Background: Know: Recognize: Prerequisites - Link layer addresses, IP address, DHCP, promiscuous mode, Wireshark
Anticipates: inventory management (configuration management)
Addresses and filteringEdit
Link layer addresses (MAC addresses) which contains 48 bits (6 bytes) is layer 2 address of a device in the network. The MAC address is typically unique through the network (with minor exceptions, e.g. VRRP ). So equipment can be identified or managed by this address. This can bootstrap the management process: devices may be designed to obtain an IP address through DHCP, but NetOp can identify them in network through link layer address.
The following figure describes how 48bits are divided into groups (source: Wikipedia):
Network node can receive or eliminate a frame based on frame's destination MAC address.
If destination address of a frame matches the address of the node, the frame will be received and transferred to upper (network) layer for next processing step. Other, it will be terminated.
However, if nodes operate in "promiscuous mode", such information which is useful for sniffing will be capture regardless destinations. For example, using Wireshark to capture all packets for analyzing purpose.