What is the exact use of a MAC address?

What are MAC addresses used for?

MAC addresses are the low level basics that make your local ethernet based network work. Local means that the network devices are either directly connected through a cable or by WiFi or over a network hub or network switch.

Network cards each have a unique MAC address. Packets that are sent on the ethernet are always coming from a MAC address and sent to a MAC address. If a network adapter is receiving a packet, it is comparing the packet's destination MAC address to the adapter's own MAC address. If the addresses match, the packet is processed, otherwise it is discarded.

There are special MAC addresses, one for example is ff:ff:ff:ff:ff:ff, which is the broadcast address and addresses every network adapter in the network.

How do IP addresses and MAC addresses work together?

IP is a protocol that is used on a layer above ethernet. Another protocol for example would be IPX. IP allows connecting of different local networks and thus forming a corporate network or the global internet.

When your computer wants to send a packet to some IP address x.x.x.x, then the first check is if the destination address is in the same IP network as the computer itself. If x.x.x.x is in the same network, then the destination IP can be reached directly, otherwise the packet needs to be sent to the configured router.

Up to now things seem to have gotten worse, because now we have two IP addresses: one is the original IP packet's target address, the other is the IP of the device to which we should send the packet (the next hop, either the final destination or the router).

Since ethernet uses MAC addresses, the sender needs to get the MAC address of the next hop. There is a special protocol ARP (address resolution protocol) that is used for that. Once the sender has retrieved the MAC address of the next hop, he writes that target MAC address into the packet and sends the packet.

How does ARP work?

ARP itself is a protocol above ethernet, like IP or IPX. When a device wants to know the MAC address for a given IP address, it sends a packet to the broadcast MAC address asking "Who has IP address y.y.y.y?" All devices receive that packet, but only the one with the IP address y.y.y.y will respond with a packet "It's me." The asking device receives the answer and now knows that the source MAC address of the ARP packet is the right MAC address to use. Of course the result will be cached, so the device does not need to resolve the MAC address every time.

Routing

I almost forgot to mention: there is no routing based on MAC addresses. Low level ethernet and MAC addresses can only reach every device on the same network (cabled or wireless). If you have two networks with a router in between you cannot have a device in network A send a packet to the MAC address of a device in network B. No device in network A has the MAC address of the device in network B, so a packet to this MAC address will be discarded by all devices in the network A (also by the router).

Routing is done on IP level. Simply seen the router is just doing what I described above in the section "How do IP addresses and MAC addresses work together?". The router will receive packets for its own MAC address but for a different IP address. He will then check if he can directly reach the target IP address. If so, he sends the packet to the target. Otherwise the router itself also has an upstream router configured and will send the packet to that router.

Of course you can have multiple routers configured. Your home router will only have one upstream router configured, but in the internet backbone the big routers have big routing tables so they know the best ways for all packets.

Other use cases for MAC addresses

1. Network switches store a list of MAC addresses seen at every port and only forward packets to the ports that need to see the packet.

2. Wireless access points often use MAC addresses for access control. They only allow access for known devices (MAC address is unique and identifies devices) with the correct passphrase.

3. DHCP servers use the MAC address to identify devices and give some devices fixed IP addresses.

TL;DR> MAC addresses are a low level component of an Ethernet network (and some other similar standards, such as WiFi). They allow a device to communicate with a machine on the local physical network (LAN), and cannot be routed across the Internet - because physical hardware might in theory be plugged in anywhere in the world.

By contrast, IP addresses cover the whole internet, and routers use them to figure out where to send data even if it needs multiple hops to reach its destination – but they aren't helpful in interfacing with the physical hardware on your local network.

If we ever found a better standard than Ethernet, it might not use MAC addresses but IP traffic from the internet could still flow across it, even if other people on the internet had never heard of it.

If we ever found a better standard than IP (for example IPv6 if all the IPv4 addresses ran out), most Ethernet hardware could carry the new kind of traffic without modification – and a simple software/firmware update would fix most of the rest.

MAC addresses are required to make a local Ethernet (or wifi) network function. They allow a network device to attract the attention of a single directly connected device, even though the physical connection is shared. This can be important when thousands of devices are connected together within a single organisation. They serve no function on the wider internet.

To really understand the answer to this question, you need to understand the OSI (sometimes known as the 7-layer) model.

For communication to take place between 2 applications running on separate machines which don't have a direct physical connection, a lot of work needs to take place.

In the olden days, each application would know exactly which machine code instructions needed to be run in order to produce an appropriate signal that would reach, and could be decoded by, the application at the far end. All communication was effectively point-to-point, and software had to be written to suit the exact situation in which it was to be deployed. Obviously, that was unsustainable.

Instead of this, the problem of networking was split into layers, and each layer knew how to speak to the matching layer on a remote machine, and how to communicate with the layer beneath (and sometimes above) it on its local machine. It knew nothing at all about any other layers in place – so your web browser doesn't need to care whether it is running on a machine that uses a token ring, ethernet or wifi network – and definitely doesn't need to know what hardware the remote machine uses.

To make this work, the 7 layer model uses a system rather like nested envelopes; the application creates its data and wraps it in an envelope for the Operating System to deliver. The OS wraps this in another envelope and passes it to the Network driver. The Network driver wraps this in yet another envelope and puts it onto the physical cable. And so on.

The bottom layer, layer 1, is the physical layer. This is the layer of wires and transistors and radio waves, and at this layer, communication is mostly just a stream of ones and noughts. The data goes everywhere that is physically connected. You plug your computer's network port into your switch using a CAT-5 cable.

Layer 2 is the Data link layer. This provides some structure to the ones and noughts, some error detection and correction capabilities, and some indication about which physically connected device (physical connections here can actually be over wifi) should pay attention to the message. This is the layer that MAC addresses come into play, and we'll come back to it later. But MAC addresses aren't the only possibility at this layer. Token ring networks, for example, need a different data link implementation.

Layer 3 is the Network layer. This is the layer that IP works at (though it isn't the only network layer protocol either), and it is this that allows computers to send a message that can get to any machine anywhere on the "network". There does not need to be a direct connection between the machines in question.

Layers 4-7 are higher level protocols. They get ever further away from the hardware and closer to the application. TCP, for example, sits on top of IP, and provides mechanisms that automatically resend messages when they go missing.

So MAC addresses work at Layer 2, and permit 2 machines that are physically connected to one another to send messages that will be ignored by other machines which share the same physical connection.

Suppose I have an application that wants to send some data to the machine with IP address 8.8.8.8

Layer 3 wraps up the data in an envelope that contains, amongst other things, the IP address 8.8.8.8 and then hands this to layer 2.

Layer 2 looks at this IP address and decides which machine that it is directly connected to is able to deal with this message. It will have a lookup table of a selection of the directly connected IP addresses together with the corresponding MAC address of the network card in that machine. This lookup table is constructed using a protocol called ARP, which lets a network card asks questions of the other directly connected devices. Ethernet reserves a special MAC address, FF:FF:FF:FF:FF:FF, which lets a device talk to all physically connected devices.

If the IP address is in the table (or can be resolved through ARP), it will wrap the Layer 3 envelope in a Layer 2 envelope with the MAC address in the new header, and then pass the whole bundle to the hardware at Layer 1. The network card with the matching MAC address will receive the message and the network driver will open the Layer 2 envelope and pass the contents up to whichever part of the operating system is expecting to receive messages at the specific IP address.

Alternatively, if the IP address isn't on the local network, the new envelope will have the MAC address of the default gateway (i.e. Router) configured for this network interface, and the hardware will transport the packet to the router.

The router notices its own MAC address in the layer 2 envelope, and opens the level 2 packet. It looks at the IP address on the level 3 envelope, and works out where the message needs to go next, which is probably going to be the router at your ISP. If the router uses NAT (or similar), it may even modify the level 3 envelope at this point, to keep your internal IP addresses private. It will then wrap the level 3 envelope in a new level 2 envelope that is addressed to the ISP's router's MAC address, and send the message there.

This process of removing the outer envelope and wrapping the contents in a new envelope addressed to the next step in the chain will continue until the message reaches the destination machine.

The envelopes will then continue being ripped off as the message walks back up the layers until it finally reaches its intended recipient, which will be an application somewhere which, hopefully, will know what to do with the message – but will have no idea how the message got there nor indeed all the steps required to get the response back to the original machine.

But it all works, almost like magic!

Note that network switches can use MAC addresses to optimise the flow of network traffic. While an ethernet hub simply forwards all incoming traffic to all of its ports, by contrast a switch can forward traffic only to the single port that the packet's destination MAC address is connected to. This increases the effective bandwidth of the network; by targeting specific ports, the switch avoids forwarding traffic on unnecessary segments of the network. The switch will use either ARP or packet sniffing to identify which devices are connected to which port. Switches completely ignore the contents of the Layer 2 packets.

The MAC-Address (Media Access Control address) in general is the identifier of devices in a network. So every NIC (network interface controller found in a router, PC, network-printer, server etc.) have MAC addresses. Some servers have more than one network card built in and therefore have multiple MAC addresses. The MAC address is 6 Bytes long (6 octets). Left is the most significant Byte and right the least significant Byte. As you can see in the picture below, the first 3 Bytes are the Organizationally Unique Identifier. This indicates the manufacturer who made this device.

Here's a list of Organizationally Unique Identifier: Standards.ieee.org

Here's an alternative to the above: MAC-Vendor-Lookup

A few examples of common known manufacturers:

• 00-05-5D (D-Link Systems Inc.)
• 00-09-5B (Netgear Inc.)
• 00-E0-4C (Realtek Semiconductor Corp.)
• 00-E0-4F (Cisco Systems Inc.)
• 00-E0-64 (Samsung Electronics)

The last 3 Bytes (3 octets) are randomly assigned by the manufacturer.

As pjc50 stated correctly the MAC address in an Ethernet network helps the switches decide which packet to send where. There is also a Broadcast-MAC-Address. ff:ff:ff:ff:ff:ff is used for the Broadcast-MAC-Address. Note that the MAC-Address can be changed so be careful using it as a definite device identifier! The MAC-Address is also used with the ARP (Address Resolution Protocol) protocol. So how it works is, PC A sends a ARP-Request to PC B with its own IP-Address, MAC-Address, the IP-Address of the receiver and the broadcast address mentioned above (ff:ff:ff:ff:ff:ff). After that PC B checks if the Packet was send to him or not. If yes, then PC B sends its own MAC-Address, IP-Address, the MAC-Address of the receiver and the IP-Address of the receiver back. The other devices discard the packet.

Both PC A and B usually save the successful connection in the so called ARP-Cache. The way the PCs save the connection differs from device to device. If you don't know the IP-Address then you can get the IP-Address with the Reverse Address Resolution Protocol (RARP). With RARP the device contacts a central client and asks it for the IP-Address. But this method is hardly used nowadays.

The following technologies use the MAC-48 identifier format:

• Ethernet
• 802.11 wireless networks
• Bluetooth
• IEEE 802.5 token ring
• most other IEEE 802 networks
• FDDI
• ATM (switched virtual connections only, as part of an NSAP address) Fibre Channel and Serial Attached SCSI (as part of a World Wide Name)