Questions about this topic? Sign up to ask in the talk tab.


From NetSec
Jump to: navigation, search

A Media Access Control address (MAC address) is a unique identifier in hexadecimal that is assigned to network devices. MAC addresses are used in several protocols, most notably Ethernet. MAC addresses follow a naming convention of six groups of two hexadecimal digits, separated by either hyphens (-) or colons (:) (e.g.: 01-23-45-67-89-AB or 01:23:45:67:89:AB). Another (but less common) naming convention is three groups of four hexadecimal digits separated by dots (.) (e.g.: 0123.4567.89ab).

How MACs Work

MAC addresses are primarily used for routing as they are unique to each network device. Using Address Resolution Protocol (ARP), each network device is given an IP address on the network, that is used also used for routing. The IP address of a network device is linked to its MAC address by means of ARP tables containing all known IP addresses and their corresponding MAC addresses. If the MAC address of an IP on the network is unknown, and data needs to be transferred to said IP address, the computer needing to send the data sends an ARP request looking for the corresponding MAC address. This is a common attack vector known as ARP cache poisoning, as there is no way to verify that the client responding to the message is the intended recipient.