You Have A MAC Address. And It’s The Only One Like It In The World
Hey, what’s your address?
172.168.15.10
No, I mean your local address.
127.0.0.1
Oh, you geeky nerd!!! I mean your physical address.
29.01.38.62.31.58
– Saved from purcaholictumbler.com
Yesterday I talked about your local IP address (Home Sweet Internet.) Prior to that I talked about your internet address which is like your street address, but not like your local IP address. (Bet You Don’t Know Your Own Address.)
Today I want to talk about the last address mentioned above, your physical address. It’s also called called the MAC address. MAC stands for Media Access Control. (But, no one calls it that.)
IP addresses can be duplicated, either by a malformed DHCP server handing out duplicate address, or because you are using using private IP addresses behind a router doing network address translation (NAT.)
But, MAC addresses are different. MAC addresses are unique, anywhere and everywhere all over the world. Every piece of electronic gear that has an operating system also has a MAC address. Your cell phone has one. Your laptop has one. Your computer has one.
Like the example above a MAC address is a series of six numbers seperated by a delimitor. It could be a period, or a colon. And whereas the octects in an IP address go from 0 to 255, the numbers in each portion of a MAC address go from 00 to FF. These are hexidecimal numbers. Hexidecimal numbers use a base-16 number system.
0 == 0
1 == 1
2 == 2
3 == 3
4 == 4
5 == 5
6 == 6
7 == 7
8 == 8
9 == 9
A == 10
B == 11
C == 12
D == 13
E == 14
F == 15
The largest possible value for each number in a MAC address is FF. Converting FF from hexidecimal to decimal yields a maximum value of 255. (There’s a reason this number seems so similar to the maximum value for the octet in an IP address. More on that tomorrow.)
But, there’s more information in a MAC address than just a series of six numbers. The MAC address is actually two parts. The first three digits are the organizational unique identifier (OUI.) The second set of three numbers are assigned by the vendor.
In other words, each vendor has a their own unique identifier that is the first three numbers. When the vendor builds their device, typically a network device, or card, they assign their OUI to the first three digits and then assign each card a different number for the last three numbers.
Okay, but who really cares, right? I mean, you never see the MAC address. This post might be the first you’ve heard of it. And while it’s all well and good to share these bits of trivia, is there any real practical application?
Yes.
I use Disney Circle as one of the firewalls on my home internet system. It’s a brilliantly simple interface and gives me very good control over the interent usage by the 5 young adults in my house. And while Disney Circle’s interface is pretty simple, it’s doing some cool computer stuff underneath.
Circle keeps track of the devices on your network using their MAC addrss. Oh sure, it will also display a name, but the MAC address is what really controls access.
That’s not an issue, right? Except that at one point I saw a new device appear on the network. It was called BRIANS iPHONE. I have a son named Brian, and he has an iPhone. There was just one problem. Brian’s iPhone was already in my system. So, why was it trying to join the network a second time?
The point of a firewall, like Disney Circle is to keep out unauthorized devices that might try to do nasty stuff on your network. Nasty stuff like set up a ghost access point on my network that lets people get around my firewalls.
But, maybe I’m being paranoid, right? Maybe for some reason his phone needed to rejoin the network. Not likely, but possible. How to know for sure?
Easy. I looked at the MAC address for the new BRIANS iPHONE that showed up. It was 96:5f:e8:61:41:f5. Is that an iPhone address? Can I find out?
Of course. There are several sites on the internet that will tell you who manufactured the device associated with a specific device. Apple has dozens of OUIs assigned to them. But, 96:5f:e8 isn’t one of them. In fact, 96:5f:e8 is not an OUI registered to any manufacturer.
What does that mean? Well, it means is the device trying to join my network under the name BRIAN iPHONE is not an iPhone, and is not a phone at all. It’s probably a spoofed MAC address on a device trying to hijack my network.
And just to be sure, I went and looked up the address for BRIANS iPHONE that is already on my network. It starts a4:e9:75. When I went and checked who that OUI was registered to, it came back Apple, Inc.
Your computer has mutlple addresses. Generally you don’t need to know what that address is. But, just in case you need to, now you do.
Stay safe.
Rodney M Bliss is an author, columnist and IT Consultant. His blog updates every weekday. He lives in Pleasant Grove, UT with his lovely wife, thirteen children and grandchildren.
Follow him on
Twitter (@rodneymbliss)
Facebook (www.facebook.com/rbliss)
LinkedIn (www.LinkedIn.com/in/rbliss)
or email him at rbliss at msn dot com(c) 2020 Rodney M Bliss, all rights reserved
Nice discussion! You could have added the ability to spoof the MAC address, but that would have been confusing.
Agreed. Most of my audience are non techie. I also considered a deeper dive on DNS and DHCP, but those are a little further removed from the average use.
Tomorrow is DEC, BIN, OCT and HEX
So did you ever figure out who/what the fake Brains Phone was?
Nope. No one is going to volunteer