IT support: Everything you need to know about MAC addressing

On today’s IT support post, I’m going to discuss MAC addressing. It is an important aspect of computing and doesn’t get the attention it deserves. Everyone uses MAC addresses but very few people know what they are and what they do. That changes today.

MAC addresses are usually taken care of automatically by the operating system but it is an important part of managing computers and IT, especially if you also manage networks. So for all you IT support newbies out there, here is everything you need to know about MAC addressing.

What is a MAC address?

A MAC address is a unique identifier assigned to any piece of network-enabled hardware. That includes routers, switches, network cards, Wi-Fi cards and other devices. It is provided by the manufacturer and is hard coded into the component. MAC addresses are also referred to as burned-in addresses for this very reason. Some also refer to them as hardware addresses or physical addresses.

The full term is Media Access Control address, MAC address for short.

A MAC address is made up of a 12 digit hexadecimal code that looks like MM:MM:MM:SS:SS:SS. Each manufacturer has their own MM part of the address while the SS part identifies that specific device by type.

There are also 48 bit MAC addresses for 64-bit computing. These are mainly for advanced networks and work with IPv6.

What is a MAC address used for?

MAC addresses are mainly used for two specific purposes. One is networking and one is authentication. Both IP and Ethernet use MAC addresses for communication. IP uses the IP address first and then the MAC address to verify the recipient. When your computer sends a network packet, it first checks the IP address to see if it is within the network. If it is, it inspects the MAC address to make sure the recipient is correct.

MAC addresses in networks

IP addresses can be changed whereas a MAC address cannot. That is why MAC address are useful in IP networking.

In Ethernet networking, internal addressing is done purely by MAC address. Ethernet uses the ARP (Address Resolution Protocol) to match MAC addresses with IP addresses so the packet arrives at the correct destination. When sending a packet, the sender will broadcast a requests asking who owns MAC address MM:MM:MM:SS:SS:SS. Every computer on the internal network and the router will see this request.

Only the computer with that MAC address or the router will reply. If the reply comes from a computer, the sender sends the packet directly to that computer. The sending computer will then cache the information so it doesn’t have to ask every time it wants to send something to that MAC address.

If the reply comes from a router, the MAC address part will be dropped and the router will switch from ARP to IP. A router cannot know all MAC addresses of all machines, so reverts to IP to deliver the message. This is all handled automatically by the router so no user intervention is needed.

MAC addresses for authentication

MAC addresses are also used for authentication. MAC address filtering is a way of restricting network access to specific devices. It isn’t very secure as MAC addresses can be spoofed, which I will discuss in a minute.

Some networks will restrict access through the MAC address. This involves configuring the router to interrogate every sending device for its MAC address and comparing it to a list of authorized machines. If the device is on the list, the router processes the packet. If it is not on the list, the router discards the packet and moves on. It is a basic and not very secure way of securing a network but every little helps.

Some ISPs restrict internet access to specific MAC addresses registered with their servers. Windows also has some security services that are tied to MAC address as do some VPN service providers. Unless your network hardware has an authorized MAC address, it will not be able to connect. Again, it isn’t all that effective as all but Windows services can be spoofed.

MAC address spoofing

While MAC addresses are burned in by the manufacturer, you can change it. This is called spoofing or cloning and is sometimes necessary to troubleshoot networking issues. Hackers also use the technique to gain access to MAC filtered networks. They tell their computer to present a MAC address of an internal machine to help ease access to data. It is only part of a wider range of measures a hacker needs to take, but it is one of the simplest.

You don’t actually change the MAC address, you just tell the operating system to send an alternative MAC address rather than the real one.

In Windows:

  1. Open a CMD window as an administrator.
  2. Type ‘ipconfig /all’ and not the Physical Address.
  3. Navigate to Control Panel and Network and Sharing Center.
  4. Select Adapter Settings, right click your network card and select Properties.
  5. Select Configure and then the Advanced tab.
  6. Select Network Address from the list in the small window.
  7. Add another address in the Value box on the right.
  8. Select Ok to confirm.

In OS X

  1. Navigate to System Preferences and Network.
  2. Select Advanced and then the Hardware tab to see your real MAC address.
  3. Open Terminal and paste ‘sudo ifconfig en0 ether MM:MM:MM:SS:SS:SS’. Where you see MM:MM:MM:SS:SS:SS put your real MA address.
  4. Enter your password to confirm the change.
  5. Type or paste ‘ifconfig en0 | grep ether’ to make sure the change took.

As mentioned, this does not change the physical address, it just tells your operating system to present a MAC address of your choosing rather than the real one.

Unless you are troubleshooting a network issue or want to get into networking, you should never really be involved in MAC addressing. However, it is a very important part of networking, so if you’re an IT support specialist or wanting to get into the industry, a knowledge of MAC addressing will serve you well.

Leave a Comment