MAC address
The MAC address ( Media Access Control address) is the hardware address of each individual network adapter , which serves as a unique identifier for the device in a computer network . One also speaks of a physical address or device address . At Apple it is also called Ethernet ID , Airport ID or Wi-Fi address , at Microsoft it is a physical address .
Function in the network
The MAC address is assigned to the data link layer (layer 2) of the OSI model ; In the OSI model extended by the IEEE , it is assigned to the Media Access Control sub- layer (Layer 2a). To the data link layer with the next higher layer, the network layer , to be connected, is z. B. in the case of Ethernet, the Address Resolution Protocol is used in the context of IPv4 . In IPv6 , a new protocol takes over this function, the Neighbor Discovery Protocol (NDP).
Network devices then need a MAC address if they are to be explicitly addressed on layer 2 in order to offer services on higher layers; If, on the other hand, the device only forwards the network packets like a repeater or hub , it is not visible on the data link layer and therefore does not need a MAC address.
Bridges and switches examine the data link layer packets in order to physically divide the network into several collision domains, but they do not actively participate in the communication themselves, so they do not need a MAC address for these basic functions either. However, a switch requires a MAC address if it is administered via the computer network itself or if it offers monitoring services (e.g. via Telnet , SNMP or HTTP ). A MAC address is also required when bridges or switches use the spanning tree algorithm to avoid loops in redundant computer networks.
Form (syntax)
In the case of Ethernet networks, the MAC address consists of 48 bits or six bytes . The addresses are usually written in hexadecimal .
A byte-by-byte notation is common, the individual bytes being separated from one another by hyphens or colons, e.g. B.
00-80-41-ae-fd-7e
-
008041-aefd7e
or -
00:80:41:ae:fd:7e
.
Information such as
-
008041aefd7e
or -
0080.41ae.fd7e
.
However, the order of the characters is not the same in all applications. A distinction is made here between the canonical and the "bit-reversed" representation. The canonical form is preferred for representations.
Canonical representation
The usual representation of MAC addresses, as it appears, for example, in the output of ipconfig / ifconfig , is also referred to as canonical format (“canonical form”, “LSB format” or “Ethernet format”). It specifies the order in which the address is transmitted in IEEE 802.3 (Ethernet) and IEEE 802.4 (Token Bus). Here the transfer with the least significant bit (starts Least Significant Bit , LSB) of an octet (the exception is the Frame Check Sequence , FCS).
Bit reversed representation
IEEE 802.5 (Token Ring) and IEEE 802.6 start the transmission with the most significant bit (MSB, most significant bit ). This can easily lead to misunderstandings if it is not specified whether the reference is made to the canonical representation in normal byte representation or the inverse bit transfer representation. An address whose canonical form 12-34-56-78-9A-BC
is, for example , is used in standard transmission (LSB first, means: read from right to left) on the line in the form of
01001000 00101100 01101010 00011110 01011001 00111101
Transfer bit sequence .
In token ring networks (MSB first means: read from left to right, i.e. in natural language), the transmission would take the form of
Bit sequence 00010010 00110100 01010110 01111000 10011010 10111100
take place.
If this is not consistently observed when converting the bit sequences into the canonical representation, z. B. the latter representation can be incorrectly interpreted as 48-2C-6A-1E-59-3D
(LSB first).
The representation in token ring networks is then referred to as "bit reversed order", "non-canonical form", "MSB format", "IBM format", or "token ring format" as listed in RFC 2469 .
function
In each frame according to the Ethernet II variant, the MAC address of the recipient and the sender is first transmitted before the type field and the data. Receiver and sender must be part of the Local Area Network (LAN). If a packet is to be sent to another network, it is first sent to a router at the Ethernet level . This analyzes the data on the subordinate layer and then forwards the packet. To do this, it generates a new Ethernet frame if the neighboring network is also an Ethernet. To do this, a router replaces the MAC addresses, i. H. when router R1 receives an Ethernet frame and is to pass it on to router R2, R1 replaces the source address with its own MAC address and the destination address with the Mac address of R2.
Pseudo receiver "broadcast address"
The MAC address with all 48 bits set to 1 ( ff-ff-ff-ff-ff-ff
) is used as the broadcast address that is sent to all devices on a LAN. Broadcast frames are not transmitted to another LAN without special measures.
Special identifiers
Recipient group
The least significant bit (Engl. Least Significant Bit , LSB ) of the first byte (bit 0) indicates a MAC address, if there is a single address or group address (I / G Individual / Group). With a broadcast or multicast , I / G = 1 is set, otherwise and with source addresses I / G = 0.
In short: I / G is
- 0 for I (individual) or
- 1 for G (Group).
Most protocols that work on OSI Layer 2 have special MAC addresses, so-called MAC multicast addresses. The VLAN Trunking Protocol, for example, uses the address 01-00-0C-CC-CC-CC. This means that a frame is addressed to all switches at the same time. There are also whole groups of MAC multicast addresses: The TRILL protocol, for example, uses 01-80-C2-00-00-00 to 01-80-C2-00-00-0F, among others. Other protocols also have special, permanently assigned MAC addresses.
Registry
The following 2nd bit (bit 1, called U / L for Universal / Local) indicates whether the MAC address is globally unique ( Universally Administered Address (UAA); U / L = 0) or is administered locally and only there is unique ( Locally Administered Address (LAA); U / L = 1).
In short: U / L is
- 0 for U (universal) or
- 1 for L (Local).
Manufacturer IDs
00-50-8B-xx-xx-xx |
Compaq |
00-07-E9-xx-xx-xx |
Intel |
00-60-2F-xx-xx-xx |
Cisco |
00-15-F2-xx-xx-xx |
Asus |
In the next 22 bits (bits 2 to 23) one of which is IEEE assigned manufacturer code (also OUI - O rganizationally U nique I dentifier called) described, which are largely viewed in a database. The remaining 24 bits (bits 24 to 47) are specified individually for each interface by the respective manufacturer. For example Compaq has an OUI with the address 00-50-8b. Compaq may use all available addresses within this OUI, i.e. 00-50-8b-xx-xx-xx. This results in 2 24 = 16777216 (16.8 million) individual addresses.
In addition to the OUI, there are two smaller address areas:
- an OUI-28, or MAC Address Block Medium (MA-M), consisting of 28 bits
- an OUI-36, or MAC Address Block Small (MA-S), consisting of 36 bits
These are intended for private individuals and smaller companies and organizations that do not need as many addresses. The OUI-36 address begins with 36 bits that are assigned to an organization. This means that the address area within bits 11 to 0 remains usable, which means that 2 12 = 4096 individual addresses are possible. The MA-M are uniquely identified by 28 bits and with the remaining 20 bits result in: 2 20 = 1,048,576 individual addresses according to EUI-48 . More devices can be addressed when using the EUI-64 .
Theoretically, the addresses of the interfaces of every network-compatible device should be uniquely pre-assigned worldwide (but individual cases have already become known in which two network cards in the same network had identical MAC addresses, which initially led to completely inexplicable errors). This can be used to automatically configure devices and is used by protocols such as RARP , BOOTP and DHCP . However, the software also often supports being able to use any value as a MAC address. This is used, for example, in backup systems where replacement devices can take over the MAC address of a failed device.
Some software uses the MAC address of the first network card to identify the computer on which licensed programs are allowed to run. The calculation of a universal identification ( UUID or GUID ) also uses this MAC address along with other parts. However, since the MAC address can be changed, security experts advise against using the MAC address as the sole authentication criterion.
Manufacturer-independent identifiers
In addition to the broadcast address FF-FF-FF-FF-FF-FF
, which addresses all devices in a local network, MAC addresses in the range to are used for IPv4 multicast . The lower 23 bits of the IP multicast address are then mapped directly to the lowest 23 bits of the MAC address. The multicast MAC address is thus permanently assigned to the IP multicast address 224.0.0.1 .
01-00-5e-00-00-00
01-00-5e-7f-ff-ff
01-00-5e-00-00-01
In addition to the top four bits, which are always 1110 for an IPv4 multicast address, 5 bits of the IP address remain that cannot be mapped in the MAC multicast address. This makes it possible for a host to receive MAC multicast packets from a multicast group to which it does not belong. These packets are then discarded by the IP layer, since recognition based on the IP multicast address is possible there.
The MAC address range 33-33-xx-xx-xx-xx was reserved for IPv6 multicast. The lowest 32 bits of the IPv6 multicast address are embedded in the MAC address.
The manufacturer-independent identifier (in the area ) is reserved for high-availability logical routers in accordance with VRRP , whereby the last byte ID stands for the identifier of the virtual router. It remains the same even if another router takes over the service.
00-00-5E-00-01-ID
00-00-5E
Trip hazard: "PRIVATE" label
The manufacturer AC-DE-48
IDs , which - for example - have been marked as "PRIVATE" in the OUI database, are registered for companies that do not want to disclose their identity to the public. Addresses from these areas can therefore not be used for local purposes, as one would assume. (The "U / L address bit" described under " Registration office " is used for local purposes .)
Determination and award
Often the MAC address, partly integrated in the serial number , is on the network card. They can also be read out using software. Depending on the operating system , various commands are required in the command line or via the graphical user interface . But there are also various additional programs that can simplify these tasks.
operating system | Read out (in your own system) | Read out (in a foreign system) | Award |
---|---|---|---|
AROS , MorphOS | ifconfig -a |
arp -a |
|
AIX | netstat -ia |
arp -a |
|
Android | Einstellungen → Telefoninfo → Hardware-Informationen |
||
bada | Einstellungen → Telefoninfo → Systeminfo |
||
FreeBSD | ifconfig |
arp -a |
ifconfig <Interface> link <MAC-Adresse>
|
HP-UX | lanscan |
lanadmin -A 0x<MAC-Adresse>
|
|
Apple iOS | Einstellungen → Allgemein → Info → Wi-Fi-Adresse |
officially not possible | |
IOS (Cisco) | show interfaces |
configure
|
|
IRIX | netstat -ia |
arp -a |
ifconfig <Interface> ether <MAC-Adresse>
|
Linux |
ip link
|
ip neigh
|
ip link set dev <Interface> addr <MAC-Adresse>
You can also use the ifconfig command, and with some network cards it only works correctly in promiscuous mode , that is
Subsequently:
|
Mac OS X |
ifconfig |
arp -a
|
ifconfig <Interface> ether <MAC-Adresse> or:
|
NetBSD | ifconfig -a |
arp -a |
ifconfig <Interface> link <MAC-Adresse> activate
|
NeXTStep | ifconfig -a |
||
Nokia S60 |
*#MAC0WLAN# (as vanity code ) or
|
||
OpenBSD | ifconfig -a |
arp -a |
ifconfig <Interface> lladdr <MAC-Adresse>
|
OpenVMS | tcpip show interface /full |
tcpip show arp |
|
OS / 2 | netstat -n |
via LAPS / MPTS | |
SCO Unix | ndstat |
||
Solaris |
|
arp -a
|
|
Tru64 UNIX | netstat -ia |
||
Windows |
|
|
|
Windows Mobile 5.0 (Pocket PC) |
|
||
Windows Phone 7 (from version 7.0.7389.0) |
|
Acquisition of your own MAC address space
Prices for registering your own MAC address ranges can be viewed on an IEEE website. A separate MAC address block costs between 730 and 2905 US dollars (as of June 5, 2019). This address range can also be kept secret for an additional annual fee; he is then not known to others and you are not entered in a public database.
Further use
The MAC address is often used as access protection ( MAC filter ) for LANs and WLANs. Due to the fact that MAC addresses can easily be changed, a MAC filter offers only weak protection and can easily be overridden by MAC spoofing .
Individual evidence
- ^ Mark A. Dye, Rick McDonald, Antoon W. Rufi: Network Basics: CCNA exploration companion guide. 2008, ISBN 3827326850 , p. 93 ( limited preview in Google book search).
- ↑ Where this can only be seen as a part: MAC address = manufacturer code + device address; Frank Morkowsky: Basics of network technology. 2015, ISBN 3734774519 , p. 20 ( limited preview in Google Book Search)
- ↑ http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml VTP reference
- ↑ http://www.comconsult-research.de/de/texte/ASA-Probe.pdf ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. Current network standards
- ↑ Std 802-2001 - IEEE Standard for Local and Metropolitan Area Networks: Overview and Architecture ( English ) IEEE (The Institute of Electrical and Electronics Engineers, Inc.). S. February 21, 2002. Retrieved July 9, 2010: “The Universally or Locally administered (U / L) address bit is the bit of octet 0 adjacent to the I / G address bit. This bit indicates whether the address has been assigned by a local or universal administrator. Universally administered addresses have this bit set to 0. If this bit is set to 1, the entire address (i. E., 48 bits) has been locally administered. "
- ↑ Online query of the manufacturer IDs in the OUI database at the IEEE (English). (No longer available online.) Formerly in the original ; Retrieved September 29, 2006 . ( Page no longer available , search in web archives )
- ↑ ieee website Registration Authority of the IEEE MA-M (English). Retrieved October 30, 2014.
- ^ Registration Authority of the IEEE MA-S (English). Retrieved October 30, 2014.
- ↑ RFC 3768 Virtual Router Redundancy Protocol (VRRP) . Section “7.3. Virtual Router MAC Address "
- ^ "Public OUI listing" by the IEEE. Retrieved September 13, 2018 .
- ↑ MicrosoftTechNet: Use of "Winipcfg" to view TCP / IP settings
- ↑ MicrosoftTechNet: Command-line reference AZ (English)
- ↑ fics.ro: MAC Address Spoofing for Windows 98 / ME (English)
- ↑ libe.net: MAC Address Spoofing for Windows 2000 / XP
- ↑ Price list of the IEEE (English)
Web links
- Current OUI list (CSV format). Retrieved December 21, 2018 .
- RFC2469 : A Caution On The Canonical Ordering Of Link-Layer Addresses. Retrieved December 21, 2018.