Networking know-how: MAC and you
A CRASH COURSE IN WHAT YOUR MAC ADDRESS IS, AND HOW YOU CAN USE IT TO MAKE YOUR NETWORK DO EXACTLY WHAT YOU WANT.
LAST MONTH, WE touched a little on networking devices’ media access control (MAC) addresses. This month, we’re going to go into them in more depth: what they are and how you might use them. Once you understand MAC addresses, a lot of local networking stuff becomes much easier to comprehend!
WHAT IS A MAC ADDRESS?
The short answer to that question is that a MAC address is the unique 48-bit identifier for a network device, generally assigned during its manufacture. It’s how devices identify each other on the local network, and is generally shown as 12 hexadecimal characters (hex characters are 0 to 9 and a to f); for example a1:b2:c3:d4:e5:f6.
The longer answer requires a little knowledge of how data is sent across the network. On a local network, devices talk to each other using MAC addresses. If a1:b2:c3:d4:e5:f6 wanted to talk to 7f:8e:9d:0c:1b:2a, it would just put a data packet on the Ethernet or Wi-Fi network flagged with that as a destination target.
Now, unlike IP addresses, MAC addresses have no actual routing function, no way of identifying where on the network the destination is. It’s like putting a name on an envelope with no address. How it works instead is that your router/switch/access point remembers what devices are plugged into which port. In the example above, it would remember that 7f:8e:9d:0c:1b:2a is plugged into LAN port 2 and so sends the packet along to that port. If it doesn’t have a record of that device, then it just broadcasts the packet to every port — when the target replies, it makes a note of which port it is attached to.
Obviously, MAC addresses can’t be used on the internet, because your switch can’t remember every MAC address in the world and because broadcasts would clog up the works. That’s why IP was invented; IP has an integral routing function, it tells you where on the network a device is — kind of like a street address on a letter, except that, in the case of IP, it’s a network map (which ISP it is, which exchange, which subnet and so on). If a device is moved to another point on the network, its IP address changes. Its MAC address always stays the same.
USING A MAC ADDRESS
For the most part, you as a user will almost never have to use MAC addresses. MAC sits on a layer below IP and the other protocols we actually use. It’s used by IP, by CIFS (Windows File Sharing), by DHCP (the initial ‘bootstrap’ protocol where IP addresses are assigned), for network discovery in UPnP and DLNA (which use local broadcasts to find devices) and in many other cases as well. But it’s generally used transparently — we don’t have to deal with it.
There are a couple of instances where MAC addresses are commonly used, however, and we’re going to talk about them below. First, though, you need to find your device’s MAC address.
FINDING A MAC ADDRESS
The easiest way to find a device’s MAC address is to examine the device itself. Many Ethernet and Wi-Fi devices come with a sticker, tab or bit of paper showing their MAC address. But if it doesn’t, you have to find it in software. In Windows, follow these steps: Press Windows-R to open the Run box, then type cmd into that box and press enter.
This will open the command line window. Type: ipconfig /all Look for the line that says Physical Address. That’s your MAC address.
On macOS, head to ‘System Preferences > Network’ and hit the ‘Advanced...’ button. Then click on the Hardware tab and the MAC address is listed there.
On iOS, go to ‘Settings > General > About’ and look for the line that says ‘Wi-Fi Address’. That will show your MAC address.
On Android, go to ‘Settings > About Phone/ Tablet > Status’ and your MAC address will be listed. With Samsung TouchWiz, it’s ‘Settings > General > About Device > Status’.
RESTRICTING WIRELESS ACCESS BY MAC ADDRESS
One common application of MAC addresses is wireless access restriction. Many routers have a wireless security option that lets you restrict access based on MAC addresses — only devices with approved MAC addresses can access the network.
Now we should note up front that this is very far from bulletproof. MAC addresses are software coded and not encrypted, so it’s actually very easy to change a MAC address and spoof the network. In other words, a dedicated hacker can get around this easily by changing their device’s MAC address to an approved one. But this method is effective enough against more casual hackers and war drivers.
It varies from router to router, but generally you’ll find the MAC filtering option under Wireless security. You’ll need to enable it, then manually add MAC addresses to the list, one by one. Some routers give you the option to white list (only devices with the listed MAC addresses have access) or black list (devices with the listed MAC addresses are denied access). The white list is typically more useful.
As an important note: if you’re setting this up from a Wi-Fi device, make sure that your current device is the first one you add to the white list! Otherwise you might be denied access to the admin console and you’ll have to plug your device into an Ethernet port.
Once you’ve done this, Wi-Fi access should be restricted based on this list.
PARENTAL CONTROLS AND TIME RESTRICTIONS USING MAC ADDRESSES
Many router models also let you restrict internet access times using MAC addresses. In general, IP addresses won’t work because IP addresses change, even on the local network. But because a MAC address is a constant, it’s a useful way to specify that a particular device should only be able to access the internet at certain times.
Again, it varies from manufacturer to manufacturer, and it’s not present in all routers, but you’ll generally find it in the Parental Control section. There you go through these steps: Switch on parental controls. Choose the device to be restricted. On some routers, you’ll manually type the MAC address into the MAC field. Some routers, like ASUS and Linksys, will let you choose from a list of currently attached devices based on their current IP address or network name and it will auto-fill the MAC address in for you. Set an access schedule (or switch off access altogether) by clicking on the schedule/time management link for that device. Some routers let you create a generic schedule that you apply to multiple devices. Once you’ve set it up, the device with the restricted MAC address will be blocked from internet access during the specified times. Easy and done.