What is a MAC Address ?
A MAC address (Media Access Control address) is a unique identifier assigned to the network interface controller (NIC) of a device. It operates at the Data Link Layer (Layer 2) of the OSI model and is essential for communication within local networks, such as Ethernet or Wi-Fi. Unlike IP addresses, which can change depending on the network, a MAC address is typically fixed and hardware-specific.
The MAC address serves as a permanent, physical identifier for devices on a network. Its main functions include:
- Device identification on Layer 2 networks
- Local traffic routing (e.g., from a switch to a device)
- ARP resolution in IP networking
- Frame delivery in Ethernet and 802.11 networks
When data is sent over a LAN, it is encapsulated in Ethernet frames that include both source and destination MAC addresses. Switches and access points use this information to forward the frame to the correct recipient.
MAC addresses are burned into the NIC firmware during manufacturing, known as the burned-in address (BIA). However, most modern operating systems allow MAC address spoofing, which enables temporary reassignment of a MAC address by software for privacy or network configuration purposes.
Use cases for spoofing:
- Privacy in public networks
- Device impersonation during testing
- Bypassing MAC filtering
MAC Address Format
A MAC address is 48 bits (6 bytes) in length and is usually displayed in one of the following formats:
00:1A:2B:3C:4D:5E(colon-separated)00-1A-2B-3C-4D-5E(hyphen-separated)001A.2B3C.4D5E(dot-separated, Cisco format)
Structure:
- First 24 bits (first 3 bytes): OUI (Organizationally Unique Identifier), assigned by IEEE to the manufacturer
- Last 24 bits: Unique device-specific identifier assigned by the vendor
Example:
F0:9F:C2:3D:4E:01F0:9F:C2– Vendor OUI (e.g., Cisco Systems)3D:4E:01– Device-specific identifier
Types of MAC Addresses
A. Unicast
- A standard MAC address used for a single device.
- Delivered to one specific recipient on the LAN.
B. Multicast
- Special range used to send frames to a group of devices.
- Used in streaming, IPTV, and multicast applications.
C. Broadcast
- Address:
FF:FF:FF:FF:FF:FF - Sent to all devices on the local network segment.
MAC Address vs IP Address
| Feature | MAC Address | IP Address |
|---|---|---|
| Layer | Data Link (Layer 2) | Network (Layer 3) |
| Scope | Local network (LAN) | Global or local (WAN/LAN) |
| Assigning Authority | Manufacturer (OUI) | DHCP server or manual |
| Format | Hexadecimal, 48-bit | IPv4 (32-bit) or IPv6 (128-bit) |
| Changeable? | Rarely (can be spoofed) | Often (dynamic or static) |
Role in ARP and Local Communication
When a host needs to send data to another host in the same subnet, it uses the Address Resolution Protocol (ARP) to map the destination IP to a MAC address.
Process:
- Host A wants to communicate with IP
192.168.1.5. - Sends ARP Request: “Who has 192.168.1.5?”
- Host B replies with its MAC address.
- Host A stores this in the ARP cache and sends Ethernet frames directly to Host B’s MAC.
This mechanism is critical for LAN-based communication using IP over Ethernet.
MAC Filtering and Network Control
Many routers and switches support MAC address filtering, which allows or blocks devices based on their MAC address. This is commonly used in:
- Home routers for parental control or device restrictions
- Enterprise WLAN access control lists
- Network access security policies
However, MAC filtering is not a strong security measure, as MAC addresses can be easily spoofed.
MAC Address in Wireless Networks
In Wi-Fi networks, the MAC address is used not only for addressing but also for authentication and tracking. Public hotspots, enterprise WLANs, and mobile devices often use MAC addresses for:
- Client tracking and analytics
- Session management
- Access control (e.g., RADIUS-based MAC auth)
To counter tracking, modern operating systems (e.g., iOS, Android, Windows) implement MAC address randomization when probing for Wi-Fi networks.