Terms of Use For FixedByVonnie

By proceeding to access fixedByVonnie.com, you expressly acknowledge, and agree to, all of the following:

fixedByVonnie.com is a personal website and blog owned by Security Plus Pro LLC, which is being presented for informational purposes only. The views on this website are solely those of the website owner (and not those of any employer or of any professional associations affiliated with the website owner).  Any views expressed in this website and any information presented on this website, or in any of its blog entries, should not be relied on for any purpose whatsoever other than as the personal opinions of the website owner.  The website owner expressly disclaims any and all liability for any information presented on this site.  The owner of this website and its blog posts shall not be held liable, and shall be held harmless, for any errors or omissions in any information or representations contained in this website, or in any of its blog entries.  The website owner also expressly disclaims any liability for the current or future availability of any such information. The website owner makes no representations as to the accuracy or completeness of any information on this website or which may be found by following any link on this website. The website owner shall not be held liable for any losses, injuries, damages, claims, or causes of action, from the display or use of any information on this website or in any of its blog entries. If you use the information on this website, or on any of its blog entries, you do so solely at your own risk.

Why do we have both MAC addresses and IP addresses? - fixedByVonnie

Why do we have both MAC addresses and IP addresses?

Posted on by vonnie 32 Comments ↓

So here’s a question that really bothered me for the longest time:

Why do computers have both physical, MAC addresses and also IP addresses?  Why does your computer need two addresses to connect to a network?  Isn’t an IP address sufficient? What is a MAC address anyway?

This is going to be fun.  Keep reading for my enlightening explanation.

First let’s talk about MAC addresses because they’re not as famous as their pretentious cousins, IP addresses.

Magical Mac Addresses

Usually, when someone says Mac they think of the titular computer that elicits cupidity in children and mania in men.

Admittedly, the Mac is a thing of beauty but when we hear the term “Mac Addresses” we’re talking about an entirely different beast.

A MAC Address, also known as a Physical Address or Burned-in-Address, is just a device identifier.  It’s a long number, 6 bytes to be exact, usually written in base-16 (Hexadecimal) and represents a unique device address for the purposes of communicating with other devices on a network.

The device can be anything from a PC or a Printer, a TV or a toaster, an X-box or Xerox copier – if it needs to communicate with other devices it most likely has a MAC address.

You can easily view your MAC address in Windows so you should take a look at your own MAc.  The first half of the MAC address identifies the vendor of your network interface and the last half is an arbitrary assignment from that vendor.

So in theory, every MAC address in the world is one of a kind.  It’s kind of like your unique digital fingerprint.

But wait, what about IP addresses?

Initially it might seem that IP addresses and MAC addresses are redundant because both are unique identifiers of networked devices.  These networked devices are known as hosts and need IP addresses so they can communicate with other hosts.

So if IP addresses help hosts communicate with each other… why do we need MAC addresses?

I’ll show you but first I’ve got to explain a little bit about TCP/IP.

A quick TCP/IP primer

TCP/IP is the most prevalent networking protocol stack in existence.

Think of TCP as the stuff computers would talk about if they were at a cocktail party or networking event (pun intended).

Just as humans use different languages to communicate ideas and feelings, so computers have their own way of conveying data.  The “language” is known as a protocol and defines the rules of communication between computers.

Back in the nacient beginnings of the internet it felt like every vendor on earth had their own language for talking with other computers.  In the early 80’s, IBM had its thing, Apple had its thing, Xerox had its thing and it was a mess.

So a bunch of smart people at the Department of Defense and International Organization for Standardization started independently, but concurrently, working on a unified, standard of communication.

Both the OSI model and TCP/IP came out of that era but TCP/IP eventually won the day because OSI standardization moved at a glacial pace.  It took way too long to formalize the OSI model so everyone just went with TCP/IP.

Let’s tango with TCP/IP

TCP/IP is a hierarchical suite of protocols that defines how computers communicate with each other.

It’s hierarchical because each protocol grouping, known as a layer, provides a service to the layer above it.

There are five layers in TCP/IP:

  • Application
  • Transport
  • Internet
  • Data Link
  • Physical

The Data Link layer contains the specifications for Ethernet framing while the Internet Layer defines the IP protocol which is responsible for addressing.

 

By the way, “framing” is just the technical word for when the Data Link layer packages the contents with a Ethernet Header and Trailer.  It’s like a little frame because the padding goes on both sides of the payload.

 

Whenever a host communicates with another host the data moves down the TCP/IP stack and scoops up a new header along the way.

So when you went to fixedbyvonnie.com, your web browser handed off the processing of the URL to the HTTP protocol which lives in the Application layer.

The Application layer slapped on its own header, an HTTP header in this case, that had a bunch of information about the site fixedbyvonnie.com.  If you’re using Chrome, the HTTP header basically says something like this:

Hey! My name is Chrome and I want index.php from fixedbyvonnie.com!

It’s technically called an HTTP GET request and just tells the web server that you want to get a specific file document.

Next, TCP/IP passed the data down to the Transport layer, which is where a bunch of stuff such as UDP and TCP live.  Since we’re dealing with a website in this case, the Transport layer slaps on its TCP header with a bunch of other stuff and passes the segment down to the Internet Layer.

Here in the Internet Layer, the segment gets another header.

It’s all about the headers.

There’s a lot of stuff in the Internet Layer header too but for the purpose of this post I’ll just mention the destination and source IP addresses.  The transport layer segment is known as an Internet packet at the Internet Layer.

 

By the time it gets to the Data Link layer, it’s called a frame and gets cushioned on both ends with Ethernet stuff.  I’m being intentionally vague because if I explain what that “stuff” is it’ll have your head whirling around like the poltergeist.  So for now, I’ll hide the details with the word “stuff”.

 

So what’s in the Ethernet header?  It comprises source and destination MAC addresses and an Ethernet trailer which is just a long number which helps the destination host verify that the frame wasn’t damaged in transit.

I know there are a lot of headers going on but the important thing to notice is that the unit of data that contains your simple HTTP GET request gets heavier and heavier as it moves down the TCP/IP stack.  Each layer adds its own information until it gets to the Physical Layer where it is physically encoded onto copper as electrical voltages or fiber optic media as light pulses.

The reverse happens at the destination.

The raw data signal enters the destination at the Physical Layer and each header is stripped off as it enters the same layer name from the source computer.

Okay I know that sounds confusing.  Think of it like this:

When my server sees your HTTP GET request, it arrives in a long string of ones and zeros.  But because both your computer and my server understand TCP/IP , my server knows how to interpret the boundaries in the binary string and therefore can make sense of the data coming in.

As the data moves up the TCP/IP stack on the server the various headers are dropped until the only thing that remains is the original, unadorned HTTP GET request you sent.

Here’s why MAC addresses matter

After typing and entering fixedbyvonnie.com into the address bar your PC tries to figure out if the computer named fixedbyvonnie.com is located on your local network or somewhere else in the world.

It uses DNS to do that, but without getting too technical, it figures out that fixedbyvonnie.com is not on your local network because the IP address that represents fixedbyvonnie.com has a different grouping than your local IP address.

For example, fixedbyvonnie.com is 198.57.208.223.  The first few dotted numbers, 198.57.208,  tell your computer that it’s in a different network than your PC because the first few dotted numbers of your computer’s IP address is different.

So your HTTP GET makes its journey through the TCP/IP stack. When it gets to the Data Link layer, your computer says something like this:

Alright, so I know fixedbyvonnie.com is in a different network than the source PC but I have no idea how to get there.  Hmm… how can I get this HTTP GET request to fixedbyvonnie.com from this computer?  Ah, wait a second, my little home router knows more than me. I’ll forward this request to my default gateway by sending the frame to the MAC address of the default gateway configured for this computer.

So the frame containing the HTTP GET request gets on a little boat and gets shipped directly to your local router.

The data frame still contains information from all the upper layer protocols.  So the IP Address of the destination computer, 198.57.208.223 is still sitting in the IP header. Along with the IP address of your PC and all that other stuff from the other layers above it.

Here’s the million dollar concept to understand:

The source and destination IP addresses sitting in the IP header never change during the duration of the trip.  In other words, as the data packet traverses the network, both the source and destination IP Addresses are static.  They don’t change.

But the MAC addresses headers are constantly being changed.

Every time the packet is passed from one router to the next, the MAC address header and trailer is stripped from the packet and replaced with a new set.  The new set always contains the source MAC address of the router that just received the packet and the destination MAC is always the MAC of the next hop router.

So do you see what’s going on?

The MAC address just gets the data packet to the next device but the IP address is responsible for getting it to the ultimate destination.

A little analogy might help here

Let’s say there are three routers between your computer and my server.

Let’s name these devices as follows:

  • A is Your computer
  • B is Router 1
  • C is Router 2
  • D is Router 3
  • E is fixedbyvonnie.com

In order to get the data packet from A to B, the Data Link layer of TCP/IP frames the packet with an Ethernet header that has B’s MAC address in the destination field and A’s MAC address in the source field.

Now think of the layers again:

  • Application
  • Transport
  • Internet
  • Data Link
  • Physical

Remember, on the sending computer, each layer is encapsulated with a header from the layer above it.  So the Internet Layer contains your source IP address and the IP address of fixedbyvonnie.com.

That packet is then encapsulated, basically wrapped, in an Ethernet frame with the MAC address containing your source MAC and the MAC of Router 1 (which is probably your home router).

When Router 1 get’s the frame it examines the destination IP address and compares it to a table of IP address families.

If I could read the routers mind it would think something like this:

Hey, do I know of any IP groups that contains the IP address of fixedbyvonnie.com? Um… nope I’ll ask my neighbor Router 2.

To get the frame to Router 2, Router 1 chucks the Ethernet headers containing the source MAC of your computer and replaces it with its own source MAC address.  At the same time, it strips off the destination MAC which was Router 1 and replaces it with the MAC of Router 2.

The entire time the source IP address and the destination IP address in the packet is untouched.

This process continues until the packet eventually arrives at the destination.  Each network device in the transmission path changes the source and destination MAC to get the packet to the very next device.

The IP address is just there for the big picture but the MAC is how the packet actually gets from one place to the next.  If all you had was an IP address your computer would have no idea what to do with the packet.

This is obviously a simplified explanation of how MAC and IP addresses work but it’s the basics.  If you want to know the details just chime in the comments below!

About

Connect with Vonnie on Twitter

Posted in Hardware, What Is Tagged with: ,
  • Ryantn3000

    Thanks! This is all so complex x_x

  • Pingback: Are you being tracked by your MAC address? - fixedByVonnie()

  • MURUGESAN

    That was a fabulous explanation…

    A single single router may be connected to more than one router at a time… So will it send the data packet to every other router??.. If so, we would be getting multiple packets at the receiver…wont we??

    • anonymous

      Short answer: routers have routing tables (which they update) which keep track of the best router to send the packet to next. You should read into IP Routing if you want to know more.

    • sraban

      We know from previous posts that each computer has both an IP Address and a MAC Address assigned to it.

      But, why is this?

      If every computer in order to communicate with each other needed to
      be physically connected to each other, all networks either would become
      complicated very quickly or they would stay small.

      Imagine if in order to go to google.com you had to have a physical
      wire connecting your computer out to Palo Alto California, just to see
      their website. Now imagine, you also needed a physical wire to Seattle
      to connect to msn.com And now imagine that everyone in the world would
      need a physical wire just to see a website.

      As you can see, it would physically become very complicated very quickly and the internet would have stayed very small.

      To get around this physical limitation, they separated computer
      communication to also contain a logical component, the IP Address.

      What we mean by logical is that IP Addresses are routeable.

      What this really means is that the entire internet can play a large game of 6 degrees of separation.

      Imagine a situation. Computers A, B, C, and Computers 1,2,3.

      Computers A, B, and C know each other.

      And Computers 1,2, and 3 know each other.

      But Computer C, and Computer 3 are special in that they also know each other. You can see in the image below.

      So, if Computer A wants to send a message to Computer 2, how does it
      do this? Computer A will send a message to Computer C and ask it to
      send this message to Computer 2. Because Computer C doesn’t know
      Computer 2 directly, it can ask Computer 3 to send the message to
      Computer 2.

      And through this simple message passing, all of the computers
      A,B,C,1,2, and 3 can talk to each other even though only Computer C and
      Computer 3 know each other.

      Now, not every computer can send to multiple groups of people, but
      the ones that can are known as ROUTERS. They are called this because
      they route messages between different groups of computers.

      The Wireless Router you probably have at home does this job exactly.
      It is usually physically connected to the public internet through your
      cable modem, and then also physically connected to the machines you have
      at home through blue Cat5 cables or wireless communication technology.
      It then allows the machines you have physically connected at home to
      also logically connect to computers on the internet.

      Again, this is simplified, but is easier to understand.

      So again, IP Addresses are logical and routeable addresses. Computer
      A could potentially learn the IP Address of Computer 2. However, MAC
      Addresses are physical and are NOT routeable. So, Computer A could not
      really learn the MAC Address of Computer 2.

      And that’s why computers have both MAC Addresses and IP Addresses.
      MAC Addresses handle the physical connection from computer to computer
      while IP Addresses handle the logical routeable connection from both
      computer to computer AND network to network.

  • Aroma Ramesh

    the requirement of MAC is well explained.
    Just a question, Since MAC is unique for each device, why can we not use MAC for communication. Why is IP address required.

    • freefighter

      Great question. I think the books on TCP/IP that I have read do a terrible job at answering this. I believe it has to do with the fact that MAC addresses have no real organization since computers and network devices move around the world randomly. However, IP addresses are assigned in a more logical manner similar to how there is a logical way that the Post Office assigns zip codes and addresses in the physical world. With an organized, logical hierarchy such as this, it is easier for routers to figure out which direction to send a packet of data. Without the logic behind the IP address system, the routers would have no idea where to even attempt to send the data packet. So now I guess the question flips around becomes, “Why do we need MAC addresses?” Why can’t network devices such as the routers just send the packet to the next router using its IP address?

      • I’m not sure of this, but I’m studying networking just now. From what I’m reading, I reckon it’s that we ultimately need to know what that machine at an IP address IS.

        When we’re building the routing tables and working out where to send things, IP addresses change as people move wireless networks, say. So a new device connects to a router, and the router hands it an IP, like handing a drink to a guest at a party. “Here, have an IP, Ms. …sorry, what did you say your name was again?” it says. The device points to her name badge: A2:6D:97:(etc). “Pleasure to meet you!” says the router.

        The router speaks to his other router friends, once the party’s settled down a bit. “Have you met A2:6D:97(etc) over there? She’s a radical dame!”, the router exclaims. “But if any of your guys want to speak to her…pass it through me, okay?”

        News spreads fast in the router community, and before long everybody knows they’ve hit it off. There are rumours. People say the router and the device have _connected_.

        Later, I have a message to send A2:6D:97(etc); I have a problem, though, in that I don’t know where to find her. So I ask my buddy Router1. Router1 SWEARS he knows a chick who knows the dude she connected with, and hands the message to his friend.

        The two people who are transferring the information have changed; my router, Router1, is speaking to his friend Router2. So the MAC addresses are different; it’s different hardware. But the end recipient, that abstract person the message is still for, is the same.

        The MAC address is necessary so we know who we’re talking to; it means we can identify who and what is at each MAC address.

        So…
        …my confusion is, given than IPs are always changing, how can we be sure that the IP we’re sending to is correct? The MAC stuff makes sense to me, I use the analogy above, but I have trouble with IP.

        • Debdeep Dey

          Really nice analogy. The ip addresses assigned to devices aren’t permanent, as you have rightly pointed out. For every session , a device might be assigned a new IP address(123.456.789.123), but that IP address remains fixed during the entire length of the session. Therefore any request to a server, made by this device (let’s say the client) has the source ip set as (123.456.789.123). The server’s ip also needs to remain constant during the session. If say you disconnect your device in the mean time, and then reconnect it to the network, and if your IP changes, then you wont receive the response from the server for the request made earlier.

    • Rohan Puthran

      The only reason I can think of is that,
      A group of systems on a network will have one network address (part of IP address), so it is easy to identify in which network the system you want to access is present. If we only use MAC address then, the MAC addresses of 2 systems on a network do not have anything in common (like a network prefix/address) => narrowing down on a single system becomes difficult.

      Eg: Let there be 3 networks with 20 hosts each, to access a host on network 3,
      – in case of IP address i need to compare my address with the 3 network address and then send a broadcast message with the MAC address of the host,whichever host it belongs to will reply back(acknowledge)
      – if we use only MAC address, i need to compare my address withe 60 host MAC addresses to find the host (Now apply the scenario to billions of systems out there, and do not even think about broadcasting to those billion system with the MAC address 😛 )

      • marilynK

        Your right Rohan, if we just used Mac addresses, every Router out in the world would have to have a table mapping to every single device in the world. these mapping table would be so big all routers would be so busy looking up mac address and deciding which interface to send it out to the next hop. Then the next hop would have to do the same- look through the billions of mac addresses it has for every single device (computers,phones, printers,tablest etc) in the world and forward it out the right interface. It would take a year to get the packets where they need to go. the routers would be so busy. Ip allows the routers to use groupings of networks instead of individual devices. So we cut back on the info the router needs- a router only needs to know what networks are directly connected to forward packets because we can set up a default gateway which simply tells the router hey if you don’t know where this network is send it to your neighbor he will know what to do with it. There is more involved in routing than this of course but this is the simplest way to explain why we can’t use Mac addresses alone.

  • Pingback: WireShark 101 - fixedByVonnie()

  • Pingback: Installing GNS3 in Mac OS X Yosemite - fixedByVonnie()

  • Pingback: Welcome to Kali Linux (Part 1 of 3) - fixedByVonnie()

  • ASB

    Explained very well… 🙂

  • Pingback: Networking 101: The lowdown on how Networks really work (Part 1 of 2) - fixedByVonnie()

  • rishabh

    but it does not explain why having any one of it solves the problem……I mean just have IP addresses for routers also ? ……

  • Ben Oost

    That explains so much! This bugged me too.

  • “the big picture but the MAC is how the packet actually gets from one place to the next”.
    Why only MAC is used to transfer the packet to a device ? MAC address is only obtained by ARP for a specific IP address. So, why not just let the routers maintain IP addresses of the neighbouring routers and route packets using IP addresses of routers instead of MAC addresses ? Your article doesn’t not explain this – “Why not redesign the architecture, to only use IP address for routing as well as moving the packet in the data link layer too ?”

    • Kti

      thats my question too…

    • MtnDew

      same question here

    • Yaman Singla

      Um.. The whole concept of networking lies in layering and data abstraction. The upper layer does not know of how the lower layer works, it just knows how to give it to it so that its work is done. Similarly the lower layer is not concerned what the upper layers are sending, they just know how to do their work or get it done using the lower layers.

      The link layer has Ethernet and MAC addresses to do the task what IP addresses do in the upper layer.

      • Yaman Singla

        Think of it as we have to change some window in our house, do we need to rebuild the complete house for that?

        The window here is our movement from IPv4 to IPv6 and house is the complete internet. Today we are moving from IPv4 to IPv6 without even touching link layer!

      • Sai Surya

        I understood what you have said. But why can’t Link Layer deal with IP Address? Isn’t it capable to do so?
        As the Link Layer can manage with MAC Address, it should also manage with IP Address..but as for your explanation, it doesn’t need to be meddled with Internet Layer for IP Address right?….Why can’t it meddle with Internet Layer for that?

  • guru prakash

    why to use mac address to send to next hop router? why cant we use the router’s IP there?

  • Tim

    My computer forword the request to gateway.

    I only set my IP, gateway’s IP, and mask. I don’t know the gateway’s MAC address. What should I fill in?

    Router 1 and router 2 may be in different network. MAC address is not enough, as you mention, to forward the request, but in the story, we only change the MAC of sender and receiver. How to forward?

    • Debdeep Dey

      1) The receiver’s MAC address needs to be included in the ARP query because the Router also maintains an ARP cache ( a table that maps the IP addresses of all the other hosts in the network to their respective MAC addresses).

      2) If the routers are in different networks, then the internet layer will realise that and accordingly route the packets to the nearest router using routing tables. In this case, he has assumed that the shortest path from source to destination is through the routers 1,2,3. Irrespective of whether they are on differrent networks, each router can send an ARP query to the subsequent router.

  • Abhisek Mukherjee

    I’m reading Data Comm and Networking by Forouzan ( Ed 5) and it says that even routers have an IP address. So why use the mac address at all. The router can store the IP address of the source and route it to the next router . This can continue till the destination network is reached. On the way back , since the previous IP is stored by each router, the packets can obviously trace back the path.

  • chanthujan

    One the fabulous explanation I have ever seen thank u so much

  • MtnDew

    I think the reason why we can’t use ip to replace mac address is mac address is an identifier which can be used in places other than network! Say if my nic broken, it needs to be repaired, i will provide the mac address of this nic to the manufacturer for repair so they can keep track of it. Actually if we are only talking about internet/networking, i don’t see a reason why we can’t use ip in place of mac address (although we may have to turn the world around to make this happen). I read from another post and that poster compares ip/mac model to student id/name model in human world, saying i might be no.10 in middle school and no.20 in college, we need a unique name to identify myself. But i don’t think that model makes sense because i can’t appear in middle school and college at the same time! When people want to find me, they can go to my school first and my school will take care of the rest using my number (similar to internet/LAN). So mac address is like our name, which can be used in many places like hospital, shopping mall, cinema, etc., these places won’t give me a temp id (ip address) because i don’t need or i rarely need to have contact with other hospitals, malls or cinemas. Just throwing ideas…Correct me if i’m wrong.

  • Arsalan Wahid Asghar

    Great explanation thank you

  • Richiy

    Wait so with every hop, are all layers stripped??

    • Debdeep Dey

      Not all of them. Interediate hops only have the internet , data link and the physical layers. So yeah, at every node, the physical and the data link layers are stripped off for routing purposes.

  • Lobsang

    just wish to ask you guys ..if i got the concept correctly . Internet is interconnected through Routers. And every Router that is connected to ISP should have a PUBLIC IP ADDRESS. And routing table decide the shortest way to reach a destination Public IP address. First Source Router is connected to the next Router using Routing table through next routers MAC address ( provided that two router are in same network). Now on reaching a destination public ip address ed Router . Routing table will convert that public ip address to private ip address. And it will be directed to nearest Switch using MAC Address. And that switch will once again reach the source computer in the private network using ARP message to all computer connected to that Switch. And only requested private ip address replied with its mac address and they share date.

  • Piyush Agarwal

    Awesome explanation! This has been written so well. After going through so many web pages regarding this question, I finally got the answer. Thanks a lot!

  • Belli Bear

    A really good explanation.

  • Emila

    Nice Explanation Indeed! So from what I have learned from this.. you need MAC address to get the data packet from one place to the next and it’s header is replaced at very next device(node). We need IP address to get the data to ultimate destination. The routers in between source and destination devices examines the IP address of destination and compares it to the table of IP addresses and see if it matches, if not it would send it to next hop router and it would know where to go from the MAC address of next hop router or possibly destination router. Both MAC address and IP addresses are needed. We need MAC address to get the data packet to the next router and IP address to get it to its intended destination.