What Is a MAC Address & Can It Be Used To Secure Your Home Network? [MakeUseOf Explains]

computer network   What Is a MAC Address & Can It Be Used To Secure Your Home Network? [MakeUseOf Explains]Network structure and management have their own lingo. Some of the terms thrown around will likely already sound familiar to you. Ethernet and Wi-Fi are largely self-obvious concepts, although it may require a little bit more effort to understand the intricacies of the different Wi-Fi standards.

Knowing the meaning of these terms, and grasping the underlying concepts will help you to get a better grip on your own home or office network. All those nuggets of knowledge are tools in your networking toolbox. You may already get the basic idea of a router, but understanding how a router functions allows you use it not just in a way that works, but in a way that works best.

Other terms are less familiar than those above, but are still occasionally encountered. MAC addresses have to do with network interfaces, and MAC filtering with network security. Here, we’ll explain the meaning and relevance of both principles.

MAC Addresses

MAC addresses, or Media Access Control Addresses, are unique identifiers assigned to network adapters such as the PCI network card in your desktop, or the Wi-Fi card that’s embedded in your laptop. Its purpose is simple; being able to distinguish one network adapter or network interface controller from another, and through it, the different networked devices.

Since every network interface has its own MAC address, a computer with multiple network interface cards has just as many different MAC addresses. For example, when a computer is outfitted with a built-in Ethernet network adapter and a separate Wi-Fi USB stick, both have different (unique) MAC addresses.

Universally Administered Or Locally Administered

MAC addresses can be either universally administered or locally administered. A universally administered MAC address is given to the network interface by the manufacturer. Just like credit card numbers, these addresses are not completely random. They also include an identifier for the manufacturer. These MAC addresses are burned into the hardware, often stored in read-only memory.

network card   What Is a MAC Address & Can It Be Used To Secure Your Home Network? [MakeUseOf Explains]

On the other hand, most modern network interface cards are also able to project a custom MAC address, allowing users to specify which MAC address to use (sometimes in driver configuration). This is necessary for virtual networking purposes, but also allows for spoofing as we’ll discuss near the end of the article. As the MAC addresses are not necessarily written in stone at the moment of manufacturing, we say these to be locally administered MAC addresses.

MAC-48, EUI-48 & EUI-64

There are three different ‘kinds’ of MAC addresses; MAC-48, EUI-48 and EUI-64. The appended number indicates the number of bits (see James’ explanation of binary) used to denote the address. Obviously, more bits allow us to express more unique addresses. Technically, a 48-bit address space can contain 2 to the power of 48 different addresses. That are 281,474,976,710,656 addresses. The IEEE expects this reservoir of unique MAC addresses to last until at least the year 2100.

Similarly, a 64-bit address space contains 2 to the power of 64 different addresses. That’s a 20-digit number, in case you’re wondering. We’re not expecting to run out of those any time soon. EUI-64 is used in firewire and IPv6 network interface cards (see Danny’s article on IPv4 versus IPv6).

The difference between MAC-48 and EUI-48 is mostly formal, because they both use one and the same structure and notation (see below). However, MAC-48 is said to refer exclusively to networking hardware, whereas EUI-48 can also refer to non-networking hardware.

Structure & Notation

Universally administered MAC addresses follow a set structure. The first 3 bytes (or 24 bits) comprise the Organisationally Unique Identifier (or OUI), by which we can tell different manufacturers apart. The following bits are used to the discretion of the manufacturer to identify the Network Interface Controller (or NIC), as long as the addresses are unique. The Network Interface Controller identifier comprises 3 additional bytes (24 bits) in the case of MAC-48 and EUI-48, or 5 additional bytes (40 bits) in the case of EUI-64. One bit in the OUI indicates whether the MAC address is locally or universally administered. An overview of EUI-48 is shown in the image below, courtesy of Wikimedia Commons.

MAC address structure   What Is a MAC Address & Can It Be Used To Secure Your Home Network? [MakeUseOf Explains]

When you encounter a MAC address, it is usually written in pairs of hexadecimal digits, delimited by hyphens or more frequently colons, e.g. fe-01-a6-23-cf-d1 or fe:01:a6:23:cf:d1. The only difference between EUI-48 and EUI-64 is that the latter contains two additional hexadecimal pairs. Check out Dave’s article about hex and hex editors for more information on hexadecimal notation.

MAC Filtering

MAC addresses are usually used the way you’d use an envelope; to address a specific element within a network structure. For example, routers can use MAC addresses to make sure network packages reach the correct computers. On the other hand, MAC Filtering is the practice of using MAC addresses to restrict network access to a subset of devices. You can do this by creating a whitelist of MAC addresses that are allowed access, or a blacklist of MAC addresses that are not allowed access. Whenever some device tries to connect to a network, we check the MAC address and compare it to our list.

Why It Doesn’t Usually Pay Off

The problem with MAC Filtering is that MAC addresses are broadcast in plain text. This means an intruder can just wait on the sidelines until a device starts communicating on the network. It then spoofs the MAC address contained in the sniffed network package and poses as a whitelisted client. In the end it hardly takes a hacker any longer to breach the security of your network. It doesn’t impact the difficulty of cracking your network. Meanwhile, MAC Filtering can be an enormous chore to set up. Simply said, it’s not worth the effort. At all.

Did you learn something new today? Or maybe you have something to add on the subject? Chime in in the comments section below the article!

Image credit: jscreationzs / FreeDigitalPhotos.net

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

17 Comments -

1 votes

CD

I had MAC ID filtering enabled on my Wi-Fi access point. Recently disabled it as it was give my and the Mrs. smart phones trouble. WPA2 encryption will have to do.

0 votes

Rigoberto Garcia

Excellent explanation Simon…

1 votes

Ray

MAC addresses aren’t even unique. At work we learnt that the hard way, for our point of sale we use MAC addresses to uniquely identify a customers computer in our software (the customers asked for this) so that they can track who buys stuff from us for their business (in case a dodgy employee is stealing stuff).

As we found out, several of our customers are using Telstra 3G USB dongles that all share the exact same MAC address…

We’ve also found laptops that exhibit this problem too, as well as some desktops.

0 votes

Nevzat Akkaya

MAC addresses might be changed too, there are some software that allow changing MAC addresses of NIC’s.

0 votes

Nevzat Akkaya

Nice article, as usual. Thanks.

0 votes

Efi Dreyshner

Very useful for blocking strangers…

0 votes

Muo TechGuy

Didn’t look at the author, and was thoroughly expecting to come in here and correct it by saying MAC filtering is useless. As usual though, Simon delivers!

0 votes

Alexander Carstensen

Great explenation :)

0 votes

Daniel Joshua

Setting up a MAC filter and using WPA2 is the best method for securing Home networks.
It is pretty much secure that your neighbors can’t use your WiFi without your knowledge so easily :)

Nice article Simon

0 votes

Ashwin Ramesh

Very well explained Simon!

0 votes

ion popa

I find your article quite exhaustive. Thanks.

0 votes

Victor Ong

Hm, so in essence, it IS possible to use the MAC address to block other devices for a period of time, as long as the “perpetrators” aren’t very tech savvy.

0 votes

Juan Pedro Secondo

OK, WPA2 and Mac filtering will be.

0 votes

Cliff Hosler

Thanks for a good article. Networking is something i need to study up on more.

0 votes

RustyPolo

haha i still don’t fully understand but very interesting

0 votes

FreshMacApps

Yeah, really well explained.

0 votes

Mike Smith

It might be useless at work but it’s a god send at home. Was having a problem with the kids sharing network ID and password with friends so they could connect their phones when they were over.

Now by using MAC filtering every device is registered (last count 16). Their friends laptops are also registered so they have to ask to use them (10 seconds to turn enable their device on the network). When they leave, their device is turned off.

Also a great way of controlling video game use, and groundings.

As long as they don’t hack the router everything’s good.