The MAC field is similar to the checksum fields used in other PDUs. However, where checksum are used for error detection (corruption during transport), MAC is used as a security layer which check if the message has been altered/tempered with during transit.
The way it works can be summarized in three steps:
- Sender create a digest 1 of the data payload
- Sender encrypt the data payload using the symmetric key, encapsulate it and pass the result to the Transport Layer
- Receiver decrypt the data payload using the symmetric key and create a digest of the payload using the same algorithm and hash value that the sender. If the two digests match, the integrity of the message is confirmed
A digest is basically a small amount of data derived from the actual