Network structure and management have their own lingo. Some of the terms thrown around will likely already sound familiar to you. Ethernet and Wi-Fi are largely self-obvious concepts, although it may require a little bit more effort to understand the intricacies of the different Wi-Fi standards.
Knowing the meaning of these terms, and grasping the underlying concepts will help you to get a better grip on your own home or office network. All those nuggets of knowledge are tools in your networking toolbox. You may already get the basic idea of a router, but understanding how a router functions allows you use it not just in a way that works, but in a way that works best.
Other terms are less familiar than those above, but are still occasionally encountered. MAC addresses have to do with network interfaces, and MAC filtering with network security. Here, we’ll explain the meaning and relevance of both principles.
MAC addresses, or Media Access Control Addresses, are unique identifiers assigned to network adapters such as the PCI network card in your desktop, or the Wi-Fi card that’s embedded in your laptop. Its purpose is simple; being able to distinguish one network adapter or network interface controller from another, and through it, the different networked devices.
Since every network interface has its own MAC address, a computer with multiple network interface cards has just as many different MAC addresses. For example, when a computer is outfitted with a built-in Ethernet network adapter and a separate Wi-Fi USB stick, both have different (unique) MAC addresses.
Universally Administered Or Locally Administered
MAC addresses can be either universally administered or locally administered. A universally administered MAC address is given to the network interface by the manufacturer. Just like credit card numbers, these addresses are not completely random. They also include an identifier for the manufacturer. These MAC addresses are burned into the hardware, often stored in read-only memory.
On the other hand, most modern network interface cards are also able to project a custom MAC address, allowing users to specify which MAC address to use (sometimes in driver configuration). This is necessary for virtual networking purposes, but also allows for spoofing as we’ll discuss near the end of the article. As the MAC addresses are not necessarily written in stone at the moment of manufacturing, we say these to be locally administered MAC addresses.
MAC-48, EUI-48 & EUI-64
There are three different ‘kinds’ of MAC addresses; MAC-48, EUI-48 and EUI-64. The appended number indicates the number of bits (see James’ explanation of binary) used to denote the address. Obviously, more bits allow us to express more unique addresses. Technically, a 48-bit address space can contain 2 to the power of 48 different addresses. That are 281,474,976,710,656 addresses. The IEEE expects this reservoir of unique MAC addresses to last until at least the year 2100.
Similarly, a 64-bit address space contains 2 to the power of 64 different addresses. That’s a 20-digit number, in case you’re wondering. We’re not expecting to run out of those any time soon. EUI-64 is used in firewire and IPv6 network interface cards (see Danny’s article on IPv4 versus IPv6).
The difference between MAC-48 and EUI-48 is mostly formal, because they both use one and the same structure and notation (see below). However, MAC-48 is said to refer exclusively to networking hardware, whereas EUI-48 can also refer to non-networking hardware.
Structure & Notation
Universally administered MAC addresses follow a set structure. The first 3 bytes (or 24 bits) comprise the Organisationally Unique Identifier (or OUI), by which we can tell different manufacturers apart. The following bits are used to the discretion of the manufacturer to identify the Network Interface Controller (or NIC), as long as the addresses are unique. The Network Interface Controller identifier comprises 3 additional bytes (24 bits) in the case of MAC-48 and EUI-48, or 5 additional bytes (40 bits) in the case of EUI-64. One bit in the OUI indicates whether the MAC address is locally or universally administered. An overview of EUI-48 is shown in the image below, courtesy of Wikimedia Commons.
When you encounter a MAC address, it is usually written in pairs of hexadecimal digits, delimited by hyphens or more frequently colons, e.g. fe-01-a6-23-cf-d1 or fe:01:a6:23:cf:d1. The only difference between EUI-48 and EUI-64 is that the latter contains two additional hexadecimal pairs. Check out Dave’s article about hex and hex editors for more information on hexadecimal notation.
MAC addresses are usually used the way you’d use an envelope; to address a specific element within a network structure. For example, routers can use MAC addresses to make sure network packages reach the correct computers. On the other hand, MAC Filtering is the practice of using MAC addresses to restrict network access to a subset of devices. You can do this by creating a whitelist of MAC addresses that are allowed access, or a blacklist of MAC addresses that are not allowed access. Whenever some device tries to connect to a network, we check the MAC address and compare it to our list.
Why It Doesn’t Usually Pay Off
The problem with MAC Filtering is that MAC addresses are broadcast in plain text. This means an intruder can just wait on the sidelines until a device starts communicating on the network. It then spoofs the MAC address contained in the sniffed network package and poses as a whitelisted client. In the end it hardly takes a hacker any longer to breach the security of your network. It doesn’t impact the difficulty of cracking your network. Meanwhile, MAC Filtering can be an enormous chore to set up. Simply said, it’s not worth the effort. At all.
Did you learn something new today? Or maybe you have something to add on the subject? Chime in in the comments section below the article!
Image credit: jscreationzs / FreeDigitalPhotos.net