What Is a MAC Address?

Thomas Gilham
Sometimes written as a “Mac” address, a MAC address (pronounced “mack”) is a unique address assigned to every hardware device that connects to a network. In most cases, the MAC address is built-in to the device (sometimes called a “burned-in address” or BIA), but in some cases, the MAC address may be assigned.

In short, every hardware device that can connect to a network of any kind, including internal devices, has a unique identifier that is the MAC address. You can think of it as a “license plate” for a computer or other network-connected device. The MAC address is used by the network interface controller (NIC) in order to identify and track data going to or from the device.

For most people, the issue of a MAC address concerns commercial devices like desktop computers, laptop computers, tablets, and smartphones. The MAC address functions as something like a serial number in that no two devices should ever have the same MAC address. Network interface controllers (such as a home router) will ask every device its MAC address before allowing them to connect to the network.

Somewhat confusingly, MAC stands for media access control, but there’s really no relevance to whether the network-connected device is uploading or downloading media. MAC addresses were based on the IEEE 802 standard developed by Xerox to assign Ethernet addresses to all devices, although the original IEEE 802 addresses could also be given to software. MAC addresses are exclusively given to hardware devices.

MAC addresses contain 48 bits of hexadecimal information, meaning that there are a total of 281 trillion, 474 billion, 976 million, 710 thousand, 656 total possible MAC addresses (two to the 48th power or 281,474,976,710,656). When you look at a MAC address, you’ll see hexadecimal notation, meaning it’ll be a combination of both numbers and the letters A through F. MAC addresses are divided into six sets of two-digit hexadecimal numbers (called “octets”) separated by colons.

A MAC address will look something like this: 00:3f:47:fc:7a:16

Devices which are given a MAC address by the manufacturer are given universally administered addresses (UAA). The first three octets a UAA MAC address identifies the manufacturer followed by three unique octets for that particular device. Therefore, if you can read a device’s MAC address, you can see who built it, giving you vital information for determining what type of hardware has that particular MAC addresses.

For example:

Belkin: 00-30-BD
Cisco: 00-40-96
Dell: 00-14-22
Nortel: 00-04-DC

Keep in mind, however, that some manufacturers have more than one set of triple octets assigned to them.

In other cases, the NIC may assign the MAC, in which case it is known as a locally administered address (LAA).

Besides serving the needs of the NIC, the MAC address can be quite useful for network administration. MAC addresses cannot be changed, unlike other identifiers such as IP addresses, so identifying MAC addresses will give you a reliable way to know who is connected to the network and sending and receiving data.

One of the most common ways to use MAC addresses is to set up special filters or gateways for a router or internet network in order to ensure that only authorized devices can access the network. Hackers or malicious users can sometimes guess or discover the password used for your router and would this be able to access your internet connection. In other cases, malefactors might be able to spoof or trick your router into thinking that their device has the same IP address as an authorized computer.

But when you filter network access by MAC address, you increase your internet security. Since ever device has an unchanging, permanent identifier (the MAC address), you can set up a router to only accept connections from a specified list of authorized MAC addresses. This will keep out any unauthorized devices (because their MAC address is not on the authorization list) while ensuring that authorized devices stay connected even if their IP address changes.

MAC addresses were originally designed exclusively to be used on Ethernet networks but have since been adopted for a wide variety of networks. These include all 802.11 network variants (more popularly known as Wi-Fi), Bluetooth, ITU-T G.hn networks, fiber distributed data interfaces (FDDI), asynchronist transfer mode (ATM) switched virtual connections (as part of an NSAP address), fiber channel, and Serial Attached SCSI (as part of a World Wide Name).

All commercial devices like computers and smartphones use 48-bit MAC addresses. There are some devices, however, which use 64-bit MAC addresses. These include FireWire devices (IEEE 1394 standard), IPv6, and 6LoWPMAN personal area networks (sometimes known as ZigBee or 802.15.4).

Despite MAC addresses being “burned-in” at the time of manufacture, there are some ways to get around this and change the MAC address in a process known as MAC “spoofing.” Since changing a device’s MAC address is equivalent to changing its permanent ID, this process is not simple.

Despite its attraction for malefactors to gain unauthorized access to networks, there are some legitimate uses for MAC spoofing. For example, some internet service providers bill based on MAC addresses, so adding a new device could incur an additional charge. But if you can change a device’s MAC address to correspond to the one on the account, the ISP will allow it to connect to the network. Keep in mind, however, that some user contracts signed with ISPs will specifically prohibit the use of MAC spoofing regardless of its legitimacy.

In countries with onerous government internet surveillance programs, all online activity may be tracked by MAC address, thus creating a permanent “footprint” of that device’s activity. Therefore, spoofing the MAC address may be the only way to avoid government surveillance. Spoofing does not change the actual hardware where the MAC address is burned in. Instead, spoofing uses software to send out false information about the MAC address. Therefore, if the device is rebooted or the spoofing software program is stopped, the device will return to its original manufacturer MAC address.

While not true MAC spoofing, some hardware devices do allow for the generation of randomized MAC addresses during periods of network scanning in order to avoid unwanted tracking by nearby networks. Nearly all late-model smartphones and tablets will periodically scan nearby networks to look for access, and since this information can be recorded and logged by MAC address, randomizing the MAC address during scanning will render the logged data useless. Android version 6.0 and later, Windows 10, and Apple iOS 8 and later all now randomize MAC addresses when scanning for networks. This is not true “spoofing” as the unchanging, “real” MAC address is used if the device connects to the network.

Both Windows and Mac computers allow users with administrator-level privileges to change their devices’ MAC address via the command/terminal prompt. Note that this does not affect the computer’s MAC address but rather its network controller(s). If more than one network controller is present (i.e. both Bluetooth and Wi-Fi), then each network controller will have its own unique MAC address.

For the highest level of network security, it is recommended that a number of different security protocols be implemented, not just solely filtering by MAC addresses.