemail.com wrote in
<1160685677.590916.144***@c28g2000cwb.googlegroups.com>: >1) For most people, their connection is to a defined IP range owned by Most non-trivial providers wind up supplying different hardware, sooner>a single ISP provider, who probably gives its users the modem to use, >and thus, these modems are all probably of a certain make, and all have >the same first 3 hexadecimal numbers. or later, so there's usually a mix of products in the field. In addition, some users may buy their hardware from a third-party source. >Thus, since all users in that IP Why would you want to change your MAC address? You're identifiable by>range would share identical hex values in the first 3 digits of their >MAC address, if you randomized your entire MAC address, you would stand >out as the user with a different beginning MAC address than the rest. >It would be better, for the sake of anonimity, to keep the original >first 3 numbers and randomize only the last 3. Am I correct? your IP address. >2) Using a sniffer, I can see that random packages sent to my IP Those things out there just use your IP address. Your MAC address comes>address by all those bots and whatever that are out there, already know >my MAC address without any communication from my part. This happens >even when I start my internet connection and I have been online for >only half a second, the first random bit of internet noise that hits me >already knows my MAC address despite my not communicating with anyone >besides my ISP to establish the connection. How does this work? Is my >modem changing the MAC on incoming packets? Or my ISP? from ARP. (Look it up in Wikipedia.) >3) If I open my ISP monitoring window it shows me sent/received bytes Read up on Ethernet. (Wikipedia again, as a starting place.)>to the internet. By carefully following this flow with the sniffer, I >realized that there is a discrepancy, and that almost every packet >sent/received, according to the sniffer, is 20 bytes longer than >according to the ISP window. Any reason why (and which) 20 bytes would >be underreported from every packet (almost every packet)? The ECHO >packet behaves differently: my ISP window shows a flow of about 20 >bytes per packet, while the sniffer program reports 50 to 60 bytes >(don't remember the exact number). >4) Is there a website that will show you a print out of the packet you You wouldn't learn anything more than by sniffing yourself.>send it, the same way there are web sites that show you the details of >your web request (such as IP address, what IE you're using, etc.)? -- Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com> John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes> "John Navas" <spamfilter0@navasgroup.com> wrote in message IP addresses are logical addresses, a host can change his IP address.news:rscti2dl4l1sidb461uvro8epi5r48k64b@4ax.com... > On 12 Oct 2006 13:41:17 -0700, ret***@techemail.com wrote in > <1160685677.590916.144***@c28g2000cwb.googlegroups.com>: > >Thus, since all users in that IP > >range would share identical hex values in the first 3 digits of their > >MAC address, if you randomized your entire MAC address, you would stand > >out as the user with a different beginning MAC address than the rest. > >It would be better, for the sake of anonimity, to keep the original > >first 3 numbers and randomize only the last 3. Am I correct? > > Why would you want to change your MAC address? You're identifiable by > your IP address. Where a MAC address is a burned in address for a paticular NIC. This address cannot be changed, hence it represents one unique host. Of course you can change out nics, but that is not usually done. > Your MAC address does not come from ARP, your MAC address is burned into> >2) Using a sniffer, I can see that random packages sent to my IP > >address by all those bots and whatever that are out there, already know > >my MAC address without any communication from my part. This happens > >even when I start my internet connection and I have been online for > >only half a second, the first random bit of internet noise that hits me > >already knows my MAC address despite my not communicating with anyone > >besides my ISP to establish the connection. How does this work? Is my > >modem changing the MAC on incoming packets? Or my ISP? > > Those things out there just use your IP address. Your MAC address comes > from ARP. (Look it up in Wikipedia.) your NIC by the manufacture. The first part af the MAC addressed is controlled by a global body that gives addresses to the manufactures, the second part of the MAC address is controlled by the manufacture to identify the host. ARP is a way to resolve addresses, ARP does not give out addresses. On Thu, 12 Oct 2006 13:52:14 -0800, "Dana" <raff***@yahoo.com> wrote in <12ite69qketg***@corp.supernews.com>:>"John Navas" <spamfilter0@navasgroup.com> wrote in message The remote bad guy can't see your MAC address (only the local network>news:rscti2dl4l1sidb461uvro8epi5r48k64b@4ax.com... >> Why would you want to change your MAC address? You're identifiable by >> your IP address. > >IP addresses are logical addresses, a host can change his IP address. >Where a MAC address is a burned in address for a paticular NIC. This address >cannot be changed, hence it represents one unique host. Of course you can >change out nics, but that is not usually done. sees it), so this is irrelevant. >> Those things out there just use your IP address. Your MAC address comes Are you trying to be argumentative? ARP is how the local network finds>> from ARP. (Look it up in Wikipedia.) > >Your MAC address does not come from ARP, your MAC address is burned into >your NIC by the manufacture. The first part af the MAC addressed is >controlled by a global body that gives addresses to the manufactures, the >second part of the MAC address is controlled by the manufacture to identify >the host. >ARP is a way to resolve addresses, ARP does not give out addresses. your MAC address from your IP address. -- Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com> John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
Show quote
Hide quote
"John Navas" <spamfilter0@navasgroup.com> wrote in message That is said better than your MAC address comes from ARP.news:2phti29vhae34pm7bcciq3ost512b14okn@4ax.com... > On Thu, 12 Oct 2006 13:52:14 -0800, "Dana" <raff***@yahoo.com> wrote in > <12ite69qketg***@corp.supernews.com>: > > >"John Navas" <spamfilter0@navasgroup.com> wrote in message > >news:rscti2dl4l1sidb461uvro8epi5r48k64b@4ax.com... > > >> Why would you want to change your MAC address? You're identifiable by > >> your IP address. > > > >IP addresses are logical addresses, a host can change his IP address. > >Where a MAC address is a burned in address for a paticular NIC. This address > >cannot be changed, hence it represents one unique host. Of course you can > >change out nics, but that is not usually done. > > The remote bad guy can't see your MAC address (only the local network > sees it), so this is irrelevant. > > >> Those things out there just use your IP address. Your MAC address comes > >> from ARP. (Look it up in Wikipedia.) > > > >Your MAC address does not come from ARP, your MAC address is burned into > >your NIC by the manufacture. The first part af the MAC addressed is > >controlled by a global body that gives addresses to the manufactures, the > >second part of the MAC address is controlled by the manufacture to identify > >the host. > >ARP is a way to resolve addresses, ARP does not give out addresses. > > Are you trying to be argumentative? ARP is how the local network finds > your MAC address from your IP address. Show quoteHide quote > > -- > Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com> > John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi> > Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo> > Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
Show quote
Hide quote
"Dana" <raff***@yahoo.com> wrote in message My router will "clone" a MAC address.news:12ite69qketgj76@corp.supernews.com > "John Navas" <spamfilter0@navasgroup.com> wrote in message > news:rscti2dl4l1sidb461uvro8epi5r48k64b@4ax.com... > > On 12 Oct 2006 13:41:17 -0700, ret***@techemail.com wrote in > > <1160685677.590916.144***@c28g2000cwb.googlegroups.com>: > > > Thus, since all users in that IP > > > range would share identical hex values in the first 3 > > > digits of > > > their MAC address, if you randomized your entire MAC > > > address, > > > you would stand out as the user with a different beginning > > > MAC > > > address than the rest. It would be better, for the sake of > > > anonimity, to keep the original first 3 numbers and > > > randomize > > > only the last 3. Am I correct? > > > > Why would you want to change your MAC address? You're > > identifiable by your IP address. > > IP addresses are logical addresses, a host can change his IP > address. > Where a MAC address is a burned in address for a paticular NIC. > This address cannot be changed, hence it represents one unique > host. Of course you can change out nics, but that is not > usually > done. Show quoteHide quote > > > > > 2) Using a sniffer, I can see that random packages sent to > > > my IP > > > address by all those bots and whatever that are out there, > > > already know my MAC address without any communication from > > > my > > > part. This happens even when I start my internet connection > > > and > > > I have been online for only half a second, the first random > > > bit > > > of internet noise that hits me already knows my MAC address > > > despite my not communicating with anyone besides my ISP to > > > establish the connection. How does this work? Is my modem > > > changing the MAC on incoming packets? Or my ISP? > > > > Those things out there just use your IP address. Your MAC > > address comes from ARP. (Look it up in Wikipedia.) > > Your MAC address does not come from ARP, your MAC address is > burned > into your NIC by the manufacture. The first part af the MAC > addressed is controlled by a global body that gives addresses > to > the manufactures, the second part of the MAC address is > controlled > by the manufacture to identify the host. > ARP is a way to resolve addresses, ARP does not give out > addresses. -- Travis in Shoreline Washington Please remove the microsoft.public.mac.virtualpc newsgroup from
replies to this thread. It is NOT related to MAC addresses, but Apple Mac software. On Fri, 13 Oct 2006 07:35:33 GMT, "Travis M." <Travis.Shoreline@gmen.invalid> wrote: Show quoteHide quote >"Dana" <raff***@yahoo.com> wrote in message >news:12ite69qketgj76@corp.supernews.com >> "John Navas" <spamfilter0@navasgroup.com> wrote in message >> news:rscti2dl4l1sidb461uvro8epi5r48k64b@4ax.com... >> > On 12 Oct 2006 13:41:17 -0700, ret***@techemail.com wrote in >> > <1160685677.590916.144***@c28g2000cwb.googlegroups.com>: >> > > Thus, since all users in that IP >> > > range would share identical hex values in the first 3 >> > > digits of >> > > their MAC address, if you randomized your entire MAC >> > > address, >> > > you would stand out as the user with a different beginning >> > > MAC >> > > address than the rest. It would be better, for the sake of >> > > anonimity, to keep the original first 3 numbers and >> > > randomize >> > > only the last 3. Am I correct? >> > >> > Why would you want to change your MAC address? You're >> > identifiable by your IP address. >> >> IP addresses are logical addresses, a host can change his IP >> address. >> Where a MAC address is a burned in address for a paticular NIC. >> This address cannot be changed, hence it represents one unique >> host. Of course you can change out nics, but that is not >> usually >> done. > >My router will "clone" a MAC address. > >> > >> > > 2) Using a sniffer, I can see that random packages sent to >> > > my IP >> > > address by all those bots and whatever that are out there, >> > > already know my MAC address without any communication from >> > > my >> > > part. This happens even when I start my internet connection >> > > and >> > > I have been online for only half a second, the first random >> > > bit >> > > of internet noise that hits me already knows my MAC address >> > > despite my not communicating with anyone besides my ISP to >> > > establish the connection. How does this work? Is my modem >> > > changing the MAC on incoming packets? Or my ISP? >> > >> > Those things out there just use your IP address. Your MAC >> > address comes from ARP. (Look it up in Wikipedia.) >> >> Your MAC address does not come from ARP, your MAC address is >> burned >> into your NIC by the manufacture. The first part af the MAC >> addressed is controlled by a global body that gives addresses >> to >> the manufactures, the second part of the MAC address is >> controlled >> by the manufacture to identify the host. >> ARP is a way to resolve addresses, ARP does not give out >> addresses. In article <12ite69qketg***@corp.supernews.com>,
Show quoteHide quote "Dana" <raff***@yahoo.com> wrote: That's not completely true. DEC systems changed their MAC addresses and > "John Navas" <spamfilter0@navasgroup.com> wrote in message > news:rscti2dl4l1sidb461uvro8epi5r48k64b@4ax.com... > > On 12 Oct 2006 13:41:17 -0700, ret***@techemail.com wrote in > > <1160685677.590916.144***@c28g2000cwb.googlegroups.com>: > > >Thus, since all users in that IP > > >range would share identical hex values in the first 3 digits of their > > >MAC address, if you randomized your entire MAC address, you would stand > > >out as the user with a different beginning MAC address than the rest. > > >It would be better, for the sake of anonimity, to keep the original > > >first 3 numbers and randomize only the last 3. Am I correct? > > > > Why would you want to change your MAC address? You're identifiable by > > your IP address. > > IP addresses are logical addresses, a host can change his IP address. > Where a MAC address is a burned in address for a paticular NIC. This address > cannot be changed, hence it represents one unique host. Of course you can > change out nics, but that is not usually done. SUN systems do also. If you have multiple NIC adapters in a SUN system, they all use the same MAC address by default unless you change this at the Open Boot Prompt. For the most part, this is only a problem with mulithomed systems on the same network segment. If the NICs are in different segments, they can broadcast the same MAC address. Only VLANs get upset with having the same MAC address on the same box connected to different ports. -- DeeDee, don't press that button! DeeDee! NO! Dee...
Show quote
Hide quote
"Michael Vilain" <vilain@spamcop.net> wrote in message Never said you cannot change MAC addresses. Only said that MAC addressesnews:vilain-2004F4.02070813102006@comcast.dca.giganews.com... > In article <12ite69qketg***@corp.supernews.com>, > "Dana" <raff***@yahoo.com> wrote: > > > "John Navas" <spamfilter0@navasgroup.com> wrote in message > > news:rscti2dl4l1sidb461uvro8epi5r48k64b@4ax.com... > > > On 12 Oct 2006 13:41:17 -0700, ret***@techemail.com wrote in > > > <1160685677.590916.144***@c28g2000cwb.googlegroups.com>: > > > >Thus, since all users in that IP > > > >range would share identical hex values in the first 3 digits of their > > > >MAC address, if you randomized your entire MAC address, you would stand > > > >out as the user with a different beginning MAC address than the rest. > > > >It would be better, for the sake of anonimity, to keep the original > > > >first 3 numbers and randomize only the last 3. Am I correct? > > > > > > Why would you want to change your MAC address? You're identifiable by > > > your IP address. > > > > IP addresses are logical addresses, a host can change his IP address. > > Where a MAC address is a burned in address for a paticular NIC. This address > > cannot be changed, hence it represents one unique host. Of course you can > > change out nics, but that is not usually done. > > That's not completely true. DEC systems changed their MAC addresses and > SUN systems do also. were burned into the NIC by the MFG. Show quoteHide quote > -- > DeeDee, don't press that button! DeeDee! NO! Dee... > > > What does this have to do with Virtual PC for Macintosh?
-- Barry Margolin, bar***@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** On 12 Oct 2006 13:41:17 -0700, ret***@techemail.com wrote:
>1) For most people, their connection is to a defined IP range owned by I suppose that would be correct, but I fail to see the point of changing>a single ISP provider, who probably gives its users the modem to use, >and thus, these modems are all probably of a certain make, and all have >the same first 3 hexadecimal numbers. Thus, since all users in that IP >range would share identical hex values in the first 3 digits of their >MAC address, if you randomized your entire MAC address, you would stand >out as the user with a different beginning MAC address than the rest. >It would be better, for the sake of anonimity, to keep the original >first 3 numbers and randomize only the last 3. Am I correct? the MAC. Regardless of the MAC, you are identifiable by your IP. The translation of IP to MAC on an incoming packet is done at the last stop before your modem (i.e by your ISP.) Other users on the net cannot see your MAC. There is no need for them to see it, they have your IP. Reverse the process for outgoing packets. Your ISP knows the MAC of the modem the packet came from, but it forwards only your IP address, not your MAC. Note, I'm speaking of wired systems. On wireless systems, you may be able to discover the MAC of someone's wireless adaptor in the signal between the adaptor and the wireless access point. The only reason for doing so is to spoof someone else's MAC so you can gain illicit access. >2) Using a sniffer, I can see that random packages sent to my IP Oh, okay, it's bots, trojans, and background noise you are concerned about.>address by all those bots and whatever that are out there, already know >my MAC address without any communication from my part. This happens >even when I start my internet connection and I have been online for >only half a second, the first random bit of internet noise that hits me >already knows my MAC address despite my not communicating with anyone >besides my ISP to establish the connection. How does this work? Is my >modem changing the MAC on incoming packets? Or my ISP? Changing your MAC isn't going to help. As I said above, no one else on the net knows your MAC. Only your ISP knows it. If you are being hit at random, that can be due to an infected system(s) on your ISP subnet (though most reputable ISP's quickly cut off such systems until the users fix their PC's.) Or you can be hit intentionally, but blindly, by anybody, anywhere, targeting entire subnets. Or you could be infected yourself. Have you run Spybot S&D or AdAware, and do you have an up to date virus scanner? >3) If I open my ISP monitoring window it shows me sent/received bytes 20 bytes is the TCP overhead. If your MTU (Maximum Transmission Unit) is>to the internet. By carefully following this flow with the sniffer, I >realized that there is a discrepancy, and that almost every packet >sent/received, according to the sniffer, is 20 bytes longer than >according to the ISP window. Any reason why (and which) 20 bytes would >be underreported from every packet (almost every packet)? The ECHO >packet behaves differently: my ISP window shows a flow of about 20 >bytes per packet, while the sniffer program reports 50 to 60 bytes >(don't remember the exact number). set to 1500, your packets are 1460 bytes + 20 bytes overhead. The sniffer program you are using is displaying the overhead while, apparently, the ISP monitor is not. Echo packets are ICMP, not TCP. So they will be a different size. >4) Is there a website that will show you a print out of the packet you I don't know of one offhand. But here is a site that will explain in detail>send it, the same way there are web sites that show you the details of >your web request (such as IP address, what IE you're using, etc.)? what the packets contain. http://mike.passwall.com/networking/samplepacket.html Spender <Spen***@Mars.org> writes:
Show quoteHide quote > On 12 Oct 2006 13:41:17 -0700, ret***@techemail.com wrote: Could you tell a beginner how the router knows which machine to route> >>1) For most people, their connection is to a defined IP range owned by >>a single ISP provider, who probably gives its users the modem to use, >>and thus, these modems are all probably of a certain make, and all have >>the same first 3 hexadecimal numbers. Thus, since all users in that IP >>range would share identical hex values in the first 3 digits of their >>MAC address, if you randomized your entire MAC address, you would stand >>out as the user with a different beginning MAC address than the rest. >>It would be better, for the sake of anonimity, to keep the original >>first 3 numbers and randomize only the last 3. Am I correct? > > I suppose that would be correct, but I fail to see the point of changing > the MAC. Regardless of the MAC, you are identifiable by your IP. > > The translation of IP to MAC on an incoming packet is done at the last stop > before your modem (i.e by your ISP.) Other users on the net cannot see your > MAC. There is no need for them to see it, they have your IP. the packet sent to its external IP then? Good FAQ pointer appreciated. On Sat, 14 Oct 2006 18:47:31 +0200, Hadron Quark <hadronqu***@gmail.com>
wrote in <87fydqkfoc.***@gmail.com>: >Spender <Spen***@Mars.org> writes: The router uses ARP to learn the MAC address on a local network that>> I suppose that would be correct, but I fail to see the point of changing >> the MAC. Regardless of the MAC, you are identifiable by your IP. >> >> The translation of IP to MAC on an incoming packet is done at the last stop >> before your modem (i.e by your ISP.) Other users on the net cannot see your >> MAC. There is no need for them to see it, they have your IP. > >Could you tell a beginner how the router knows which machine to route >the packet sent to its external IP then? Good FAQ pointer appreciated. corresponds to a given IP address, and then sends packets for that IP address to that MAC address. <http://en.wikipedia.org/wiki/Address_Resolution_Protocol> -- Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com> John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes> In article <8rvvi2p63f0nj292jsa4m28m9lgj869***@news.easynews.com>,
Spender <Spen***@Mars.org> wrote: > I fail to see the point of changing Some ISPs require MAC registration, with a limit on the number of > the MAC. Regardless of the MAC, you are identifiable by your IP. registrations. If you have several devices directly connected (not going through a router) it's very handy to use the same MAC address for all of them. "Some O" <SO@nospam.net> wrote in message Do you know what the MAC is, and how it is used to determine where to send news:SO-A39BCD.09544631102006@news.telus.net... > In article <8rvvi2p63f0nj292jsa4m28m9lgj869***@news.easynews.com>, > Spender <Spen***@Mars.org> wrote: > >> I fail to see the point of changing >> the MAC. Regardless of the MAC, you are identifiable by your IP. > Some ISPs require MAC registration, with a limit on the number of > registrations. > If you have several devices directly connected (not going through a > router) it's very handy to use the same MAC address for all of them. packets. So you guys are saying that the unique hardware MAC address of my
internet card only gets transmitted as far as my local ISP provider? I haven't been able to find a good FAQ or guide explaining in detail how this works (and yes, I did read the links you've posted about ARP and others). How does this work? As far as I can make out from what I've read here, I send a packet to my ISP with my real MAC address and the destination MAC address. The ISP records the destination IP and MAC address in its memory, and then strips the packet of the MAC addresses because they are not necessary from that point on. It sends out a slimmed version of my original packet, which doesn't contain any MAC addresses. The destination ISP receives the packet and uses its own table of stored IP/MAC addresses to generate a packet that it will send to the destination IP that will include the MAC addresses from its database. But the MAC address it is sending has been generated by itself, it does not know the real MAC address of my computer. With this method, the destination IP can route the packet to the appropriate computer on its LAN network, if there are more than one users on the destination IP. Then their computer sends a reply packet to me, in which they include the destination MAC address of my computer, which is actually the randomly generated MAC their local ISP uses in its memory to identify packets sent to my IP for this internet session. The process is repeated, and I also receive the packet with a MAC generated by my own local ISP, but in our communications, neither of us can know what the real MAC of each other truly is. Is this remotely close to how it works? On 30 Oct 2006 08:30:45 -0800, ret***@techemail.com wrote:
>Then their computer sends a reply packet to me, in which they include No.>the destination MAC address of my computer, which is actually the >randomly generated MAC their local ISP uses in its memory to identify >packets sent to my IP for this internet session. The process is >repeated, and I also receive the packet with a MAC generated by my own >local ISP, but in our communications, neither of us can know what the >real MAC of each other truly is. > > Is this remotely close to how it works? You send a packet out which reaches your ISP's first hop router. Your ISP knows the MAC address of your computer because your computer is part of their LAN (this is assuming you have a cable modem directly connected to a single PC.) The MAC address is recorded in a table, connecting it with your outgoing packet in anticipation of a response. Keep in mind that your packet has a destination IP in it. The recipient's router knows which MAC address goes with that IP, and directs the packet accordingly. The recipient responds with a packet, and the same thing happens in reverse. Thier first hop router strips their MAC and forwards the packet with the destination IP (your IP). Your ISP's router receives the packet and matches it to it's table to find out which MAC address to send the packet to. There is no generation of MAC's going on. Your MAC address is static - it is permanently burned into your ethernet card. The same process goes on in your home if you have a NAT router with more than one computer hooked up. Say you and your girlfriend are both surfing the web. How does your router know which computer to send responses to? Your ISP *doesn't* know in this case since regardless of whether it is you or your girlfriend sending a packet, all the ISP sees is your NAT router's IP and MAC address. It is your NAT router that keeps a table of packets connected to particular MAC's so that it can forward responses to the correct computer. Also keep in mind that the MAC address process is working at every hop your packet takes. Routers have MAC addresses as well. If you open a command prompt and type "tracert www.google.com", you will see the route your packet takes to get to www.google.com. Each router knows the MAC address of the one before it, and the one after it. Technically, "knows" is a bad term, but it illustrates the point. What is actually going on is what ARP is for. Each router knows how to find the MAC address of the one before it, and the one after it. That is all a router needs to know to forward a packet. 
Other interesting topics
Modem problem
LAN won't cooperate Can't back up open files on one machine, but can on another XPH can't see XPP? accessing secure wireless network to put all computers on the same network Accessing a hidden shared file Keep having to re-enter WEP Key in XP Home Edition The connection was ended - Remote Desktop XP says Connected but no access to the Internet (while other computer has access)... IE keeps dialing my modem |
|||||||||||||||||||||||
