Understanding MAC Addresses
A MAC (Media Access Control) address is a unique hardware identifier assigned to every network interface, enabling devices to communicate at the data link layer. Unlike IP addresses, which are logical and can change, MAC addresses are physically embedded in network hardware (Ethernet, Wi-Fi, Bluetooth) and serve as permanent identifiers—though they can be temporarily modified for privacy or security reasons.
Key Points
- Purpose: Uniquely identifies network interfaces for local communication.
- Format: 48-bit hexadecimal (e.g.,
AA:BB:CC:DD:EE:FF), split into manufacturer (OUI) and device-specific parts. - Physical vs. Logical: Hardcoded in hardware but can be spoofed in software.
- Layers: Operates at the data link layer (Layer 2), distinct from IP addresses (Layer 3).
- Collisions: Rare but possible due to errors or intentional spoofing.
What Is a MAC Address?
A MAC address is a burned-in address (BIA) assigned by manufacturers to network interfaces (e.g., Wi-Fi cards, Ethernet adapters). It acts like a postal address for hardware, ensuring data packets reach the correct device on a local network.
Key Difference: A single computer can have multiple MAC addresses (one per interface), but each MAC address corresponds to only one interface.
Structure and Format
Hexadecimal Representation
MAC addresses use base-16 (hexadecimal) notation, combining digits 0–9 and letters A–F. Common formats:
AA:BB:CC:DD:EE:FF(colon-separated)AA-BB-CC-DD-EE-FF(hyphen-separated)AABB.CCDD.EEFF(Cisco-style)
Internal Breakdown
| Part | Size | Description | Example (AA:BB:CC:DD:EE:FF) |
|---|---|---|---|
| OUI | 24 bits | Manufacturer identifier (IEEE-assigned) | AA:BB:CC |
| Device ID | 24 bits | Unique per device (manufacturer-assigned) | DD:EE:FF |
Note: The OUI can reveal the manufacturer (e.g.,
00:1A:2B= Cisco).
MAC Address vs. IP Address
| Feature | MAC Address | IP Address |
|---|---|---|
| Layer | Data Link (Layer 2) | Network (Layer 3) |
| Scope | Local network only | Local or global (Internet) |
| Persistence | Hardcoded (but spoofable) | Dynamic (DHCP) or static |
| Example | 00:1A:2B:3C:4D:5E | 192.168.1.1 |
MAC Spoofing: Why and How
Reasons for Spoofing
- Privacy: Hide your device’s identity on public networks.
- Security: Bypass MAC-based access controls (e.g., Wi-Fi filters).
- Testing: Simulate multiple devices in network diagnostics.
How It Works
- The OS reads the hardware MAC address at startup and stores it in RAM.
- Software tools (e.g.,
ifconfigon Linux,macchanger) can override the RAM value. - Limitation: Changes revert after a reboot.
Warning: Spoofing may violate network policies or laws in some jurisdictions.
Common Misconceptions
- ❌ "A MAC address identifies a computer." → It identifies a network interface (e.g., one MAC for Wi-Fi, another for Ethernet).
- ❌ "MAC addresses are always unique." → Collisions are rare but possible (e.g., manufacturing errors, spoofing).
- ❌ "MAC addresses are the same as IP addresses." → They operate at different network layers and serve distinct purposes.
Practical Example: Home Network
- Your laptop connects to a router via Wi-Fi.
- The router logs:
- IP address (
192.168.1.100) for routing traffic. - MAC address (
AA:BB:CC:DD:EE:FF) to identify the device locally.
- IP address (
- If you replace the Wi-Fi card, the MAC address changes.
- If you spoof the MAC address, the router sees the temporary value until reboot.
Learn More
IEEE Standards
- IEEE 802: Defines MAC addressing for Ethernet/Wi-Fi.
- OUI Database: Look up manufacturers by OUI here.
Tools for MAC Management
- Linux:
ip link show,macchanger - Windows:
getmac,Device Manager - macOS:
ifconfig,networksetup
Summary
- MAC addresses are 48-bit hexadecimal identifiers for network interfaces.
- Split into OUI (manufacturer) and device ID parts.
- Hardware-bound but can be temporarily spoofed in software.
- Critical for local network communication (Layer 2).
- Not to be confused with IP addresses (Layer 3).