In the field of networking, you will often come across the term MAC Address. So what exactly is it? What does it do? How is it used? Is it related to IP addresses?

Introduction to MAC Address

The Media Access Control (MAC) address is a binary number used to uniquely identify computer network adapters. These numbers (sometimes called “hardware addresses”) are physically burned into the network hardware during the manufacturing process, or stored in firmware, and designed to not be modified. Some refer to them as “Ethernet addresses” for historical reasons, but most popular types of networks utilize MAC addressing including Ethernet, WiFi and Bluetooth.

The format of a MAC Address:


And an example of a MAC address:


The addresses is usually represented in hexadecimal notation, as above. That is, every letter can take on a value between 0 and F and uses 4 bits. The leftmost 6 digits (24 bits) called “prefix” are associated with the adapter manufacturer. Each vendor registers and obtains MAC prefixes as assigned by the IEEE (Institute of Electrical and Electronics Engineers) organization. Vendors often possess many prefix numbers associated with their different products. For example, the prefixes:

00:13:10, 00:25:9C and 68:7F:74 (plus many others) all belong to Linksys (Cisco Systems).

The rightmost digits of a MAC address represent an identification number for the specific device. Among all devices manufactured with the same vendor prefix, each is given their own unique 24-bit number. Note that hardware from different vendors may happen to share the same device portion of the address.

Since the length of the MAC address is 48 bits, the total number of possible MAC addresses is 248 (= ~281.4 trillion). That is around 40,000 MAC addresses for every human alive today. We’ve been all out of IPv4 addresses for a while now, but at least we won’t be facing the same problem with MAC addresses any time soon.

MAC vs. IP Address Relationship

TCP/IP networks use both MAC addresses and IP addresses but for separate purposes. A MAC address remains fixed to the device’s hardware while the IP address for that same device can be changed depending on its TCP/IP network configuration and ISP. Media Access Control operates at one Layer of the OSI model (Open Systems Interconnection) while Internet Protocol operates at another Layer, meaning they each do their own tasks without interfering with each other. This allows MAC addressing to support other kinds of networks besides TCP/IP.

IP networks manage the conversion between IP and MAC addresses using Address Resolution Protocol (ARP). Basically, ARP defines a set of rules according to which IP and MAC addresses can be related. So, all in all MAC addresses are simply a unique number assigned to a device’s network adapter. They help identifying the specific device to which a specific packet of information must reach in order to create a successful connection to exchange data.

Are all MAC addresses unique?

Yes! There are plenty of MAC addresses for every device to have a unique one. In fact, many of the protocols that make use of MAC addresses depend on the fact that they are unique. Things can go very wrong if a network has more than one device with the same MAC address.

What are some attacks that use MAC addresses?

MAC addresses can be spoofed relatively easily. While this may be harmless, it also opens up the possibility of a Man-In-The-Middle attack using ARP cache poisoning. Let’s briefly look at how that works.

Say you’re connected to a WiFi hotspot. You have a MAC addresses and the router has a MAC address, this is what the devices use to identify and communicate with each other. An attacker with access to the local network can send bogus ARP messages which make the victim’s device resolve the router’s IP address into the spoofed MAC address. That is, the victim device thinks it’s connected to the router where in reality it’s now connected to the attacker’s device.

By channeling the victim’s communications through the attacker’s device (to the router), it effectively forms a proxy. There is now a man in the middle that can see all unencrypted traffic passing through. The attacker can now know all the websites the victim accesses (through header information), and even sensitive credentials entered into unsecure websites (not using HTTPS). The attacker can also manipulate the responses that are sent back to the victim. The attacker can, in some cases, force HTTP (instead of HTTPS) and inject custom malicious scripts into the web pages that the victim may visit.

How do I find my computer’s MAC address?

By using the command:

ipconfig /all

And you should see some output like:

Wireless LAN adapter Wi-Fi:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 3150
   Physical Address. . . . . . . . . : C4-E4-AD-1C-56-B1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe81::69d0:4b9d:341b:4e29%2(Preferred)
   IPv4 Address. . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Lease Obtained. . . . . . . . . . : Tuesday, February 14, 2017 11:44:47 AM
   Lease Expires . . . . . . . . . . : Monday, February 20, 2017 9:01:24 AM
   Default Gateway . . . . . . . . . : fe81::b2c1:a2ff:fe5a:7dbc%2
   DHCP Server . . . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 53793513
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-11-1C-F2-8B-FB-34-E6-D1-73-6F-C9
   DNS Servers . . . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled

The physical address (3rd line) is the MAC address, in this case assigned to the Wi-Fi adapter. Note that your computer will most likely have a number of MAC addresses each corresponding to a different networking module such as the Ethernet or Bluetooth adapter.

Of course, this is a hacking tutorials website and we are interested in how MAC addresses can play a role in hacking into a system. And that is just what we’re going to take a look at in MAC address spoofing.

Want to be a real hacker? Sign Up!

Recommended | All | New

go to top