The computer first sends data to the network’s router, using its local network IP address and MAC address. Each packet contains the computer’s MAC address. Once the data leaves the network, it drops the MAC address and sends the data through the IP address assigned by the ISP.
A MAC (Machine Access Control) address is a unique number assigned to a network adapter. My laptop, for example, has two network adapters – one for a wired, ethernet connection and another for wireless. Thus, my laptop has two MAC addresses that are tied directly to the hardware. Reformatting my hard drive or changing how I connect to the Internet will not change the numbers. Further, no other adapter is supposed to have the same number.
Data is sent across networks and the Internet in packets. These packets contain directing information to help get them to the right place. Once inside of your local network, that will include your MAC address. If you are sending a file, the packets will contain your MAC address only until it gets to your router. Thus, suppose a national database of MAC addresses existed to tie addresses to purchasers, it would do no good as that information would not be a part of the packet.
MAC addresses are generally considered permanent, but it is possible to change, spoof, or mask them.
An IP (Internet Protocol) address is a number assigned to each device on a network. Each computer, printer, cell phone, or other networkable device has one. But one thing is important here – the IP address your computer uses on your network is not one that can be determined outside of your network. That’s because there are two addresses in play – one is your IP address for your specific device and the other is the IP address assigned to your network by your ISP (Internet Service Provider). The IP address from the ISP will change often (called a dynamic IP), though the ISP usually keeps records of the assignments. Sometimes, an ISP assigns a static IP to a customer that does not change.
The computer’s IP address helps it to communicate with the router and other computers on the network. It’s usually a generic address like 172.16.1.40. Separately, the IP address assigned to the router is the one that can be observed outside of the home network. Thus, it doesn’t matter if it’s my computer or my roomate’s computer that is accessing a certain website. To the outside server, it looks the same.
There are many ways to attempt to hide one’s IP address. Anonymizers like the Onion Router, Proxy Servers, and VPNs are examples of such methods.
For investigative purposes, the only bit of information that is generally useful is the IP address assigned by the ISP. That is what you can use to track a person’s Internet activity remotely. Few home routers even have the capability of storing logs of activity for specific users within a network.
In some instances, a device on the network may be able to store the MAC addressing information. This is particularly the case with large networks. For example, many universities provide wireless access by having users register their MAC address. The school can then match the IP address of certain illegal activity to the MAC address and then find the student who registered it. That process isn’t quite so easy, as Tufts University outlined here after a request for students who downloaded music illegally.
How are MAC Addresses Determined?
Vendors are given a range of MAC Addresses that can be assigned to their products by the IEEE (Institute of Electrical and Electronics Engineers). MAC Address are assigned to Vendors in various sized blocks as appropriate.
The IEEE offers Registration Authority programs or registries which maintain lists of unique identifiers under standards and issue unique identifiers to those wishing to register them. The IEEE Registration Authority assigns unambiguous names to objects in a way which makes the assignment available to interested parties.
You can go to Vendor/Ethernet/Bluetooth MAC Address Lookup and Search to find the vendor given a particular MAC Address or find a MAC Address Range given to a vendor.
Devices are Uniquely Identified by Their MAC Addresses?
This is incorrect. Devices are not uniquely identified by their MAC addresses.In the past vendors have intentionally or by mistake assigned the same MAC Address to multiple devices.
It is possible to change the MAC Address presented by most hardware to the OS, an action often referred to as MAC spoofing:
MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) Address of a network interface on a networked device. The MAC Address is hard-coded on a network interface controller (NIC) and cannot be changed. However, there are tools which can make an operating system believe that the NIC has the MAC Address of a user’s choosing.
See Also: Are MAC Addresses Unique When Coming Out of the Factory? and MAC Address Recycling?
Duplicate MAC Addresses
Manufacturers re-use MAC Addresses and they ship cards with duplicate addresses to different parts of the United States or the world so that there is only a very small chance two computers with network cards with the same MAC Address will end up on the same network.
MAC Addresses are ‘burned’ into the Network Interface Card (NIC) and cannot be changed. See ARP and RARP on how IP addresses are translated into MAC Addresses and vice versa.
In order for a network device to be able to communicate, the MAC Address it is using must be unique. No other device on that local network subnet can use that MAC Address. If two devices have the same MAC Address (which occurs more often than network administrators would like), neither computer can communicate properly. On an Ethernet LAN, this will cause a high number of collisions. Duplicate MAC Addresses on the same LAN are a problem.
Duplicate MAC Addresses separated by one or more routers is not a problem since the two devices won’t see each other and will use the router to communicate.