MAC address

The MAC address ( Media Access Control address ) is the hardware address of each network adapter that serves as a unique identifier of the device in a computer network. For Apple, it is also called Ethernet ID, Airport ID or Wi- Fi address, physical address at Microsoft.

  • 3.1 Pseudo- receiver " broadcast address "
  • 3.2 Special identifiers 3.2.1 Receiver Group
  • 3.2.2 contracting authority
  • 3.4.1 Stolperfalle: marked " PRIVATE "

Function of the MAC address on the network

The MAC address associated with the data link layer (layer 2) of the OSI model. In extended by the IEEE OSI model it is assigned to the Media Access Control sublayer ( layer 2a). To connect the data link layer and the network layer, for example, Ethernet, the address resolution protocol under IPv4 is used. In IPv6 there is a new protocol, Neighbor Discovery Protocol (NDP ), which takes over this function.

Network devices then need a MAC address if they are to be explicitly addressed at layer 2 to provide services to higher layers. Directs the device as a repeater or hub, the network packets only on, it's on the data link layer is not visible and therefore needs no MAC address. Although bridges and switches examine the packets of the data link layer to physically divide the network into multiple collision domains, but do not themselves actively participate in the communication, ie need for these basic functions also no MAC address.

However, a switch requires a MAC address when it is self administered via the computer network or monitoring services offered (for example, via Telnet, SNMP, or HTTP). A MAC address is also required when bridges or switches the spanning tree algorithm used to avoid loops in redundant computer networks.

Form (syntax) of MAC addresses

In the case of Ethernet networks, there is the MAC address of 48 bits ( six bytes). The addresses are written in hexadecimal in the rule.

Usual is a byte-wise notation, with the individual bytes are separated by dashes or colons, eg 00 -80 41 ae- fd- 7e or 00:80:41: ae: fd: 7e. Rare to find, particulars such as 008041aefd7e or 0080.41ae.fd7e.

However, the order of the characters is not the same in all applications. A distinction is made here between the canonical and the " bit - reversed" representation. The canonical form is preferred for presentations.

Canonical representation

The usual representation of MAC addresses as they appear for example in the output of ipconfig / ifconfig is also referred to as a canonical form ( "canonical form", "LSB format" or " Ethernet format" ). It specifies the order in which the address in the IEEE 802.3 (Ethernet) and the IEEE 802.4 (Token bus) is transmitted. Here starts the transmission with the least significant bit (LSB, least significant bit) of an octet ( the exception is the Frame Check Sequence - FCS).

Bit - reversed representation

IEEE 802.5 ( Token Ring) and IEEE 802.6 start the transfer with the most significant bit (MSB, most significant bit). This can easily lead to misunderstandings when it is not stated whether the canonical representation in normal or byte representation of the reverse Bitübertragungsdarstellung is mentioned. An address, the canonical form is, for example, 12-34-56-78- 9A -BC is at the standard transmission (LSB first means read from right to left ) on the conduit in the form of

Transmitted bit sequence 01001000 00101100 01101010 00011110 01011001 00111101.

In Token Ring networks ( MSB first, ie: read from left to right, ie natural language ) would be transmitted in the form of

Bit sequence 00010010 00110100 01010110 01111000 10011010 10111100 take place.

If this is not consistently observed with the implementation of the bit sequences in the canonical representation, may, for example, the latter representation erroneously 48 -2C -6A -1E -59- 3D ( LSB first ) to be interpreted.

The representation in Token Ring networks but is then referred to as listed in RFC 2469 as " bit - reversed order", "Non - canonical form ", " MSB format", " IBM format", or " token ring format".

Function

In every frame for Ethernet II variant of the receiver and the sender, the MAC address is transmitted before the type field and the data first. Receiver and transmitter must be part of the Local Area Networks ( LAN). Should a package be sent to another network, it is first sent to the Ethernet level to a router. This analyzes the data on the secondary layer, and then further conveyed the packet. It generates to a new Ethernet frame if it also is an Ethernet at the neighboring network. For this, a router will replace the MAC addresses, that is, if router R1 receives an Ethernet frame and to pass it on to the router R2, replaced R1 the source address with its own MAC address and the destination address with the MAC address of R2.

Pseudo - receiver " broadcast address "

The MAC address in which all 48 bits are set to 1 ( FF-FF - FF-FF - FF-FF ) is used as a broadcast address, which is sent to all devices within the LAN. Broadcast frames are not transmitted without special measures in another LAN.

Special identifiers

Recipient group

The least significant bit (german Least Significant Bit, LSB) of the first byte (bit 0) of a MAC address indicates whether it is a single address or group address ( I / G for Individual / Group). In a broadcast or multicast I / G = 1 is set, otherwise and source addresses is I / G = 0

In short: I / G is

  • 0 for I ( Individual) or
  • 1 for G (Group).

Most protocols, which operate at OSI Layer 2, have particular MAC addresses, so-called MAC multicast addresses. The VLAN Trunking Protocol for example, uses the address 01 -00- 0C- CC -CC -CC .. This creates a frame is addressed to all switches simultaneously. There are also entire groups of MAC multicast addresses: The TRILL protocol used, for example, among others, 01-80 -C2 -00 -00- 00-01 80- C2-00 -00- 0F. Other protocols have special, permanently assigned MAC addresses.

Contracting authority

The following second bit (bit 1, called U / L Universal / Local ) indicates whether the MAC address is globally unique (Universally Administered Address ( UAA ) U / L = 0) or is administered locally and only there clearly is ( Locally Administered Address (LAA ), U / L = 1).

In short: U / L is

  • 0 for U ( Universal) or
  • 1 for L (Local ).

Vendor Codes

In the first 24 bits (bits 3-24 ) is assigned by the IEEE Manufacturer ID ( also OUI - Organizationally Unique Identifier called ) described that are largely visible in a database. The remaining 24 bits (bits 25 to 48 ) are individually determined by the manufacturer for each interface. For example, a Compaq OUI with the address 00-50 - 8b. Within this OUI Compaq may use all available addresses, so 00-50 - 8b -xx -xx -xx. This results in 224 = 16777216 ( 16.8 million ) individual addresses.

Provided for individuals and small companies and organizations that do not need as many addresses - In addition to the OUI also a small range of addresses (Individual Address Block IAB) exists. The address begins with 00-50 -C2 and of three other hex digits followed (12 bits), which are assigned to each organization. Thus the address range within the bits 11-0 remains available so 212 = 4096 individual addresses are possible.

The addresses of the interfaces of each network- enabled device should theoretically globally unique pre-assigned (but there are already individual cases become known in which two network cards on the same network had identical MAC addresses, which led to first completely inexplicable errors). This can be used for automatic configuration of devices and is used by protocols such as RARP, BOOTP, and DHCP. However, the software also supports often to be able to use any value as the MAC address. This is used for example in backup systems, where replacement units can take over the MAC address of a failed device.

Some software uses the MAC address of the first network card for identification of the computer must be running on the licensed programs. The calculation of a universal ID (UUID or GUID ) is used in addition to other parts of this MAC address. Since the MAC address can be changed, security experts, however, do not recommend to use the MAC address as the sole criterion authentication.

Manufacturer-independent identifiers

In addition to the broadcast address FF -FF -FF -FF -FF -FF, which addresses all devices on a local network are multicast addresses for example when using the IP protocol in the range 01-00-5e-00-00-00 to 01 -00- 5e - 7f -ff -ff used. Here, then, the lower 23 bits of the IP multicast address are mapped directly to the lowest 23 bits of the MAC address. The IP multicast address 224.0.0.1, the multicast MAC address 01 -00- 5e -00-00 -01 is therefore assigned. Since the first four bits of an IP multicast address corresponding to the class D convention are set remain five bits of the IP multicast address, which can not be displayed in the MAC multicast address. Thereby it is possible that a host MAC multicast packets receives the multicast group to which he does not belong. These packets are then discarded from the IP layer, since there based on the IP multicast address is the recognition possible.

For fault-tolerant logical router according to the manufacturer-independent VRRP ID 00-00 -5E -00- 01- ID is reserved (in the range 00-00 -5E ), the last byte ID stands for the ID of the virtual router. It remains the same even if another router takes over the service.

Stolperfalle: Marking "PRIVATE "

The manufacturer identifiers - such as AC -DE -48 - were featured in the OUI database as "PRIVATE " are registered for businesses that do not want to reveal publicly their identity. Addresses from these areas can not therefore, as one might expect, are used for local purposes. ( For local purposes, the " U / L bit address " is used as described under " contracting body". )

Determining and assigning a MAC address

Often is the MAC address, partly integrated in the serial number on the network card. In addition, they can be read by software. Depending on the operating system are this different commands in the command line or via the graphical user interface needed. There are also various additional programs that can simplify these tasks.

It goes well with the ifconfig command, and on some network cards, it only works in promiscuous mode properly, so

Ifconfig promisc

Followed by:

Ifconfig hw ether

Ifconfig lladdr lladdr

* # 62209526 # ( enter the home screen or in the dialing )

Acquisition of its own MAC address space

On a web page of the IEEE Prices for registration with own MAC address ranges can be seen. For its own OUI 645 U.S. dollars in 1885, for an IAB requested. For a year in 2260 U.S. dollars in addition (or 1130 at the IAB registration ) you can keep a secret this address range also. Others is not known then the own address space; you will be entered in either of the OUI still in the IAB database.

Further use

Often, the MAC address is used as access control (MAC ) filter for LANs and WLANs. Because of the possibility of slight change of MAC addresses has a MAC filter only weak protection and can easily be circumvented by so-called MAC spoofing.

37141
de