MAC (Media Access Control)

A MAC address (Media Access Control Address) is a 48-bit fixed identifier assigned at the physical layer to a network device. It is essential for enabling communication between network hardware components and typically consists of six binary bytes (a total of 6 bytes). Each byte carries 8 bits of data in binary form and is written in hexadecimal notation. An example MAC address appears as follows: 00-1A-2B-3C-4D-5E.

A MAC address is divided into two main parts:

• OUI (Organizationally Unique Identifier) – The first 3 bytes (24 bits); a vendor-specific identifier assigned by IEEE.
• NIC (Network Interface Controller) Identifier – The next 3 bytes (24 bits); assigned by the manufacturer and unique to each device.

IEEE ensures global uniqueness by allocating OUI numbers to vendors, allowing the same manufacturer to generate distinct MAC addresses for different devices.

Representative image of the MAC address layer (Generated by Artificial Intelligence)

Function and Usage Areas

A MAC address operates at the data link layer and serves as an address that enables devices to identify and communicate with each other—especially within limited network topologies like local area networks (LAN). During data transmission, every frame sent over the network includes both the source and destination MAC addresses. This structure allows network devices (such as switches and routers) to recognize the origin and destination of the data and forward it accordingly.

MAC addresses serve as physical identifiers for communication on a network and are typically resolved before IP addresses. While IP addresses are logical (software-based), MAC addresses are physical (hardware-based). Therefore, protocols like ARP (Address Resolution Protocol), which translate IP addresses into MAC addresses, operate at this level.

Address Types: Unicast, Multicast, Broadcast

MAC addresses are classified into three categories based on the type of transmission:

• Unicast MAC Address: Targets a specific single device. If the least significant bit of the first byte is set to '0', it is a unicast address.
• Multicast MAC Address: Refers to communication with a group of devices. The least significant bit is set to '1'. This is often seen in IPv6 multicast scenarios.
• Broadcast MAC Address: Used to send data to all devices on the network. Universally defined as FF-FF-FF-FF-FF-FF and accepted by all NICs.

Universal and Local MAC Addresses

The second least significant bit of a MAC address, known as the U/L (Universal/Local) bit, defines how the address was assigned:

• If set to 0, the address was universally assigned by the manufacturer and is globally unique.
• If set to 1, it may have been locally assigned by an administrator or user. These addresses are often used for temporary purposes, virtualization (VMs), security testing, or privacy concerns.

Local addresses are structured under the IEEE 802c standard. Through the SLAP (Structured Local Address Plan) system, administrators can assign non-conflicting local MAC addresses. This type of addressing is common in virtual network interfaces, IoT devices, and wireless clients.

MAC Address Spoofing

A device's MAC address can be altered through software—a process known as MAC spoofing. In networks that rely on MAC filtering for access control, a user can impersonate another device’s MAC address to gain unauthorized access. While sometimes used legitimately (e.g., for testing or development), spoofing can pose serious security risks.

Operating systems like Linux, Windows, and macOS allow temporary MAC address changes. For instance, Linux users can assign temporary MAC addresses via commands like ifconfig or ip link, though these changes revert after a system reboot.

MAC spoofing can also be used for identity obfuscation, bypassing network bans, or evading tracking mechanisms in certain internet services.

MAC Address Randomization and Privacy

MAC address randomization is a privacy feature developed for mobile devices. During Wi-Fi scans, the device broadcasts a temporary MAC address instead of the actual one, making tracking and location surveillance more difficult.

However, studies have shown that many devices implement this feature improperly. For example:

• Devices often revert to using their real (global) MAC address once they connect to an access point.
• Some devices may still expose themselves through protocol behavior even when using randomized addresses.

Thus, while MAC address randomization theoretically enhances privacy, it has practical vulnerabilities, and users may still be subject to tracking.

Standards and Administration

MAC address allocation is managed by the IEEE (Institute of Electrical and Electronics Engineers), which assigns OUI blocks to manufacturers to ensure global uniqueness. The IEEE 802c standard defines local MAC address usage. Under the SLAP model, the address space is divided into subcategories such as AAI (Administratively Assigned Identifier), ELI (Extended Local Identifier), and SAI (Standard Assigned Identifier). This framework allows multiple administrators to configure non-conflicting address schemes within the same LAN.

Additionally, standardized group MAC addresses (e.g., the 01-80-C2-00-00-00 block) are allocated by IEEE for specific protocol uses and are commonly seen in Ethernet frames. The MAC address is a foundational element in networking, ensuring the unique identification of hardware devices. It plays a vital role in data transmission, network management, access control, and security mechanisms, while also posing potential risks related to privacy and tracking.

In modern systems, the role of the MAC address has expanded beyond simple traffic forwarding, becoming a core component of digital identity, network policies, and privacy strategies.