什么是NIC,MAC和ARP?[网络技术]

Foundations: What Are NIC, MAC and arp?

　　计算机网络底子:什么是NIC, MAC和arp?

　　"Avast! Belay the port jib, and scupper the mains"l on the poop deck!"

　　“愣住!把绳拴在港口上,用排水管排掉甲板和船尾的水!”

　　This means something important to pirates. (Possibly.) It also illustrates how every industry has its own jargon, rich in technical meaning to insiders, but often impenetrable to outsiders. And the first time you hear a network geek tell you, "Of course the device can"t be found, because its MAC address isn"t in the arp table," well, you just wanna keelhaul that bilge rat on the lee side of a mizzenmast.

　　这些话对海盗来说(大概)至关重要.它还阐明了每个行业自己的行话对业内助士若何拥有丰富的技术含义,但对外行人却非常费解.当你第一次听见一个网络极客对你说:“你的机子当然不会被找到,因为它的MAC地址不在arp映射表里”时,你只有惭愧得巴不得找个洞钻进去.

　　A more effective and less violent response would be to learn these important terms. Devices on a network don"t immediately become aware of the existence and location of other devices on the same network. If you"ve ever wondered how they discover one another, then you"re ready to enter the not-really-that-mysterious world of NIC, MAC, and arp (pronounced as words, not as spelled-out letters). Full speed ahead, matey!

　　在学习了本文的这些重要东西后,你便可以做出更有效而暖和的反击了.在网络中的设备并不会即刻检测到相同网络中其他设备的存在及其位置.假如你想知道他们之间是若何发现彼此的,那你就要预备好进入网络适配器(NIC, 也称网卡), 媒体拜候掌握(MAC)和地址解析协议(arp)的虚幻而奥秘的世界.

　　Two addresses in one

　　一台计算机中的两个地址

　　To explain NIC, MAC, and arp, we"ll start with one computer: yours. We"ll call this desktop system Redbeard, one of several computers on a LAN.

　　为了注释NIC, MAC和arp,我们将从你的计算机开始.我们将你计算机的桌面操作系统称作Redbeard,一个局域网里众多计算机中的一台.

　　You"re probably aware that Redbeard has an Internet Protocol (IP) address. (If this concept is new to you, first read Foundations: Understanding IP Addresses and Binary.) An IP address acts like a mailing address to help other computers deliver network traffic to Redbeard. But IP addresses also present complications. Some addresses are static, meaning, more or less permanent. But other IP addresses are dynamic, meaning, assigned on the fly from (and returned to) a range of IP addresses (for example, 192.168.0.1 - 192.168.0.254). Dynamic IP addressing is part of what enables you to take your laptop somewhere new, connect to the Internet, and receive IP traffic. When you do so, somewhere a DHCP server has dynamically allocated a temporary IP address to your laptop.

　　你大概知道Redbeard有一个IP地址.一个IP地址就像一个邮箱地址,它帮忙其他计算机将网络信息传给Redbeard.但IP地址却越发复杂.一些IP地址是静态的,这就是说,它们大都是永久的.但是其他的IP地址是动态的,也就是说,将被分配自(也将被回收到)一个范围的IP地址(比方,192.168.0.1 - 192.168.0.254).动态分配IP地址是你能带着你的笔记本走到某个新地方却仍然联着网和承受IP数据的必要条件.当你带着你的笔记本处处乱逛的时刻,处于某处的一台DHCP服务器已经动态地分配了一个暂时IP地址给你的笔记本了.

　　So with machines coming and going on networks, and IP addresses ever changing, how do other computers on your network find Redbeard? The secret (well, not really a secret; just a fact that veteran administrators know so well, they forgot to tell you) is this: every networked device actually has two addresses. One is the IP address, which might or might not change. The other is the MAC address, which typically does not change.

　　那么随着你的计算机在网络中不断地移动,IP地址不断地改变,在局域网中的其他计算机是若何找到Redbeard的呢?奥秘在于(好吧,其实也不是什么奥秘;只是一个经验丰富的管理员理解得很清楚但却忘了奉告你的一个事实):每一台网络设备都有两个地址.一个是IP地址,大概是静态也大概是动态.另一个是MAC地址,一个普通不会改变的地址.

　　MAC is just my NIC name

　　MAC仅仅是我网卡的名字

　　When you connect a computer to your Ethernet LAN, do you know what you"re plugging the Ethernet cable into? From the outside, it looks like you"re plugging it into a metal case, but you"re not. Inside the case is a Network Interface Card (NIC). A NIC is a special hardware card within any networked device (computer, printer, router, etc.) that handles all the technical aspects of sending and receiving data packets over a computer network.

　　当你衔接计算机到你的以太局域网时,你知道你的网线正在插进什么东西么?从表面来看,你在将网线头插进一个金属孔(译者注:就是你计算机上的网口)中,但是事实并非这样.在这个孔的里面是一个网络适配器(网卡).网卡是每个网络设备(计算机,打印机,路由器,等等)中都有的硬件,它们处理一个计算机网络中全部收发数据包的技术方面的工作.

　　Like your mailing address at home, your computer"s NIC has a unique address. This address must be unique in all the world. Otherwise, network traffic couldn"t find its way to the right computer.

　　就像你家里的邮箱地址,你的计算机的网卡也有一个唯一的地址.这个地址必须在环球都是唯一的.不然,网络数据不能找到到达精确计算机的途径.

　　The distinctive address that identifies a NIC is called the Media Access Control (MAC) address. A MAC address is a unique character string, and since it identifies a specific physical device -- one individual NIC -- the MAC address, by convention, never changes for the life of the NIC. Two NICs never have the same MAC address (unless some manufacturer screws up royally [which has happened]). Because your NIC"s MAC address is permanent, it"s often referred to as the "real," or physical, address of a computer.

　　这个辨认网卡的独特地址就是所谓的媒体拜候掌握(MAC)地址.一个MAC地址是一个举世无双的字符串.由于它标识一个独特的物理设备——一个唯一的网卡——MAC地址,按照约定,在网卡中将永不会改变.任何两块网卡都不会有相同的MAC地址(除非人为地改变).因为你的网卡MAC地址是不变的,它常常被认为是“真”的,物理的,计算机地址.

　　A MAC address is formatted as a six-byte, hexadecimal number, like this:

　　一个尺度的MAC地址是6字节,16进制表示,就像这样:

　　00:90:7F:12:DE:7F

　　00:90:7F:12:DE:7F

　　In hexadecimal notation, it takes merely two characters to represent a byte. Each byte in a MAC address is separated by either a colon (:) or a hyphen (-).

　　在16进制记法里,仅仅用两个字符就可以表示一个字节.MAC地址里每个字节都用冒号(:)或连字号(-)脱离.

　　You don"t get to assign MAC addresses the way you do IP addresses. Instead, manufacturers pre-program a chip on each NIC with its exclusive MAC address. The IEEE Standards Association assigns each NIC manufacturer a special three-byte code, called an Organizationally Unique Identifier (OUI, which you should not confuse with the men"s magazine of the same name -- trust us), which identifies that particular manufacturer. The first half (three bytes) of any MAC address expresses this manufacturer code. For example, taking the OUI in the MAC address shown above, you can look up 00:90:7F on IEEE"s OUI registry and find that 00:90:7F indicates a NIC from WatchGuard.

　　你不用像得到IP地址那样得到MAC地址,而是制造商在每一个网卡里都预先编号了一个带有唯一MAC地址的芯片.IEEE尺度协会给每个网卡制造商分配了一个唯一的3字节代码,即所谓的组织唯一标识符(OUI,Organizationally Unique Identifier),它用来辨认制造商.任何一个MAC地址的前半部份(3字节)表示这种制造商代码.比方,找到上面提到的MAC地址的OUI,你可以再IEEE的OUI注册表中查找00:90:7E,最后你将发现00:90:7E代表来自WatchGuard的网卡.

　　The second half of a MAC address differentiates one NIC from another. The NIC manufacturers ensure that the MAC address for each NIC they ship ends with a unique three-byte number. This is feasible because a three-byte hexadecimal address offers over sixteen million possible variations.

　　MAC地址的后半部份差别于其前半部份.网卡制造商确保他们生产的每一块网卡的MAC地址都以唯一的3字节数末尾.由于一个3字节的16进制数至少能表示一千六百万个地址,因此这样做是可行的.

　　The yin and yang of MAC and IP

　　MAC地址和IP地址的优缺陷

　　MAC addresses seem pretty cool, right? But you have no control over what MAC addresses will be in the devices you purchase, and you normally can"t alter them, so it"s impossible to organize anything by MAC address. MAC addresses are not routable, either; in other words, Internet protocols will not accept a MAC address as a destination (for one thing, it"s two bytes longer than an IP address). The MAC concept doesn"t scale. So you only utilize MAC addresses locally, not across a router.

　　MAC地址仿佛相当酷,是不是?但当你买到一块网卡时却无法掌握其MAC地址的值,并且普通你还不能改正它,这就会由它引出一些事情.同时MAC地址是不能被路由的,换句话说,网络层协议将不会把MAC地址作为目的地址(并且,它还比IP地址多了两字节).MAC并不能构成网络拓扑.所以你仅仅在局域网内部用MAC地址,而不会经过路由器.

　　IP addresses, on the other hand, scale extremely well. On your private network, you can slice "em into ranges that make sense to you (known as subnetworking, or subnetting). You can decide at a whim what IP address any device or group of devices should have.

　　相反,IP地址的网络拓扑构造相当好.在你的私有网络中,你可以随心所欲地将其分为很多分支(即所谓的子网或分网).你可以按你所愿给任何一台或一组设备分配IP地址.

　　So what we have is yin and yang. The malleable IP address gives your network some flexible manageability. The never-changing MAC provides a specific, reliable address for a physical device.

　　我们说事情都是优劣互补的.具有延展性的IP地址让你的网络拥有了机动的管理.而永不改变的MAC地址给物理设备供应了一个独特坚固的地址.

　　Or you could say, we have the long and the short of it. IP addresses route a packet across the whole global Internet, while MAC addresses help the packet make the small, local hop between hardware devices. Sophisticated networking is possible because each of your networked devices has both a MAC and an IP address.

　　大概你也可以说,我们取长补短.IP地址在整个环球因特网中路由数据包,而MAC地址则帮忙数据包在两个硬件设备间做狭窄的部分的传送.恰是由于你的网络设备拥有MAC地址和IP地址才让这复杂的网络传输变得大概.

　　Network Roll Call: arp

　　网络中的点名:arp

　　We began by wondering, "How do devices on a local network become aware of one another?" NICs and MACs are important pieces of the answer, but your network must learn to pair a MAC address with the IP address for the same machine. It does so using a technique called Address Resolution Protocol (arp, pronounced like a pirate with the hiccups).

　　我们开始想知道,“在局域网中的设备若何才知道彼此的存在呢?”网卡和MAC地址只是这个答案中重要的部份,你的网络还必须知道若何匹配同一台设备的MAC地址和其IP地址.这就是所谓的地址解析协议(arp, Address Resolution Protocol, 可以想象海盗边打嗝边读出它的情形).

　　Think of ARP as network roll call. Remember the first day of fourth grade? At the beginning of class, the teacher called from a list of names, expecting you to reply when she called yours. She did this to associate your name with your face. Every kid heard every name, but answered only to his or her own name. arp uses a similar technique to associate an IP address to the MAC address.

　　把ARP想像成网络中的点名.还记得你四年级时入学的第一天么?在开始上课时,老师按照点名册开始点名,但愿点到你时你可以答“到”.她这是为了能将你的名字和你的脸接洽起来.每一个小孩都听到了全部的名字,但是却只答复他(她)自己的名字.arp应用了类似的技术来将IP地址和MAC地址接洽起来.

　　Let"s assign Redbeard the IP address, 192.168.39.101, and suppose its NIC has the MAC address, 00:A0:24:30:2E:13. And suppose you need to send a file to Larry in Accounting -- or more literally, to his computer, Beancounter. When Redbeard attempts to send Beancounter a file, Redbeard first obtains Beancounter"s IP address. Upon seeing that the IP address is local (on the same subnetwork), Redbeard knows he is capable of sending the file to its destination, if he learns the "real" (MAC) address associated with that IP address. To learn the MAC address, Redbeard does what your teacher did on the first day of school. He calls out to the entire local network asking that the computer with the IP in question reply "Here!" with a MAC address.

　　我们给Redbeard分配的IP地址为192.168.39.101,并且假定它的网卡的MAC地址为00:A0:24:30:2E:13.然后假定你需求发送一个文件给Larry——更具体点,给他的电脑,Beancounter.当Redbeard尝试给Beancounter发送一个文件时,Redbeard首先得到Beancounter的IP地址.发现其IP地址是局域网内的(在同一个子网中),假如Redbeard知道“真的”对方的MAC地址和对应的IP地址,那么他可以将文件送到目的地.为了得到对方的MAC地址,Redbeard做出了和你开学第一天老师做的一样事情.他在整个局域网内点名,让是这个IP地址的计算机用它的MAC地址答“到”.

　　Let"s say that Beancounter has the IP, 192.168.39.148. To find the MAC address for Beancounter, Redbeard would send the following (simplified) arp request:

　　我们假定Beancounter的IP地址是192.168.39.148.为了找到Beancounter的MAC地址,Redbeard将发送下面的arp恳求:

　　MicrosoftInternetExplorer402DocumentNotSpecified7.8Normal0

　　From(Redbeard"s MAC address): 00:A0:24:30:2E:13

　　To(Broadcast address) FF:FF:FF:FF:FF:FF

　　Packet content Who has 192.168.39.148? Tell 192.168.39.101

　　MicrosoftInternetExplorer402DocumentNotSpecified7.8Normal0

　　来自(Redbeard的MAC地址): 00:A0:24:30:2E:13

　　去往(广播地址): FF:FF:FF:FF:FF:FF

　　数据包的内容 Who has 192.168.39.148? Tell 192.168.39.101(谁的IP地址是192.168.39.148? 请奉告192.168.39.101,译者注)

　　Notice the special address in the "To" field above. That special address (all Fs) is the MAC broadcast address. Anything sent to that address goes to every computer on Redbeard"s LAN segment. All those computers receive the message, but ignore it, because it doesn"t pertain to them -- with the exception of Beancounter. Because Beancounter is 192.168.39.148, it replies with its MAC address, like this:

　　注意到上面的“去往”分栏里的特别地址.这个特别地址(满是F)就是MAC广播地址.任何发送至这个地址的包城市到达Redbeard所在局域网段里的每一个计算机.全部这些计算机(除了Beancounter,译者注)城市收到这个报文,但是都忽视它,因为这个报文并不属于它们——它属于Beancounter.因为Beancounter的IP地址是192.168.39.148,所以它会像这样呼应这个报文:

　　MicrosoftInternetExplorer402DocumentNotSpecified7.8Normal0

　　From(Beancounter"s MAC address): 00:A0:24:30:4C:23

　　To(Redbeard"s address) 00:A0:24:30:2E:13

　　Packet content I have192.168.39.148

　　MicrosoftInternetExplorer402DocumentNotSpecified7.8Normal0

　　来自(Beancounter的MAC地址): 00:A0:24:30:4C:23

　　去往(Redbeard的MAC地址): 00:A0:24:30:2E:13

　　数据包内容 I have192.168.39.148(我是192.168.39.148,译者注)

　　Now Redbeard has "resolved" the IP address 192.168.39.148 to its MAC address, 00:A0:24:30:4C:23. Redbeard can send files directly to the correct piece of hardware that accepts network traffic on behalf of Beancounter (Beancounter"s NIC). Bonus: Beancounter also remembers Redbeard"s IP address and MAC address, because they were part of Redbeard"s initial arp request.

　　目前Redbeard将IP地址192.168.39.148和它的MAC地址00:A0:24:30:4C:23“关联”起来了.Redbeard目前能偶直接发送文件到网络中代表Beancounter的硬件(Beancounter的网卡)了.注意:Beancounter也记着了Redbeard的IP地址和MAC地址,因为这些也是Redbeard的最初arp恳求里的内容.

　　This entire process we"ve just described is what geeks mean when they say "it"s arping for a MAC address."

　　我们以上所描写的整个历程就是极客们所说的“去arp一个MAC地址”.

　　I"ve got your number

　　我也得到了你的地址

　　Having successfully ARPed, Redbeard stashes the newly-learned MAC/IP pair in an ARP cache. The ARP cache is a small segment of memory your computer reserves to temporarily store a table of MAC addresses and their associated IP addresses. Your computer keeps this table for efficiency so that it doesn"t have to keep broadcasting ARP requests to computers it has already queried. If Redbeard needs to send something else to Beancounter soon, Redbeard will obtain Beancounter"s MAC address from Redbeard"s own on-board treasure trove, the arp cache.

　　在成功地ARP了之后,Redbeard将这对新得到的MAC/IP对存储在一个ARP映射缓存中.ARP映射缓存是在你的计算机里用于暂时存储MAC地址和关联的IP地址的映射表.你的计算机为了效率而保护这个映射表,这样它就不用不断广播ARP恳求去询问它已经询问过的计算机了.假如Redbeard一会儿需求发送一些其他东西给Beancounter,Redbeard将从它的arp映射表里直接获得Beancounter的MAC地址.

　　However, the ARP cache sometimes becomes a problem. Every device on your LAN maintains its own ARP cache. Routers, in particular, do not update their ARP cache as frequently as computers. When you replace an old device on your network, the local router might not find the new device because it"s relying on data in the ARP cache that is now outdated. (This is a common issue when routers cannot find a newly installed Firebox.) That"s why you should flush your router"s arp cache when installing a new device for the first time (your router"s manual should tell you how).

　　但是,ARP映射缓存有时却成为一个问题.在你的局域网里的每台设备都保护它自己的ARP映射缓存.但是路由器却并不像计算机那样频繁更新它们的ARP映射缓存.当你在你的局域网里换了新设备时,本地路由器大概不能找到这台新设备,因为它还在查询只有老设备MAC地址的ARP映射缓存.那就是为什么当你第一次装一台新设备时需求革新你的路由器arp映射缓存(目前我们用的路由器更新对比频繁了,基本不会在去手动革新,译者注).

　　Pirates pronounce it, "ARrrrrrrrP!"

　　海盗们叫出,“ARrrrrrrrP!”

　　You"ll rarely have to deal with ARP and MAC during day-to-day operations. Mostly, they work behind the scenes and require very little administrative attention. However, sometimes you encounter problems where understanding MAC addresses and the ARP protocol becomes helpful in troubleshooting network issues. One form of hacker attack even involves feeding bad data to ARP tables, a practice known as ARP poisoning. So a little investment in learning about NIC, MAC, and arp may prevent your network from careening into Davey Jones" Locker -- plus, your mastery of jargon will impress your fellow hearties sailing the Internet"s bounding main.

　　在平常处理中,你几近不会触及到ARP和MAC.大都情形下,它们工作在幕后,很少需求管理员的干涉.但是当你碰到需求知道MAC地址和ARP协议的问题时将能很好地帮忙你办理麻烦的网络问题.黑客攻击的一种情势就包含改正恶意数据到ARP映射缓存,即所谓的ARP中毒.所以花一点时间来学习NIC, MAC和arp大概能是你的网络免于从正常行驶到海底坟墓——同时,你的术语本领将影响你同事的心开往因特网的海洋航道.