MAC Address

A MAC (Media Access Control) address is a unique hardware identifier assigned to network interfaces for communication on the physical layer of a network. It is a 48-bit number (usually represented as six groups of two hexadecimal digits) that identifies a device at the data link layer (Layer 2) of the OSI model.

Unlike IP addresses, which are logical and can change, MAC addresses are typically burned into the device’s network interface card (NIC) by the manufacturer and remain constant throughout the device’s lifetime. They are essential for local network communication, enabling devices on the same network segment to deliver frames accurately.

The MAC address concept originated with the development of Ethernet in the 1970s at Xerox PARC. Robert Metcalfe and his team needed a way to uniquely identify stations on a shared medium to avoid collisions.

The 48-bit address space was formalized in the early 1980s as part of the IEEE 802 standards project. Xerox initially administered the address space, assigning the first 24 bits (OUI – Organizationally Unique Identifier) to manufacturers. In 1982, responsibility transferred to the IEEE, which has managed allocations ever since.

The original design provided an enormous address space (2^48 ≈ 281 trillion addresses), intended to last indefinitely. Extensions like EUI-64 (64-bit) emerged in the 1990s for FireWire and later IPv6 stateless autoconfiguration.

MAC addresses operate primarily within local networks, used by switches and bridges to forward Ethernet frames to the correct destination.

When a device sends data:

• The sending device places the destination MAC address in the Ethernet frame header.
• Switches learn MAC addresses by inspecting source addresses in incoming frames and build a MAC address table (CAM table).
• Frames are forwarded only to the port associated with the destination MAC (or flooded if unknown).
• ARP (Address Resolution Protocol) resolves IP addresses to MAC addresses for local delivery.

Ethernet Frame Header (simplified):
+---------------------------------------------------+
| Destination MAC (6 bytes) | Source MAC (6 bytes)  |
| Type/Length (2 bytes)     | Payload ...           |
+---------------------------------------------------+
Example:
Destination: 00:1A:2B:3C:4D:5E
Source:      A0:B1:C2:D3:E4:F5

In wireless networks (Wi-Fi), the same principles apply, with access points managing associations.

• Unicast: First bit 0 – addressed to a single device.
• Multicast: First bit 1 – for group delivery.
• Broadcast: FF:FF:FF:FF:FF:FF – sent to all devices on the segment.

A MAC address consists of 48 bits, expressed as 12 hexadecimal digits typically grouped in pairs and separated by colons (e.g., 00:1A:2B:3C:4D:5E) or hyphens. This representation follows the canonical format defined in IEEE 802 standards, though variations exist in different operating systems and tools.

The address is divided into two main parts: the first 24 bits form the Organizationally Unique Identifier (OUI), assigned by the IEEE to the manufacturer or vendor, while the remaining 24 bits are allocated by the manufacturer to uniquely identify each individual network interface they produce.

The structure carries additional meaning through specific bits in the first octet:

• The least significant bit of the first octet is the Individual/Group (I/G) bit: when set to 0, the address is unicast (intended for a single specific device); when set to 1, it is multicast or broadcast (intended for a group or all devices on the segment).
• The second least significant bit is the Universal/Local (U/L) bit: 0 indicates a universally administered address (UAA) – globally unique and assigned by the manufacturer under IEEE oversight; 1 indicates a locally administered address (LAA), which overrides the burned-in address and is configured locally (often used for virtualization, testing, or privacy).

Universally administered unicast addresses are the most common for end-user devices, with the I/G and U/L bits both set to 0 in the first octet (e.g., even first hexadecimal digit like 00, 04, 08, 0C). Multicast addresses, such as those used for IPv4 multicast mapping (01:00:5E:xx:xx:xx) or protocol functions, have the I/G bit set. The broadcast address (FF:FF:FF:FF:FF:FF) is a special case where all bits are 1, directing the frame to every device on the local network segment.

Locally administered addresses often appear with a first octet ending in 2, 6, A, or E (hex), as these set the U/L bit without conflicting with common multicast ranges. This flexibility allows network administrators or operating systems to temporarily change a device’s visible MAC for specific purposes.

The IEEE Registration Authority manages the public OUI registry. Manufacturers purchase blocks (MA-L, MA-M, MA-S) for assignment to devices.

Tools like IEEE’s public OUI lookup allow identification of vendors from the first three octets (e.g., Apple, Cisco, Intel). For quick vendor lookups, you can use online tools such as MAC Address Lookup.

MAC addresses enable:

• Local network switching and frame delivery
• Device authentication and access control (MAC filtering)
• DHCP reservations (binding IP to MAC)
• Asset tracking and inventory management
• Wake-on-LAN functionality
• Network diagnostics (arp -a, ip neigh)

In everyday troubleshooting, finding the router’s (default gateway) IP address is often the first step – tools like Router IP Finder can help locate it quickly.

They are fundamental to Ethernet, Wi-Fi, Bluetooth, and many other Layer 2 technologies.

MAC addresses can be spoofed easily (changed in software), reducing reliability for security. Privacy concerns arose with devices broadcasting fixed MACs, enabling tracking.

The 48-bit space, while vast, faces pressure from IoT proliferation. Randomized MACs (introduced in modern OSes) mitigate tracking but complicate network management.

Modern devices increasingly use MAC randomization for Wi-Fi connections (iOS, iPadOS, Android, Windows) to enhance privacy, changing addresses per network or periodically.

In IPv6, EUI-64 derives interface identifiers from MAC addresses (though privacy extensions prefer random IDs). Virtualization and containerization often generate virtual MACs.

With Wi-Fi 6/7 and 5G, MAC-layer enhancements improve efficiency, while network segmentation and zero-trust models reduce reliance on MAC-based controls.

The MAC address remains a foundational element of networked communication, providing unique hardware identification at the data link layer since the early days of Ethernet. Its simple yet effective design has enabled reliable local delivery for decades. While privacy randomization and security concerns introduce new complexities, the MAC address continues to underpin everything from home Wi-Fi to enterprise networks and emerging IoT ecosystems.

• IEEE 802 Standards
• Ethernet - Wikipedia
• IEEE Public OUI Registry
• RFC 7042 – IPv6 EUI-64

Information compiled from IEEE standards documents, networking textbooks, vendor documentation, Wikipedia, and industry resources up to 2026.

• MAC Address on Wikipedia
• IEEE OUI Public Listing
• IEEE Registration Authority Search
• MAC Addresses in Wireshark