Which MAC address?
- Thread starter emanup
- Start date
What do you mean by "the last machine" that you reach? You mean the machine at the other site that you went to on the Internet?
If so, it doesn't get the MAC address of any machine in your home network (unless it is sent as part of a data payload). It most likely gets the public IP address of your Internet Service Provider.
If so, it doesn't get the MAC address of any machine in your home network (unless it is sent as part of a data payload). It most likely gets the public IP address of your Internet Service Provider.
No it does not. The only MAC address it knows is the one that forwarded the packet with your payload. The reply may take an entirely different path. There is no requirement that the return packets must follow the same route back to your computer.
In general, no. Not unless that information is sent as part of a data payload. The same thing with your IP address (unless you have a globally-routable IP address, which is usually only that case if you have gone to the trouble to obtain a static IP address, which is pretty uncommon unless you are operating a website or other services that the world needs to be able to get to.
It's nothing like Hollywood would like everyone to believe.
Yes and no. There are multiple levels of communication going on. The MAC address is used by most (not all) protocols that work at the lower layers, such as the Data Link Layer, to communicate within a network (like your home ethernet LAN). But higher layer routing, such as what is done on the Internet in the Network Layer, is done via IP address routing.
Usually the MAC addresses of the private domain says behind the router so the public side only sees the public port MAC address. But the MAC address is not really a reliable identifier for a computer as it's easily changeable ( spoofing the MAC address ) and is sometimes randomly changed on devices for added security. ARP is layer 2 last hop, routing to remote host beyond your router is level 3. If you can see the internal network mac addresses from outside the router you can also see things that are much more valuable.
https://www.ibm.com/docs/en/zos-basic-skills?topic=3-address-resolution-protocol-arp
https://www.ibm.com/docs/en/zos-basic-skills?topic=3-address-resolution-protocol-arp
No I really would like just to understand what information gets (except the data payload) the Internet server that hosts the site, when I visit it.
It gets of course the IP address of my router external interface when I visit it. I have always known that.
I have not understood when you say "In general, no. Not unless that information is sent as part of a data payload. The same thing with your IP address".
My private address no, but the one assigned to me by my provider yes.
However it is something to do with privacy and piracy, possibly.
Last edited:
Most people get their internet service from an Internet Service Provider (ISP), who acts as the go-between between you and the rest of the world. So they assign you an IP address on THEIR network and that's the IP address assigned to the external interface of your router (it's actually the IP address of your modem, but the modem and router are probably integrated). But that is probably not a globally-routable IP address, just a local address on your ISP's network. What the other end of the conversation sees is one of your ISP's globally-routable IP addresses (assuming the traffic has to leave your ISP's network at all).
Oh, that's very interesting.
A person asked me about a fraudulent password change attempt on a site, presumably by the same person who, earlier, acted lawfully on his account, also on the same site.
Only that the IP addresses of the first access and the second fraudulent password change attempt are completely different, probably one assigned by a landline provider, while the other assigned by a mobile provider.
Thanks to a request for information to the site involved, it was possible to identify exactly the person who lawfully accessed his personal account, precisely thanks to the IP address that the service provider had assigned him, while on the IP address from which he came the fraudulent attempt is being investigated.
How was it possible to locate him thanks to the IP address provided by the service provider, in your opinion?
A number of possibilities. Most likely, the site logged the IP address, which belonged to an ISP. They then reached out to the ISP, possibly through law enforcement, and had the ISP search their logs (which they are required to keep in most countries) to see who had that IP address at that time. If Network Address Translation (NAT) was involved, the process is a bit more complicated, but not much.
Comcast supplies me with a dynamic public IPv4 address, which is nice: I can run it in bridge mode and do my own routing. This allows me to run my own services using DDNS to resolve my IP address.
IIRC, any assigned IPv6 addresses are inherently public, I think.
The MAC address is the Media Access Control address. It is not involved in IP, which is Internet Protocol. This refers to moving from one network (in your case your home LAN) to another, and that’s where routing comes it.
It would help to review the process of accessing something like a website. Some of the information below may be redundant to an explanation of the MAC address’ role, but rather than omit it and cause some hidden confusion, here are the steps in high level form:
1. You type a URL into your web browser. Let’s use https://forum.allaboutcircuits.com/threads/which-mac-address.192141/ as our example. Your own IP address is 192.168.1.10
The URL includes a hostname part (forums.allaboutcircuits.com), which is how the IP address of the remote computer will be determined. The hostname is a DNS name, not an address. It is a way to look up the address which is associated with it but it contains no information about the address in itself. This is important to keep in mind because DNS is a separate system and has nothing to do with the TCP/IP protocols themselves.
2. Your web browser attempts to resolve the hostname to an IP address using the system’s resolver.
In order to resolve the address, the host must talk to its configured DNS server. For this example the server will be the router (192.168.1.1) as it often is on a home LAN. That means the traffic remains local but that’s not required. The next thing that happens (assuming there is no entry in the ARP cache, and for demonstration there is not) is for the host to ARP, which is Address Resolution Protocol.
ARP resolves MAC addresses from IP addresses. The Media Access Control address is the unique address assigned to a piece of hardware. (Yes, there can be proxying and virtualization but we can deal with that separately). For our purposes we will assume for the moment that a MAC address is tied to a particular physical interface. That is, the MAC address is the Ethernet address (Wi-Fi, wired, fiber, whatever) used to address an interface via the physical connection it has to a LAN.
The ARP packet is a broadcast sent to the LAN's broadcast address. If your LAN uses the typical addressing of 192.168.1.0/24, meaning the last octet, or 8 bits, to the IP address are the host portion leaving the first 24 (hence /24) as the network portion, then your broadcast address will be 192.168.1.255
All nodes on the LAN listen to this address. The ARP is sent out saying:
Who has 192.168.1.1? Tell 192.168.1.10
The answer is a unicast Ethernet frame. It is sent directly to the asking computer using its MAC address, not its IP address. All LAN communications use the MAC address. Just like the hostname in the URL isn’t an address, the IP address is not an address on the wire—it’s just a way to get one, sometimes in one step, sometimes in many. But the IP part demands that it be able to route and that means it contains a network address and a host number on that network but without ARP you can’t know which host that is.
The connection to the router’s DNS server returns an answer for the remote machine of 172.67.34.128
3. The browser attempts to make a connection to 172.67.34.128 on port 443 to establish an SSL session
Here many things happen at the level of the TCP/IP stack in the operating system, they start with:
4. The TCP/IP stack checks the address the address of the remote machine against the routing table on the host. Their routing table is a list of network addresses and netmasks of increasing specificity that tell the stack where to send particular traffic. In the case of the host itself the route looks like:
192.168.1.10 netmask 255.255.255.255 gateway 192.168.1.10
The netmask is a bitwise mask that marks out the network portion of an IP address. The IP address is notated as octets for convenience. The reality is just a 32-bit string of ones and zeroes. That binary arithmetic can manipulate it is a great convenience but it is not a number.
It is very enlightening to write out an IP address in binary along with its netmask. Here it is for our host’s network:
You can see the correspondence of the address and netmask, and how the host portion is the last 8 bits. So the routing table is telling us that the directly accessible LAN we live on is 192.168.1.XXX and if something has an address matching this pattern we simply try to talk to it from our own LAN port directly.
But, if there isn’t a specific routing table entry for an address, we have to rely on the default route. This route has a netmask of 0.0.0.0, that is, every bit of it is a host. We will only reach this route if any others with more specificity fail to match our address of interest. The gateway for this route is the router on a simple home LAN where it is either here or somewhere else.
So, we pass the traffic for the remote host to the router, and our connection to the router is via Ethernet protocol using MAC addresses because that’s how we can communication on a LAN.
5. The router does much the same dance with its gateway.
The router on our home LAN has only three routes in its table: itself, the LAN, and the LAN which its WAN port it connected to—the ISP’s LAN. It ARPs to get the MAC of the gateway on that LAN and uses Ethernet protocol to talk to it and hand off the traffic.
The ISP’s router has more routes, and chooses how to get to the network of interest according to the routes that are sent to it using BGP. Border Gateway Protocol is how routers on the Internet share routing tables. You may have caught on that an IP address without a netmask is meaningless. To be useful, an IP address has two parts so you know how to send it along.
In the old days, there was classful routing. That is, you could use the first two bits of an IP address to determine what the netmask was for that address. For example, the 10.0.0.0 network is a Class A network and gets a 255.0.0.0 mask. This gives it lots of hosts—16.7 million of them—but only 253 networks, 10 being one of them. 172.16.0.0 would be a Class B with a mask of 255.255.0.0 half the bits going to networks and half to hosts, while 192.168.0.0 would be a Class C having 24 network bits for lots of networks and 8 host bits for only 253 hosts.
But the complexity of the IPv4 address space has grown exponentially and now we have sub- and supernets and all sorts of shenanigans. So the routing tables are dynamically updated.
Note that I am avoiding IPv6 because it is completely different set of things but it still uses the basic ideas of routing tables and netmasks so this is relevant if you want to learn that too, and I encourage it.
6. The traffic eventually finds it way to the router that is connected to the same physical LAN as the computer we are interested in talking to.
At this point, the router on the remote LAN is going to hand off the traffic to the target server, but of course it has to find it first and so it will ARP, possibly like:
Who has 172.67.34.128? Tell 172.67.33.1
To answer, the remote server has to use a MAC address, the address of 172.67.33.1—the physical interface of the router on its LAN. So you can see how your MAC address is completely useless to the remote computer. Knowing it would do nothing at all to facilitate the communication.
The Media in Media Access Control is the wire, or the radio frequency, or the fiber that comprises the LAN. MAC addresses are not used for IP because they contain no information about the identity of the network and so can’t help find a host that is not on your network.
The rest of the process is the reverse of this description, and of course there are many more details not covered in this. But the more you know about the protocols the more easily you will be able to tell what is sensible and what isn’t.
As one last aside, automatically assigned IPv6 addresses use the MAC address as part of the IP address because of the convenience of the uniqueness. This is seen as a possible privacy issue since it will be traceable to one particular computer so there is a privacy feature in IPv6 stacks to generate changing, random addresses rather than the fixed one based on MAC.
It would help to review the process of accessing something like a website. Some of the information below may be redundant to an explanation of the MAC address’ role, but rather than omit it and cause some hidden confusion, here are the steps in high level form:
| TL; DR: The MAC address is only relevant on a LAN, between two networks if it useless—that’s why we have Internet Protocol addresses which contain information about both the network and the host, but IP addresses must be resolved to MAC addresses to communicate on a LAN. |
1. You type a URL into your web browser. Let’s use https://forum.allaboutcircuits.com/threads/which-mac-address.192141/ as our example. Your own IP address is 192.168.1.10
The URL includes a hostname part (forums.allaboutcircuits.com), which is how the IP address of the remote computer will be determined. The hostname is a DNS name, not an address. It is a way to look up the address which is associated with it but it contains no information about the address in itself. This is important to keep in mind because DNS is a separate system and has nothing to do with the TCP/IP protocols themselves.
2. Your web browser attempts to resolve the hostname to an IP address using the system’s resolver.
In order to resolve the address, the host must talk to its configured DNS server. For this example the server will be the router (192.168.1.1) as it often is on a home LAN. That means the traffic remains local but that’s not required. The next thing that happens (assuming there is no entry in the ARP cache, and for demonstration there is not) is for the host to ARP, which is Address Resolution Protocol.
ARP resolves MAC addresses from IP addresses. The Media Access Control address is the unique address assigned to a piece of hardware. (Yes, there can be proxying and virtualization but we can deal with that separately). For our purposes we will assume for the moment that a MAC address is tied to a particular physical interface. That is, the MAC address is the Ethernet address (Wi-Fi, wired, fiber, whatever) used to address an interface via the physical connection it has to a LAN.
The ARP packet is a broadcast sent to the LAN's broadcast address. If your LAN uses the typical addressing of 192.168.1.0/24, meaning the last octet, or 8 bits, to the IP address are the host portion leaving the first 24 (hence /24) as the network portion, then your broadcast address will be 192.168.1.255
All nodes on the LAN listen to this address. The ARP is sent out saying:
Who has 192.168.1.1? Tell 192.168.1.10
The answer is a unicast Ethernet frame. It is sent directly to the asking computer using its MAC address, not its IP address. All LAN communications use the MAC address. Just like the hostname in the URL isn’t an address, the IP address is not an address on the wire—it’s just a way to get one, sometimes in one step, sometimes in many. But the IP part demands that it be able to route and that means it contains a network address and a host number on that network but without ARP you can’t know which host that is.
The connection to the router’s DNS server returns an answer for the remote machine of 172.67.34.128
3. The browser attempts to make a connection to 172.67.34.128 on port 443 to establish an SSL session
Here many things happen at the level of the TCP/IP stack in the operating system, they start with:
4. The TCP/IP stack checks the address the address of the remote machine against the routing table on the host. Their routing table is a list of network addresses and netmasks of increasing specificity that tell the stack where to send particular traffic. In the case of the host itself the route looks like:
192.168.1.10 netmask 255.255.255.255 gateway 192.168.1.10
The netmask is a bitwise mask that marks out the network portion of an IP address. The IP address is notated as octets for convenience. The reality is just a 32-bit string of ones and zeroes. That binary arithmetic can manipulate it is a great convenience but it is not a number.
It is very enlightening to write out an IP address in binary along with its netmask. Here it is for our host’s network:
11000000101010000000000100001010
11111111111111111111111100000000You can see the correspondence of the address and netmask, and how the host portion is the last 8 bits. So the routing table is telling us that the directly accessible LAN we live on is 192.168.1.XXX and if something has an address matching this pattern we simply try to talk to it from our own LAN port directly.
But, if there isn’t a specific routing table entry for an address, we have to rely on the default route. This route has a netmask of 0.0.0.0, that is, every bit of it is a host. We will only reach this route if any others with more specificity fail to match our address of interest. The gateway for this route is the router on a simple home LAN where it is either here or somewhere else.
So, we pass the traffic for the remote host to the router, and our connection to the router is via Ethernet protocol using MAC addresses because that’s how we can communication on a LAN.
5. The router does much the same dance with its gateway.
The router on our home LAN has only three routes in its table: itself, the LAN, and the LAN which its WAN port it connected to—the ISP’s LAN. It ARPs to get the MAC of the gateway on that LAN and uses Ethernet protocol to talk to it and hand off the traffic.
The ISP’s router has more routes, and chooses how to get to the network of interest according to the routes that are sent to it using BGP. Border Gateway Protocol is how routers on the Internet share routing tables. You may have caught on that an IP address without a netmask is meaningless. To be useful, an IP address has two parts so you know how to send it along.
In the old days, there was classful routing. That is, you could use the first two bits of an IP address to determine what the netmask was for that address. For example, the 10.0.0.0 network is a Class A network and gets a 255.0.0.0 mask. This gives it lots of hosts—16.7 million of them—but only 253 networks, 10 being one of them. 172.16.0.0 would be a Class B with a mask of 255.255.0.0 half the bits going to networks and half to hosts, while 192.168.0.0 would be a Class C having 24 network bits for lots of networks and 8 host bits for only 253 hosts.
But the complexity of the IPv4 address space has grown exponentially and now we have sub- and supernets and all sorts of shenanigans. So the routing tables are dynamically updated.
Note that I am avoiding IPv6 because it is completely different set of things but it still uses the basic ideas of routing tables and netmasks so this is relevant if you want to learn that too, and I encourage it.
6. The traffic eventually finds it way to the router that is connected to the same physical LAN as the computer we are interested in talking to.
At this point, the router on the remote LAN is going to hand off the traffic to the target server, but of course it has to find it first and so it will ARP, possibly like:
Who has 172.67.34.128? Tell 172.67.33.1
To answer, the remote server has to use a MAC address, the address of 172.67.33.1—the physical interface of the router on its LAN. So you can see how your MAC address is completely useless to the remote computer. Knowing it would do nothing at all to facilitate the communication.
The Media in Media Access Control is the wire, or the radio frequency, or the fiber that comprises the LAN. MAC addresses are not used for IP because they contain no information about the identity of the network and so can’t help find a host that is not on your network.
The rest of the process is the reverse of this description, and of course there are many more details not covered in this. But the more you know about the protocols the more easily you will be able to tell what is sensible and what isn’t.
As one last aside, automatically assigned IPv6 addresses use the MAC address as part of the IP address because of the convenience of the uniqueness. This is seen as a possible privacy issue since it will be traceable to one particular computer so there is a privacy feature in IPv6 stacks to generate changing, random addresses rather than the fixed one based on MAC.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| K | Function Address Storage [ SOLVED ] | Programming & Languages | 13 | |
| K | Slave address modbus | Microcontrollers | 3 | |
| G | Variable Address Assignment | Programming & Languages | 7 | |
|
The most minimal clever way to read an 8-Bit address from a DIP Switch | General Electronics Chat | 47 | |
| K | Z80 address decoder | Digital Design | 5 |
You May Also Like
-
Generative AI Meets Its Computing Match in Nvidia’s New GPU
by Jake Hertz
-
ISSCC 2024: MediaTek Presents Neural Visual-Enhancement Engine for IoT
by Jake Hertz
-
ST’s Latest Wireless MCUs Meet Stringent IoT Security Standards
by Aaron Carman
-
Shake It Off! A Digital Drawing Pad Inspired by the Iconic Etch A Sketch
