Theory regarding MAC and IP address in network packet and frame content?
A mac address is only relevant to the local broadcast domain (vlan, subnet). The source MAC address on each packet is the MAC address of the device that emitted the packet onto the local network.
It is a layer 2 address. So it isn't so much the router "substitutes" its own MAC address, the only possible (for the sake of this discussion) mac address that can be on a packet emitted from the router is the mac address of the interface on the router that the packet originated when put out onto the internet.
Note that the router mac address is only present in the packet until it reaches the next hop - the next router. At that point the packet is routed, exits the ISP router, and has the MAC address of the ISP router interface.
None of this is about security or privacy, it is the difference between how layer 2 and layer 3 networking works.
Related videos on Youtube
14 : 39
29 : 36
03 : 19
05 : 11
01 : 39
zentechinc
Updated on September 18, 2022Comments
-
zentechinc over 1 year
Okay, network theory and protocol questions for you guys:
Assuming a router is using NAT, is a device's MAC address every actually exposed to the Internet? Or, does the router transmogrify (wow, spell-check didn't have a problem with that word, I always thought it was just a Calvin and Hobbes term) the MAC like it does with the source device's IP address?
I seem to remember from classes that once the packet hits the network router the router substitutes its IP and MAC info in there, slaps a frame on it and then kicks it out onto the web in the general direction of the closest IP match. However, a thread that I read on another site indicated that the MAC address changed with every hop!
While that may be nice for privacy issues (no real way to tell what the original device/routers MAC was from an arbitrary point along the hops), it doesn't really seem to make sense that both the IP and MAC would need to be stripped each time.
-
MaQleod over 12 yearsa MAC address of a device is only seen by the device at the next hop.
-
zentechinc over 12 yearsI should have provided the stimulus for the question: If a MAC persisted from a source device across the network router onto the Internet, and given a theoretical all seeing eye across the networks would it be possible to trace the PHYSICAL movements of a device (and thus user) across networks due to a MAC address's relative permanence. MACs are assigned arbitrarily (by the manufacturer) and thus it is possible to have duplicate MAC collisions, but such instances would be quite rare, thus the likely hood of a positive correlation between physical movements and MAC address significant.
-
zentechinc over 12 yearsAnyway, from Pauls answer, it seems that the answer is simply: NO, a MAC address cannot be used to identify/profile/trend a user from a foreign network. I had thought the packet frame simply introduced routing information for the packet across the networks and left the majority of the packet (including the original MAC) intact.
-
-
ott-- over 12 yearsIt's also possible that other protocols than ethernet may be used between 2 hops, depending on the media.
-
Paul over 12 yearsThis is incorrect, NAT has nothing to do with MAC addresses.
-
Paul over 12 yearsThere will always be a layer 2 address, MAC stands for Media Access Control and is a sub-layer in OSI. It is not specific to ethernet, however it does originate there.
-
nlucas over 12 yearsCare to elaborate why you think the question was about only NAT? Of course NAT has nothing to do with MAC addresses, but why you think my answer is wrong based on that?
-
Paul over 12 yearsYou are welcome to rephrase, and I'll reword my reply. It reads like "MAC and IP Addresses are replaced if using NAT". You probably meant: "MAC addresses, and IP addresses if using NAT, are replaced by a router".
