MAC

• It is Layer-2 Protocol
• Media Access Control
• aka Physical address, Hardware address, Ethernet ID, NIC address etc.
• Every device that connects to IEEE-802 network has MAC address
• IEEE-802 devices: Ethernet, WiFi, Bluetooth
• It is independent of IP address
• MAC address never changes and is assigned by the manufacturer
• https://superuser.com/questions/623511/what-is-the-exact-use-of-a-mac-address

MAC address

• 04:EA:56:84:28:6C = [00-FF]:[00-FF]:[00-FF]:[00-FF]:[00-FF]:[00-FF]
• 48 bits = 12 digits hex = 6 octets (6 bytes) = 8bits-8bits-8bits-8bits-8bits-8bits
• 1 byte = 2 digit (00-ff) in hex = 0-255 in decimal
• You can use first half of MAC address to identify the manufacturer online
  • M = manufacturer
  • I = unique identifier of device
  • MAC = M:M:M:I:I:I

Use of MAC Address

• https://superuser.com/questions/623511/what-is-the-exact-use-of-a-mac-address
• MAC addresses are required to make a local Ethernet (or wifi) network function.
• They serve no function on the wider internet.

Security

• MAC addresses are randomized when connected to the WiFi from Devices to keep the user privacy in Local Network
• This works because MAC Address is only used in the local network and not transmitted to the internet
• https://source.android.com/docs/core/connect/wifi-mac-randomization-behavior
• https://support.apple.com/en-gb/guide/security/secb9cb3140c/web
• https://support.microsoft.com/en-gb/windows/why-use-random-hardware-addresses-060ad2e9-526e-4f1c-9f3d-fe6a842640ed

ARP

• Address resolution protocol
• RFC-826
• responsible for locating a device’s MAC address
• Resolves IP to MAC mappings
• Uses Layer-2 and Layer-3
• Primarily works on Layer-2
• ARP request contains:
  • Hardware Type
  • Protocol Type
  • Sender Protocol Address
  • Target Protocol Address
  • Sender Hardware Address
  • Target Hardware Address

ARP Cache

• aka ARP Table
• Every node in the network maintains ARP Cache, hence every computer also has arp cache stored in it
• This is done to avoid sending ARP requests again and again
• arp command can be used to check the arp table in the computer
  • 192.168.31.1 is actually WiFi router address

$ arp -a
? (192.168.31.1) at 8c:83:94:88:17:5a on en0 ifscope [ethernet]
? (192.168.31.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]
? (192.168.205.255) at ff:ff:ff:ff:ff:ff on bridge100 ifscope [bridge]
mdns.mcast.net (224.0.0.251) at 1:0:5e:0:0:fb on en0 ifscope permanent [ethernet]

• ??
  • https://superuser.com/questions/1272010/where-is-the-arp-cache-on-linux
  • https://serverfault.com/questions/597221/why-arp-cache-is-stored-in-both-machine-and-switch

Working of ARP

• Client sends ARP request (works on L2) containing
  • Source IP address
  • Destination IP address
  • Source MAC address
  • Destination MAC address (to be known, set as broadcast: FF:FF:FF:FF:FF:FF)
• This request is sent as broadcast (not clear)
  • If the default gateway MAC is not known
    • ARP request is generated with default gateway IP address
  • else If the destination is in the same network
    • ARP is sent to default gateway to broadcast to all devices
  • else
    • ARP is not really required, since ARP cannot work to get MAC from outside the network
    • Routers will drop the packet
    • Switch will broadcast
• The destination receives it
  • populates ARP cache for source: IP/MAC
  • replies to the sender as unicast with containing src: IP/MAC and dest: IP/MAC
• Sender receives it
  • populates ARP cache for destination: IP/MAC
• Sender uses this info for further communication

Sending Data to Destination Host

• Using destination IP address and subnet, determine if the destination IP address is on local or foreign network
• If local network
  • send ARP request for destination IP to resolve its MAC address
  • send the data with destination’s MAC address and destination IP address
• If foreign network
  • send ARP request for default gateway to resolve its MAC address
  • send the data with router’s MAC address and destination IP address