Jump to content

MAC address

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 49.176.164.236 (talk) at 01:19, 14 January 2019 (Notational conventions: Removed template from example of address separators to improve readability (i.e. remove italics). Marked dead link on Cisco ref. (there is now no ref for other notational conventions)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Label of a UMTS router with MAC addresses for LAN and WLAN modules

A media access control address (MAC address) of a device is a unique identifier assigned to a network interface controller (NIC) for communications at the data link layer of a network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet, Wi-Fi and Bluetooth. In this context, MAC addresses are used in the medium access control protocol sublayer. As typically represented, MAC addresses are recognizable as six groups of two hexadecimal digits, separated by hyphens, colons, or no separator (see Notational conventions below).

A MAC may be referred to as the burned-in address (BIA). It may also be known as an Ethernet hardware address (EHA), hardware address or physical address (not to be confused with a memory physical address).

A network node may have multiple NICs and each NIC must have a unique MAC address. Sophisticated network equipment such as a multilayer switch or router may require one or more permanently assigned MAC addresses.

MAC addresses are most often assigned by the manufacturer of a NIC and are stored in its hardware, such as the card's read-only memory or some other firmware mechanism. A MAC address may include the manufacturer's organizationally unique identifier (OUI). MAC addresses are formed according to the rules of one of three numbering name spaces managed by the Institute of Electrical and Electronics Engineers (IEEE): EUI-48 (it replaces the obsolete term MAC-48) and EUI-64.[1] EUI is an abbreviation for Extended Unique Identifier.

Address details

Diagram showing the structure of a MAC-48 network address, explicitly showing the positions of the multicast/unicast bit and the OUI/local address type bit.

The original IEEE 802 MAC address comes from the original Xerox Network Systems Ethernet addressing scheme.[2] This 48-bit address space contains potentially 248 or 281,474,976,710,656 possible MAC addresses. The IEEE manages allocation of MAC addresses, originally known as MAC-48 and which it now refers to as EUI-48 identifiers. The IEEE has a target lifetime of 100 years (until 2080) for applications using EUI-48 space and restricts applications accordingly. The IEEE encourages adoption of the more plentiful EUI-64 for non-Ethernet applications.

The distinction between EUI-48 and MAC-48 identifiers is in name and application only. MAC-48 was used to address hardware interfaces within existing 802-based networking applications; EUI-48 is now used for 802-based networking and is also used to identify other devices and software, for example Bluetooth[1][3]. The IEEE now considers MAC-48 to be an obsolete term.[1] EUI-48 should now be used in all cases.

In addition, the EUI-64 numbering system encompasses both MAC-48 and EUI-48 identifiers by a simple translation mechanism, but now it is deprecated.[1] To convert a MAC-48 into an EUI-64, copy the organizationally unique identifier (OUI), append the two octets FF-FF (though now as MAC-48 is deprecated, FF-FF will never be used) and then copy the organization-specified extension identifier. To convert an EUI-48 into an EUI-64, the same process is used, but the sequence inserted is FF-FE. In both cases, the process can be trivially reversed when necessary. Organizations issuing EUI-64s are cautioned against issuing identifiers that could be confused with these forms.

IPv6 — one of the most prominent standards that uses a Modified EUI-64 — treats MAC-48 as EUI-48 instead (as it is chosen from the same address pool) and toggles the U/L bit (as this makes it easier to type locally assigned IPv6 addresses based on the Modified EUI-64). This results in extending MAC addresses (such as IEEE 802 MAC address) to Modified EUI-64 using only FF-FE (and never FF-FF) and with the U/L bit inverted.[4]

An Individual Address Block is an inactive registry activity which has been replaced by the MA-S (MA-S was previously named OUI-36[5]) registry product as of January 1, 2014. The IAB uses a OUI from MA-L (MA-L registry was previously named OUI registry, the term OUI is still in use, but not for calling a registry[5]) belonging to the IEEE Registration Authority, concatenated with 12 additional IEEE-provided bits (for a total of 36 bits), leaving only 12 bits for the IAB owner to assign to their (up to 4096) individual devices. An IAB is ideal for organizations requiring not more than 4096 unique 48-bit numbers (EUI-48). Unlike an OUI, which allows the assignee to assign values in various different number spaces (for example, EUI-48, EUI-64, and the various context-dependent identifier number spaces), the Individual Address Block could only be used to assign EUI-48 identifiers. All other potential uses based on the OUI from which the IABs are allocated are reserved, and remain the property of the IEEE Registration Authority. It should also be noted that, between 2007 and September 2012, the OUI value 00:50:C2 was used for IAB assignments. After September 2012, the value 40:D8:55 was used. The owners of an already assigned IAB may continue to use the assignment.[6]

There is another registry which is called MA-M (MAC Addresses - Medium). The MA-M assignment block provides both 220 EUI-48 identifiers and 236 EUI-64 identifiers (that means first 28 bits are IEEE assigned bits). The first 24-bits of the assigned MA-M block are an OUI assigned to IEEE that will not be reassigned.

Universal vs. local

Addresses can either be universally administered addresses (UAA) or locally administered addresses (LAA). A universally administered address is uniquely assigned to a device by its manufacturer. The first three octets (in transmission order) identify the organization that issued the identifier and are known as the organizationally unique identifier (OUI).[1] The remainder of the address (three octets for EUI-48 or five for EUI-64) are assigned by that organization in nearly any manner they please, subject to the constraint of uniqueness. A locally administered address is assigned to a device by a network administrator, overriding the burned-in address.

Universally administered and locally administered addresses are distinguished by setting the second-least-significant bit of the first octet of the address. This bit is also referred to as the U/L bit, short for Universal/Local, which identifies how the address is administered. If the bit is 0, the address is universally administered. If it is 1, the address is locally administered. In the example address 06-00-00-00-00-00 the first octet is 06 (hex), the binary form of which is 00000110, where the second-least-significant bit is 1. Therefore, it is a locally administered address.[7] Another example that uses locally administered addresses is the DECnet protocol. The MAC address of the Ethernet interface is changed by the DECnet software to be AA-00-04-00-XX-YY where XX-YY reflects the DECnet network address xx.yy of the host. This eliminates the need for an address resolution protocol since the MAC address for any DECnet host can be simply determined.

Unicast vs. multicast

When the least significant bit of an address's first octet is 0 (zero), the frame is meant to reach only one receiving NIC.[8] This type of transmission is called unicast. A unicast frame is transmitted to all nodes within the collision domain. In a modern wired setting the collision domain usually is the length of the Ethernet cable between two network cards. In a wireless setting, the collision domain is all receivers that can detect a given wireless signal. If a switch does not know which port leads to a given MAC address, the switch will forward a unicast frame to all of its ports (except the originating port), an action known as unicast flood.[9] Only the node with the matching hardware MAC address will accept the frame; network frames with non-matching MAC-addresses are ignored, unless the device is in promiscuous mode.

If the least significant bit of the first octet is set to 1, the frame will still be sent only once; however, NICs will choose to accept it based on criteria other than the matching of a MAC address: for example, based on a configurable list of accepted multicast MAC addresses. This is called multicast addressing.

The IEEE has built in several special address types to allow more than one network interface card to be addressed at one time:

  • Packets sent to the broadcast address, all one bits, are received by all stations on a local area network. In hexadecimal the broadcast address would be FF:FF:FF:FF:FF:FF. A broadcast frame is flooded and is forwarded to and accepted by all other nodes.
  • Packets sent to a multicast address are received by all stations on a LAN that have been configured to receive packets sent to that address.
  • Functional addresses identify one or more Token Ring NICs that provide a particular service, defined in IEEE 802.5.

These are all examples of group addresses, as opposed to individual addresses; the least significant bit of the first octet of a MAC address distinguishes individual addresses from group addresses. That bit is set to 0 in individual addresses and set to 1 in group addresses. Group addresses, like individual addresses, can be universally administered or locally administered.

Applications

The following network technologies use the EUI-48 identifier format:

Every device that connects to an IEEE 802 network (such as Ethernet and WiFi) has a EUI-48 address. Common networked consumer devices such as PCs, smartphones and tablet computers use EUI-48 addresses.

EUI-64 identifiers are used in:

  • IEEE 1394 (FireWire)
  • IPv6 (Modified EUI-64 as the least-significant 64 bits of a unicast network address or link-local address when stateless address autoconfiguration is used.)[10]
  • ZigBee / 802.15.4 / 6LoWPAN wireless personal-area networks

Usage in hosts

On broadcast networks, such as Ethernet, the MAC address is expected to uniquely identify each node on that segment and allows frames to be marked for specific hosts. It thus forms the basis of most of the link layer (OSI Layer 2) networking upon which upper layer protocols rely to produce complex, functioning networks.

Although intended to be a permanent and globally unique identification, it is possible to change the MAC address on most modern hardware. Changing MAC addresses is necessary in network virtualization. It can also be used in the process of exploiting security vulnerabilities. This is called MAC spoofing.

In IP networks, the MAC address of an interface can be queried given the IP address using the Address Resolution Protocol (ARP) for Internet Protocol Version 4 (IPv4) or the Neighbor Discovery Protocol (NDP) for IPv6. In this way, ARP or NDP is used to relate IP addresses (OSI layer 3) to Ethernet MAC addresses (OSI layer 2).

A MAC address is like a social security number which remains unchanged for a person's life time (here, the device), while an IP address is like a postal code which can be changed.

Spying

According to Edward Snowden, the US National Security Agency has a system that tracks the movements of everyone in a city by monitoring the MAC addresses of their electronic devices.[11] As a result of users being trackable by their devices' MAC addresses, Apple has started using random MAC addresses in their iOS line of devices while scanning for networks.[12] Other vendors quickly followed: MAC address randomization during scanning was added in Android starting from version 6.0[13], Windows 10[14], and Linux kernel 3.18[15]. The actual implementations of the MAC address randomization technique vary largely in different devices[16]. Moreover, various flaws and shortcomings in these implementations may allow an attacker to track a device even if its MAC address is changed, for instance its probe requests' other elements[17][18], or their timing[19][16]. If random MAC addresses are not used, researchers have confirmed that it is possible to link a real identity to a particular wireless MAC address.[20]

Many network interfaces (including wireless ones) support changing their MAC address. The configuration is specific to the operating system. On most Unix-like systems, the ifconfig command may be used to add and remove "link" (Ethernet MAC family) address aliases. For instance, the "active" ifconfig directive may then be used on NetBSD to specify which of the attached addresses to activate.[21] Hence, various configuration scripts and utilities allow to randomize the MAC address at boot or network connection time.

Using wireless access points in SSID-hidden mode (see network cloaking), a mobile wireless device may not only disclose its own MAC address when traveling, but even the MAC addresses associated to SSIDs the device has already connected to, if they are configured to send these as part of probe request packets. Alternative modes to prevent this include configuring access points to be either in beacon-broadcasting mode, or probe-response with SSID mode. In these modes, probe requests may be unnecessary, or sent in broadcast mode without disclosing the identity of previously-known networks.[22]

Notational conventions

The standard (IEEE 802) format for printing EUI-48 addresses in human-friendly form is six groups of two hexadecimal digits, separated by hyphens (-) in transmission order (e.g. 01-23-45-67-89-AB). This form is also commonly used for EUI-64 (e.g. 01-23-45-67-89-AB-CD-EF).[1] Other conventions include six groups of two hexadecimal digits separated by colons (:) (e.g. 01:23:45:67:89:AB), and three groups of four hexadecimal digits separated by dots (.) (e.g. 0123.4567.89AB); again in transmission order.[23]

Bit-reversed notation

The standard notation, also called canonical format, for MAC addresses is written in transmission order with the least significant bit of each byte transmitted first, and is used in the output of the ifconfig, iproute2, and ipconfig commands, for example.

However, since IEEE 802.3 (Ethernet) and IEEE 802.4 (Token Bus) send the bytes (octets) over the wire, left-to-right, with least significant bit in each byte first, while IEEE 802.5 (Token Ring) and IEEE 802.6 (FDDI) send the bytes over the wire with the most significant bit first, confusion may arise when an address in the latter scenario is represented with bits reversed from the canonical representation. For example, an address in canonical form 12-34-56-78-9A-BC would be transmitted over the wire as bits 01001000 00101100 01101010 00011110 01011001 00111101 in the standard transmission order (least significant bit first). But for Token Ring networks, it would be transmitted as bits 00010010 00110100 01010110 01111000 10011010 10111100 in most-significant-bit first order. The latter might be incorrectly displayed as 48-2C-6A-1E-59-3D. This is referred to as bit-reversed order, non-canonical form, MSB format, IBM format, or Token Ring format, as explained in RFC 2469.

See also

References

  1. ^ a b c d e f "Guidelines for Use of Extended Unique Identifier (EUI), Organizationally Unique Identifier (OUI), and Company ID (CID)" (PDF). IEEE Standards Association. IEEE. Retrieved 5 August 2018. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  2. ^ IEEE Std 802-2001 (PDF). The Institute of Electrical and Electronics Engineers, Inc. (IEEE). 2002-02-07. p. 19. ISBN 0-7381-2941-0. Retrieved 2011-09-08. The universal administration of LAN MAC addresses began with the Xerox Corporation administering Block Identifiers (Block IDs) for Ethernet addresses.
  3. ^ "IEEE-SA - IEEE Registration Authority". standards.ieee.org. Retrieved 2018-09-20.
  4. ^ "IANA Considerations and IETF Protocol Usage for IEEE 802 Parameters". IETF. September 2008. RFC 7042. Retrieved 2018-11-28. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  5. ^ a b "IEEE-SA - IEEE Registration Authority". standards.ieee.org. Retrieved 2018-11-27.
  6. ^ "IEEE-SA - IEEE Registration Authority". standards.ieee.org. Retrieved 2018-09-20. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  7. ^ "Standard Group MAC Addresses: A Tutorial Guide" (PDF). IEEE-SA. Retrieved 2018-09-20. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  8. ^ "Guidelines for Fibre Channel Use of the Organizationally Unique Identifier (OUI)" (PDF). IEEE-SA. Retrieved 2018-10-11. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  9. ^ "Overview of Layer 2 Switched Networks and Communication | Getting Started with LANs | Cisco Support Community | 5896 | 68421". supportforums.cisco.com. Retrieved 2016-05-17.
  10. ^ S. Thomson; T. Narten; T. Jinmei (September 2007). IPv6 Stateless Address Autoconfiguration. Network Working Group, IETF. doi:10.17487/RFC4862. RFC 4862.
  11. ^ Bamford, James. "The Most Wanted Man in the World". Wired. p. 4. Retrieved 2014-12-01.
  12. ^ Mamiit, Aaron (2014-06-12). "Apple Implements Random MAC Address on iOS 8. Goodbye, Marketers". Tech Times. Retrieved 2014-12-01.
  13. ^ "Android 6.0 Changes". Android developers. Retrieved 2018-08-22.
  14. ^ Winkey Wang. "Wireless networking in Windows 10". {{cite web}}: Missing or empty |url= (help)
  15. ^ Emmanuel Grumbach. "iwlwifi: mvm: support random MAC address for scanning". Linux commit effd05ac479b. Retrieved 2018-08-22.
  16. ^ a b Célestin Matte. "Wi-Fi Tracking: Fingerprinting Attacks and Counter-Measures". 2017. Retrieved 2018-08-22.
  17. ^ Vanhoef Mathy and Matte Célestin and Cunche Mathieu and Cardoso Leonardo and Piessens Frank. "Why MAC address randomization is not enough: An analysis of Wi-Fi network discovery mechanisms". Retrieved 2018-08-22.
  18. ^ Martin Jeremy and Mayberry Travis and Donahue Collin and Foppe Lucas and Brown Lamont and Riggins Chadwick and Rye Erik C and Brown Dane. "A study of MAC address randomization in mobile devices and when it fails" (PDF). 2017. Retrieved 2018-08-22.
  19. ^ Matte Célestin and Cunche Mathieu and Rousseau Franck and Vanhoef Mathy. "Defeating MAC address randomization through timing attacks". Retrieved 2018-08-22.
  20. ^ Cunche, Mathieu. "I know your MAC Address: Targeted tracking of individual using Wi-Fi" (PDF). 2013. Retrieved 19 December 2014.
  21. ^ "ifconfig(8) manual page". Retrieved 16 October 2016.
  22. ^ "Hidden network no beacons". security.stackexchange.com. Retrieved 16 October 2016.
  23. ^ "Agentless Host Configuration Scenario". Configuration Guide for Cisco Secure ACS 4.2. Cisco. February 2008. Retrieved 2015-09-19. You can enter the MAC address in the following formats for representing MAC-48 addresses in human-readable form: six groups of two hexadecimal digits, separated by hyphens (-) in transmission order,[...]six groups of two separated by colons (:),[...]three groups of four hexadecimal digits separated by dots (.)...[dead link]