What is a MAC Address?
A MAC Address (Media Access Control address) is a unique 48-bit hardware identifier permanently assigned to network interface controllers (NICs), used for addressing devices at the data link layer (Layer 2) of the OSI network model.
MAC Address Structure
MAC Address Format: XX:XX:XX:YY:YY:YY
00:1A:2B:3C:4D:5E
├─────┤├─────┤
OUI NIC
│ │
│ └── Network Interface Controller (device unique)
│
└── Organizationally Unique Identifier (manufacturer)
Formats:
- Colon notation: 00:1A:2B:3C:4D:5E
- Hyphen notation: 00-1A-2B-3C-4D-5E
- Cisco notation: 001A.2B3C.4D5E
Address Components
| Component | Bits | Purpose |
|---|---|---|
| OUI (first 24 bits) | 24 | Identifies manufacturer |
| NIC Specific (last 24 bits) | 24 | Device unique identifier |
| I/G bit (bit 0) | 1 | Individual (0) or Group (1) |
| U/L bit (bit 1) | 1 | Universal (0) or Local (1) |
Common OUI Examples
| OUI | Manufacturer |
|---|---|
| 00:00:0C | Cisco |
| 00:50:56 | VMware |
| AC:DE:48 | Apple |
| 3C:5A:B4 | |
| 00:15:5D | Microsoft (Hyper-V) |
| 08:00:27 | Oracle VirtualBox |
MAC vs IP Addresses
| Feature | MAC Address | IP Address |
|---|---|---|
| Layer | Data Link (Layer 2) | Network (Layer 3) |
| Scope | Local network segment | Global (routable) |
| Assignment | Hardware (permanent) | Software (configurable) |
| Format | 48-bit hexadecimal | 32-bit (IPv4) or 128-bit (IPv6) |
| Uniqueness | Globally unique (usually) | Network unique |
Use Cases
- Network troubleshooting: Identify devices on local network
- Access control: MAC filtering on routers/switches
- Device tracking: Network inventory management
- Manufacturer identification: OUI lookup reveals vendor
- Security auditing: Detect rogue devices
Finding MAC Addresses
# Windows
ipconfig /all
getmac
# macOS/Linux
ifconfig
ip link show
# View ARP table (MAC to IP mappings)
arp -a
Security Considerations
| Concern | Description |
|---|---|
| MAC spoofing | Attackers can change their MAC address |
| Tracking risk | MACs can track devices across networks |
| False security | MAC filtering easily bypassed |
| Privacy | Random MACs now used by mobile devices |
Randomized MAC Addresses
Modern devices use random MACs for privacy:
Permanent MAC: AC:DE:48:00:11:22 (real device)
Random MAC: 4E:1B:7C:AB:CD:EF (generated, U/L bit = 1)
Randomization scenarios:
- WiFi probe requests
- Connecting to new networks
- Per-network different MAC
Best Practices
1. Don't rely solely on MAC filtering: Easily bypassed security measure
2. Use OUI lookups for inventory: Identify device manufacturers
3. Monitor for spoofing: Detect duplicate MACs on network
4. Consider privacy implications: Random MACs complicate device tracking
5. Document network devices: Maintain MAC to device mappings
MAC addresses serve as the fundamental hardware identifiers enabling local network communication and device management.