Analysis To protect mobile devices from being tracked as they move through Wi-Fi-rich environments, there's a technique known as MAC address randomization. This replaces the number that uniquely identifies a device's wireless hardware with randomly generated values.
MAC Address is basically nothing but the unique hardware address of any Wireless or any Ethernet capable device. Check the bottom of the guide to know how to Find Mac Address of Android Devices for Android Jellybean & KitKat powered devices. Procedure to find the Mac address in Android. A Wi-Fi Address displays. This is your device’s MAC address. Android: In most cases, you can follow this procedure to locate your MAC address: Select Settings About Device Status. A WiFi Address or WiFi MAC Address displays. This is your device’s MAC address. If this does not work, refer to your device’s user manual. If you have two networks with a router in between you cannot have a device in network A send a packet to the MAC address of a device in network B. No device in network A has the MAC address of the device in network B, so a packet to this MAC address will be discarded by all devices in the network A (also by the router). Routing is done on IP level. A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet.
In theory, this prevents scumbags from tracking devices from network to network, and by extension the individuals using them, because the devices in question call out to these nearby networks using different hardware identifiers.
It's a real issue because stores can buy Wi-Fi equipment that logs smartphones' MAC addresses, so that shoppers are recognized by their handheld when they next walk in, or walk into affiliate shop with the same creepy system present. This could be used to alert assistants, or to follow people from department to department, store to store, and then sell that data to marketers and ad companies.
Mac Address For Android Device Windows 10
Public wireless hotspots can do the same. Transport for London in the UK, for instance, used these techniques to study Tube passengers.
Regularly changing a device's MAC address is supposed to defeat this tracking.
But it turns out to be completely worthless, due to a combination of implementation flaws and vulnerabilities. That and the fact that MAC address randomization is not enabled on the majority of Android phones.
In a paper published on Wednesday, US Naval Academy researchers report that they were able to 'track 100 per cent of devices using randomization, regardless of manufacturer, by exploiting a previously unknown flaw in the way existing wireless chipsets handle low-level control frames.'
Beyond this one vulnerability, an active RTS (Request to Send) attack, the researchers also identify several alternative deanonymization techniques that work against certain types of devices.
Mac Address For Android Device Working
Cellular radio hardware has its own set of security and privacy issues; these are not considered in the Naval Academy study, which focuses on Android and iOS devices.
Each 802.11 network interface in a mobile phone has a 48-bit MAC addresslayer-2 hardware identifier, one that's supposed to be persistent and globally unique.
Hardware makers can register with the Institute of Electrical and Electronics Engineers (IEEE) to buy a block of MAC addresses for their networking products: the manufacturer is assigned a three-byte Organizationally Unique Identifier, or OUI, with is combined with an additional three-byte identifier that can be set to any value. Put those six bytes together, and you've got a 48-bit MAC address that should be globally unique for each device.
The IEEE's registration system makes it easy to identify the maker of a particular piece of network hardware. The IEEE also provides the ability to purchase a private OUI that's not associated with a company name, but according to the researchers 'this additional privacy feature is not currently used by any major manufacturers that we are aware of.'
Alternatively, the IEEE offers a Company Identifier, or CID, which is another three-byte prefix that can be combined with three additional bytes to form 48-bit MAC addresses. CID addresses can be used in situations where global uniqueness is not required. These CID numbers tend to be used for MAC address randomization and are usually transmitted when a device unassociated with a specific access point broadcasts 802.11 probe requests, the paper explains.
The researchers focused on devices unassociated with a network access point – as might happen when walking down the street through various Wi-Fi networks – rather than those associated and authenticated with a specific access point, where the privacy concerns differ and unique global MAC addresses come into play.
Unmasking
Previous security research has shown that flaws in the Wi-Fi Protected Setup (WPS) protocol can be used to reverse engineer a device's globally unique MAC address through a technique called Universally Unique IDentifier-Enrollee (UUID-E) reversal. The US Naval Academy study builds upon that work by focusing on randomized MAC address implementations.
The researchers found that 'the overwhelming majority of Android devices are not implementing the available randomization capabilities built into the Android OS,' which makes such Android devices trivial to track. It's not clear why this is the case, but the researchers speculate that 802.11 chipset and firmware incompatibilities might be part of it.
Get ourTech Resources
Discover which company built a networked interface by MAC Address.
- Several formats accepted:
00-1C-23-59-5A-92
,001c23595a92
,00:1C:23:59:5A:92
- Partial searches are accepted:
001c
,2359:92
- Uses several databases including NMAP, IEEE Official List, Wireshark Info, and more.
- Never know what else may show up ;)
MAC address
A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet. Logically, MAC addresses are used in the media access control protocol sublayer of the OSI reference model.
MAC addresses are most often assigned by the manufacturer of a network interface controller (NIC) and are stored in its hardware, such as the card's read-only memory or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number and may be referred to as the burned-in address (BIA). It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. This can be contrasted to a programmed address, where the host device issues commands to the NIC to use an arbitrary address.
A network node may have multiple NICs and each must have one unique MAC address per NIC.
MAC addresses are formed according to the rules of one of three numbering name spaces managed by the Institute of Electrical and Electronics Engineers (IEEE): MAC-48, EUI-48, and EUI-64. The IEEE claims trademarks on the names EUI-48 and EUI-64, in which EUI is an abbreviation for Extended Unique Identifier.
Notational conventions
The standard (IEEE 802) format for printing MAC-48 addresses in human-friendly form is six groups of two hexadecimal digits, separated by hyphens (
-
) or colons (:
), in transmission order (e.g. 01-23-45-67-89-ab
or 01:23:45:67:89:ab
). This form is also commonly used for EUI-64. Another convention used by networking equipment uses three groups of four hexadecimal digits separated by dots (.
) (e.g. 0123.4567.89ab
), again in transmission order.Address details
The original IEEE 802 MAC address comes from the original Xerox Ethernet addressing scheme. This 48-bit address space contains potentially 248 or 281,474,976,710,656 possible MAC addresses.
All three numbering systems use the same format and differ only in the length of the identifier. Addresses can either be universally administered addresses or locally administered addresses. A universally administered address is uniquely assigned to a device by its manufacturer. The first three octets (in transmission order) identify the organization that issued the identifier and are known as the Organizationally Unique Identifier (OUI). The following three (MAC-48 and EUI-48) or five (EUI-64) octets are assigned by that organization in nearly any manner they please, subject to the constraint of uniqueness. The IEEE has a target lifetime of 100 years for applications using MAC-48 space, but encourages adoption of EUI-64s instead. A locally administered address is assigned to a device by a network administrator, overriding the burned-in address. Locally administered addresses do not contain OUIs.
Universally administered and locally administered addresses are distinguished by setting the second-least-significant bit of the most significant byte of the address. This bit is also referred to as the U/L bit, short for Universal/Local, which identifies how the address is administered. If the bit is 0, the address is universally administered. If it is 1, the address is locally administered. In the example address 06-00-00-00-00-00 the most significant byte is 06 (hex), the binary form of which is 00000110, where the second-least-significant bit is 1. Therefore, it is a locally administered address. Consequently, this bit is 0 in all OUIs.
![Mac Mac](/uploads/1/1/9/4/119495679/756737195.jpg)
If the least significant bit of the most significant octet of an address is set to 0 (zero), the frame is meant to reach only one receiving NIC. This type of transmission is called unicast. A unicast frame is transmitted to all nodes within the collision domain, which typically ends at the nearest network switch or router. A switch will forward a unicast frame through all of its ports (except for the port that originated the frame) if the switch has no knowledge of which port leads to that MAC address, or just to the proper port if it does have knowledge. Only the node with the matching hardware MAC address will accept the frame; network frames with non-matching MAC-addresses are ignored, unless the device is in promiscuous mode.
If the least significant bit of the most significant address octet is set to 1, the frame will still be sent only once; however, NICs will choose to accept it based on criteria other than the matching of a MAC address: for example, based on a configurable list of accepted multicast MAC addresses. This is called multicast addressing.
The following technologies use the MAC-48 identifier format:
- Ethernet
- 802.11 wireless networks
- IEEE 802.5 token ring
- most other IEEE 802 networks
- Fiber Distributed Data Interface (FDDI)
- Asynchronous Transfer Mode (ATM), switched virtual connections only, as part of an NSAP address
- Fibre Channel and Serial Attached SCSI (as part of a World Wide Name)
- The ITU-TG.hn standard, which provides a way to create a high-speed (up to 1 gigabit/s) local area network using existing home wiring (power lines, phone lines and coaxial cables). The G.hn Application Protocol Convergence (APC) layer accepts Ethernet frames that use the MAC-48 format and encapsulates them into G.hn Medium Access Control Service Data Units (MSDUs).
Every device that connects to an IEEE 802 network (such as Ethernet and WiFi) has a MAC-48 address. Common consumer devices to use MAC-48 include every PC, iPhone, iPad, and Android-based devices.
The distinction between EUI-48 and MAC-48 identifiers is purely nominal: MAC-48 is used for network hardware; EUI-48 is used to identify other devices and software. (Thus, by definition, an EUI-48 is not in fact a 'MAC address', although it is syntactically indistinguishable from one and assigned from the same numbering space.)
The IEEE now considers the label MAC-48 to be an obsolete term, previously used to refer to a specific type of EUI-48 identifier used to address hardware interfaces within existing 802-based networking applications, and thus not to be used in the future. Instead, the proprietary term EUI-48 should be used for this purpose.
The EUI-48 is expected to have its address space exhausted by the year 2100.
Mac Address For Android Devices
EUI-64 identifiers are used in:
- IPv6 (Modified EUI-64 as the least-significant 64 bits of a unicast network address or link-local address when stateless autoconfiguration is used)
- ZigBee / 802.15.4 / 6LoWPAN wireless personal-area networks
The IEEE has built in several special address types to allow more than one network interface card to be addressed at one time:
- Packets sent to the broadcast address, all one bits, are received by all stations on a local area network. In hexadecimal the broadcast address would be
FF:FF:FF:FF:FF:FF
. A broadcast frame is flooded and is forwarded to and accepted by all other nodes. - Packets sent to a multicast address are received by all stations on a LAN that have been configured to receive packets sent to that address.
- Functional addresses identify one or more Token Ring NICs that provide a particular service, defined in IEEE 802.5.
These are all examples of group addresses, as opposed to individual addresses; the least significant bit of the first octet of a MAC address distinguishes individual addresses from group addresses. That bit is set to 0 in individual addresses and set to 1 in group addresses. Group addresses, like individual addresses, can be universally administered or locally administered.
In addition, the EUI-64 numbering system encompasses both MAC-48 and EUI-48 identifiers by a simple translation mechanism. To convert a MAC-48 into an EUI-64, copy the OUI, append the two octets
IPv6 — one of the most prominent standards that uses a Modified EUI-64 — treats MAC-48 as EUI-48 instead (as it is chosen from the same address pool) and toggles the U/L bit (as this makes it easier to type locally assigned IPv6 addresses based on the Modified EUI-64). This results in extending MAC addresses (such as IEEE 802 MAC address) to Modified EUI-64 using only
FF-FF
and then copy the organization-specified extension identifier. To convert an EUI-48 into an EUI-64, the same process is used, but the sequence inserted is FF-FE
. In both cases, the process can be trivially reversed when necessary. Organizations issuing EUI-64s are cautioned against issuing identifiers that could be confused with these forms. The IEEE policy is to discourage new uses of 48-bit identifiers in favor of the EUI-64 system.IPv6 — one of the most prominent standards that uses a Modified EUI-64 — treats MAC-48 as EUI-48 instead (as it is chosen from the same address pool) and toggles the U/L bit (as this makes it easier to type locally assigned IPv6 addresses based on the Modified EUI-64). This results in extending MAC addresses (such as IEEE 802 MAC address) to Modified EUI-64 using only
FF-FE
(and never FF-FF
) and with the U/L bit inverted.Individual address block
An Individual Address Block is a 24-bit OUI managed by the IEEE Registration Authority, followed by 12 IEEE-provided bits (identifying the organization), and 12 bits for the owner to assign to individual devices. An IAB is ideal for organizations requiring fewer than 4097 unique 48-bit numbers (EUI-48).
Mac Address Usage in hosts
Although intended to be a permanent and globally unique identification, it is possible to change the MAC address on most modern hardware. Changing MAC addresses is necessary in network virtualization. It can also be used in the process of exploiting security vulnerabilities. This is called MAC spoofing.
A host cannot determine from the MAC address of another host whether that host is on the same link (network segment) as the sending host, or on a network segment bridged to that network segment.
In IP networks, the MAC address of an interface can be queried given the IP address using the Address Resolution Protocol (ARP) for Internet Protocol Version 4 (IPv4) or the Neighbor Discovery Protocol (NDP) for IPv6. In this way, ARP or NDP is used to translate IP addresses (OSI layer 3) into Ethernet MAC addresses (OSI layer 2). On broadcast networks, such as Ethernet, the MAC address uniquely identifies each node on that segment and allows frames to be marked for specific hosts. It thus forms the basis of most of the link layer (OSI Layer 2) networking upon which upper layer protocols rely to produce complex, functioning networks.
Mac Address Usage in switches
Layer 2 switches use MAC addresses to restrict packet transmission to the intended recipient. However, the effect is not immediate.
Bit-reversed notation
The standard notation, also called canonical format, for MAC addresses is written in transmission bit order with the least significant bit transmitted first, as seen in the output of the iproute2/ifconfig/ipconfig command, for example.
However, since IEEE 802.3 (Ethernet) and IEEE 802.4 (Token Bus) send the bytes (octets) over the wire, left-to-right, with least significant bit in each byte first, while IEEE 802.5 (Token Ring) and IEEE 802.6 send the bytes over the wire with the most significant bit first, confusion may arise when an address in the latter scenario is represented with bits reversed from the canonical representation. For example, an address in canonical form
12-34-56-78-9A-BC
would be transmitted over the wire as bits 01001000 00101100 01101010 00011110 01011001 00111101
in the standard transmission order (least significant bit first). But for Token Ring networks, it would be transmitted as bits 00010010 00110100 01010110 01111000 10011010 10111100
in most-significant-bit first order. The latter might be incorrectly displayed as 48-2C-6A-1E-59-3D
. This is referred to as bit-reversed order, non-canonical form, MSB format, IBM format, or Token Ring format, as explained in RFC 2469. Canonical form is generally preferred, and used by all modern implementations.When the first switches supporting both Token Ring and Ethernet came out, some did not distinguish between canonical form and non-canonical form and so did not reverse MAC address bits as required. This led to cases of duplicate MAC addresses in the field.
See also
![Device Device](/uploads/1/1/9/4/119495679/318582612.jpg)
- Hot Standby Router Protocol or standard alternative VRRP Virtual Router Redundancy Protocol, which allows multiple routers to share one IP address and MAC address to provide router redundancy. The OpenBSD project has an open source alternative, the Common Address Redundancy Protocol (CARP). On Linux, iptables has a CLUSTERIP target.
- NSAP address, another endpoint addressing scheme.
- Sleep Proxy Service, which may 'take over' another device's MAC address during certain periods
References
- IEEE Std 802-2001. The Institute of Electrical and Electronics Engineers, Inc. (IEEE). 2002-02-07. p. 19. 'The universal administration of LAN MAC addresses began with the Xerox Corporation administering Block Identifiers (Block IDs) for Ethernet addresses.'
- 'Guidelines for use of the 24-bit Organizationally Unique Identifiers (OUI)'. IEEE-SA.
- 'Standard Group MAC Addresses: A Tutorial Guide'. IEEE-SA.
- 'Guidelines for Fibre Channel Use of the Organizationally Unique Identifier (OUI)'. IEEE-SA.
- 'Network Interface Controller'. Wikipedia.
- 'Guidelines for 64-bit Global Identifier (EUI-64)'. IEEE-SA.
- RFC 5342'IANA Considerations and IETF Protocol Usage for IEEE 802 Parameters'. IETF. September 2008.
- IEEE-RA. 'What is an Individual Address Block?'.
External links
- Wireshark's OUI Lookup Tool and MAC address list