What Is a MAC Address?
A Media Access Control (MAC) address is a unique hardware identifier assigned to every network interface card (NIC). It operates at Layer 2 (Data Link Layer) of the OSI model and is used for local network communication. While IP addresses identify devices logically and can change, MAC addresses are typically burned into hardware by the manufacturer.
MAC Address Structure
A MAC address is 48 bits (6 bytes) long, displayed in hexadecimal:
- Colon-separated:
AA:BB:CC:DD:EE:FF - Dash-separated (Windows):
AA-BB-CC-DD-EE-FF - Cisco format:
AABB.CCDD.EEFF
OUI (Organizationally Unique Identifier)
The first 3 bytes (24 bits) are the OUI — assigned by IEEE to each manufacturer. By looking up the OUI, you can identify who made the network hardware:
- Apple, Inc.
- VMware (indicating virtualized hardware)
- Raspberry Pi Foundation
- Intel Corporate
- Cisco Systems
Device Identifier
The last 3 bytes are assigned by the manufacturer to uniquely identify each device. Together, the full 48-bit address creates a globally unique identifier for the network interface.
MAC Address Types
Unicast vs. Multicast
- Unicast (LSB of first byte = 0): Identifies a single network interface
- Multicast (LSB of first byte = 1): Targets a group of devices
- Broadcast (FF:FF:FF:FF:FF:FF): Reaches all devices on the segment
Common multicast addresses include IPv4 and IPv6 multicast ranges.
Universally Administered (UAA) vs. Locally Administered (LAA)
- UAA (second bit of first byte = 0): Manufacturer-assigned, globally unique
- LAA (second bit of first byte = 1): Locally assigned, may not be globally unique
Random/Spoofed MAC Addresses
Modern devices randomize MAC addresses for privacy (iOS 14+, Android 10+, Windows 10+). These locally administered addresses prevent tracking across different networks and locations.
Finding MAC Addresses
On different platforms:
- Windows:
ipconfig /allorgetmac /v - macOS/Linux:
ifconfigorip link show - Network scan:
arp -ashows the ARP cache, mapping IPs to MACs on your local network
MAC Address Security Considerations
ARP Spoofing
Attackers can send fake ARP responses to associate their MAC address with another device's IP. This enables man-in-the-middle attacks and traffic interception. Defense: Dynamic ARP Inspection (DAI) on managed switches.
MAC Flooding
Flooding a switch's MAC address table with fake addresses, causing it to behave like a hub and broadcast all traffic. Defense: port security limiting MAC addresses per port.
MAC Filtering
Using MAC addresses as an access control mechanism has significant weaknesses — MAC addresses can be trivially spoofed, making MAC filtering an unreliable security measure on its own.
Using the MAC Address Lookup Tool
Our MAC address lookup tool provides:
- OUI Identification — Enter any MAC address to identify the manufacturer
- Bulk Lookup — Process multiple MAC addresses at once
- Format Detection — Accepts colons, dashes, dots, or no separators
- Company Details — Full registered company name
- Device Classification — Identify virtual adapters, IoT devices, phones, and PCs
Useful for network administrators investigating unknown devices on their network, security audits to identify unauthorized hardware, and network inventory documentation.
MAC vs. IP Address Summary
| Feature | MAC Address | IP Address |
|---|---|---|
| Layer | Layer 2 (Data Link) | Layer 3 (Network) |
| Length | 48 bits | 32 bits (IPv4) / 128 bits (IPv6) |
| Assignment | Hardware (manufacturer) | Logical (manual or DHCP) |
| Scope | Local network segment | Global (internet) |
| Changes | Usually permanent (but can be spoofed) | Dynamic (DHCP) or static |
| Used for | Local frame delivery | Packet routing |
Understanding the relationship between MAC and IP addresses is fundamental to network troubleshooting and security analysis.