networking addressing

MAC Address (MAC)

mac-address layer-2 ethernet networking-fundamentals
Plain English

A MAC address is a permanent name tag burned into every network device at the factory. While IP addresses can change (they are assigned by DHCP), a MAC address stays the same for the life of the hardware. It is how devices on the same local network identify each other at the physical level. Your laptop’s Wi-Fi card, your phone’s Ethernet adapter, and your router’s ports each have their own unique MAC address.

Technical Definition

A Media Access Control (MAC) address is a 48-bit (6-byte) identifier assigned to a network interface controller (NIC) for communication at the Data Link layer (Layer 2). Written as six pairs of hexadecimal digits separated by colons or hyphens: aa:bb:cc:dd:ee:ff.

Structure:

  • First 3 bytes (OUI): Organizationally Unique Identifier, assigned by IEEE to the manufacturer (e.g., 00:1A:2B = Cisco)
  • Last 3 bytes (NIC-specific): assigned by the manufacturer, unique per device

Key properties:

  • Intended to be globally unique (though duplicates exist due to manufacturing errors and spoofing)
  • Used by switches to build MAC address tables for frame forwarding
  • ARP maps IP addresses to MAC addresses for local delivery
  • Broadcast MAC: ff:ff:ff:ff:ff:ff (all devices on the segment)

MAC address types:

  • Unicast: identifies a single NIC (bit 0 of first byte = 0)
  • Multicast: identifies a group (bit 0 of first byte = 1)
  • Broadcast: ff:ff:ff:ff:ff:ff, reaches all devices on the segment

Security relevance:

  • MAC filtering: access control based on hardware address (weak; easily spoofed)
  • MAC spoofing: changing the MAC address in software to bypass filters or impersonate devices
  • 802.1X (Port-based NAC): proper network access control using authentication, not MAC addresses
  • Randomized MACs: modern phones and laptops randomize MAC addresses on Wi-Fi to prevent tracking

Working with MAC addresses 

# View MAC addresses (Linux)
$ ip link show
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff

# View MAC address (macOS)
$ ifconfig en0 | grep ether
	ether aa:bb:cc:dd:ee:ff

# Look up manufacturer from OUI
$ curl -s "https://api.macvendors.com/aa:bb:cc"
Intel Corporate

# View switch MAC address table (Cisco)
Switch# show mac address-table
Vlan  Mac Address       Type    Ports
----  ----------------  ------  -----
10    aa:bb:cc:dd:ee:ff DYNAMIC Gi0/1
20    11:22:33:44:55:66 DYNAMIC Gi0/5

# Temporarily change MAC address (Linux)
$ sudo ip link set dev eth0 down
$ sudo ip link set dev eth0 address 00:11:22:33:44:55
$ sudo ip link set dev eth0 up
In the Wild

MAC addresses are foundational to Ethernet networking. Switches use MAC address tables to forward frames only to the correct port instead of flooding every port. DHCP servers can reserve IP addresses by MAC address, ensuring a specific device always gets the same IP. In security, MAC filtering is often the first (and weakest) access control people implement on Wi-Fi networks; it is trivially bypassed by spoofing. Modern privacy features (iOS, Android, Windows 11) randomize MAC addresses per network to prevent retailers and advertisers from tracking devices across locations. When troubleshooting “duplicate IP” warnings, the MAC addresses in ARP output identify which physical devices are conflicting.

← Back to Dictionary