Is your MAC address revealed when you hit up a website?

When you hit up a site, such as cnn.com, does the TCP/IP packet contain the MAC address of your network card?

Could cnn.com theoretically record my MAC address?


Solution 1:

In IPv4: Nope. They will see the MAC of the device which forwarded the packet to the server, likely their border router.

In IPv6, the 64 bit "host" part of the full 128 bit address is often automatically generated from the MAC address, and hence might be visible to the server one connects to. See also How to avoid exposing my MAC address when using IPv6?

Solution 2:

Actually, the MAC address of the sender node is not part of the IP protocol packets, the IP address is. When an IP packet reaches the last 'hop', the concerned router sends an ARP request to all nodes asking for the MAC address corresponding to the recipient IP address in the headers of the packet. However, if the recipient IP address is found in the ARP cache, this step is omitted. Thus, only the recipient MAC address (unless spoofed), is part of the process, not the sender's.