If you’ve ever gone through the settings on your home router, we’d recommend you do, as some can come with insecure default settings and passwords. You may have noticed a feature called MAC filtering or something similar. You’d be forgiven for assuming that this setting prevented Apple’s Macs from connecting to your network or restricted it so only Macs could connect to your network.
Despite the potentially confusingly similar name, MAC has nothing to do with Apple. MAC is short for Media Access Control, and a MAC address is essential in computer networking. Those of you vaguely familiar with networking concepts may assume that IP addresses are the only form of address used to communicate over a computer network. This isn’t the case, though. IP addresses are used for routing traffic between networks. Still, devices use MAC addresses to route data within a network.
What Is a MAC Address?
A MAC address is part of the layer 2 addressing scheme on the OSI model. Layer 2 is used for local communication over a single network. In contrast, layer 3, with its IP addresses, is used for inter-network communications. MAC addresses have a simple structure made up of 12 hexadecimal characters. In most cases, a MAC address will be displayed with pairs of hexadecimal characters separated by a colon “:.” For example, a MAC address may look like this “00:20:91:AB:CD: EF”. Less often, MAC addresses may be separated by a hyphen and, in some cases, not separated at all.
Note: Hexadecimal means that the following characters are allowed “0123456789ABCDEF”. These make up a base 16 system. Conveniently, this means that one 8-bit byte of data can be represented by 2 hexadecimal characters.
A MAC address is divided into two parts, split down the middle. The MAC address’s first half identifies the device’s “vendor, manufacturer, or other organization.” It is an OUI, or Organisationally Unique Number assigned, upon request, by IEEE. All network cards produced by a manufacturer will have a MAC address starting with the same six hexadecimal characters.
The second half of the MAC address is “unique” and assigned when a device is made. The quotes are necessary because, with just 12-bits of address space remaining, there are only 16,777,216 possible combinations. This means that duplicates are likely with high-volume manufacturing. Thankfully, the MAC address is only used in local connections and is never used for inter-network communications. This means that a MAC address doesn’t have to be unique in the world, just unique on the network. It is possible to have an issue, but it’s unlikely.
The Difference Between IP and MAC Addresses
Every device on a network will occasionally broadcast its MAC address to indicate to other devices that it is connected to the network. These broadcasts are never extended out of a network. For this reason, there is no risk of anyone on the internet knowing your MAC address. The information would only theoretically be helpful for someone on the same local network as you.
Note: By network, we specifically mean local network, such as your home Wi-Fi network, not your ISP network.
IP addresses are the addressing scheme used to communicate across networks. This means that your IP address could be helpful to an attacker on the internet, potentially target you with DDOS attacks. For this reason, you shouldn’t share your public IP address where possible.
Be aware, however, that you can’t really avoid doing so if you send network traffic to someone, as they need to know your IP address to send a response back. IP addresses are also globally unique, though there is the caveat to the reserved private address ranges, which are treated more similarly to MAC addresses.
One of the issues with wireless connections such as Wi-Fi is that when your device isn’t connected to a network, it tries to search for known networks to connect to. This functionality enables your mobile phone to automatically reconnect to your home Wi-Fi when you get within the range, which is useful, but there’s also a privacy issue. To do this, your device regularly broadcasts the names of all Wi-Fi networks it has been configured to connect automatically. It says, “I want to connect to these networks. Are any of you out there?”
This sounds fine until you realize your device does this with a packet that uses its MAC address. This means that a large organization with lots of Wi-Fi access points or devices to listen to Wi-Fi traffic can track the movements of specific devices around a building, city, or country. Or even internationally, wherever they have the infrastructure.
To get around this, modern devices, especially mobile devices, tend to randomize their MAC address when performing these broadcasts. This denies anyone the ability to track your movements by monitoring the movement of a single MAC address. MAC randomization is even generally enabled by default.
You may remember that we said earlier that the MAC address was hard coded when the network device was manufactured. Both desktop and mobile operating systems allow you to manually override the MAC address. This is useful and good for privacy. It does have one minor consequence, though. It means that MAC filters on Wi-Fi routers are generally easy to bypass.
A Humorous Side Note
A lot of organizations have been assigned OIDs by IEEE. Many companies will be the ones you’d expect, the actual hardware manufacturers. Many will be companies you’ve never heard of too. There are some interesting ones, though. One such interesting one is the NSA. Yes, everyone’s favorite three-letter American agency is the National Security Agency. They have the OID “00-20-91”.
Many network monitoring systems translate the first half of a MAC address into the actual textual name of the organization it represents. This is because it’s slightly more accessible for people to read and spot patterns this way. It also means that if you configure your device’s MAC address, to begin with, “00-20-91,” it will show up in any monitoring system as being from the NSA. This has been used to prank unwary system admins in companies. Technically, there is no legal restriction or issue with doing this yourself. We don’t necessarily recommend it, though, especially in corporate environments, the little prank might not be appreciated.
A MAC address is a 48-bit address used for layer 2 communications. Being a layer 2 addressing scheme, it never gets transmitted beyond the local network. However, a MAC address must be unique on a network. The MAC address has two halves. The first half identifies the device manufacturer, while the second half is a network special device identifier.
MAC addresses are assigned to a network adaptor when they are manufactured. However, most operating systems feature functionality to override the given MAC address with a custom one. MAC addresses are displayed as 12 hexadecimal digits, typically separated in pairs by colons or hyphens.