MAC Addresses Explained: How Devices Identify Themselves on a Network

Every device that ever talks on a network — laptops, phones, smart bulbs, printers, the streaming stick in the living room — carries a 48-bit hardware address called a MAC address. Pull up your laptop's network settings and somewhere in there is a string like A4:5E:60:7D:1F:38. That's the identifier the local network actually uses to push frames around. It isn't your IP, and it isn't visible to the wider internet — but inside any Wi-Fi or Ethernet segment, it's the thing that decides where each packet goes.

MAC stands for Media Access Control, a layer of the OSI networking model that sits between the physical medium (radio waves, copper, fibre) and the IP layer above it. MAC addresses are the addresses that work at that layer. They were designed in the early 1980s, originally for Ethernet, and the same scheme now covers Wi-Fi, Bluetooth, FireWire, and just about every other link-layer protocol you've heard of. Most people never think about them until the home router's "connected devices" list shows a string of hex and they have no idea what it is.

The format: six pairs of hex digits

A MAC address is 48 bits — six bytes — usually written as six pairs of hex digits separated by colons or hyphens:

00:1A:2B:3C:4D:5E
00-1A-2B-3C-4D-5E
001A.2B3C.4D5E         (Cisco notation)
001a2b3c4d5e           (raw)

All four of those represent the same address. The colon form is the most common; hyphens are typical on Windows; Cisco gear renders it as three dotted groups. The hex is case-insensitive, so 00:1A:2B and 00:1a:2b are equivalent.

48 bits gives you 2⁴⁸ possible addresses — about 281 trillion. That's enough to assign a globally unique value to every network adapter ever manufactured, with plenty to spare for the next several decades. The way that uniqueness gets enforced is what the first three bytes are for.

OUI + device ID

A MAC address splits cleanly down the middle:

• The first three bytes — 24 bits — are the OUI, the Organizationally Unique Identifier. This is a prefix the IEEE hands out to manufacturers. Apple's main OUI is AC:DE:48. Cisco has dozens. Raspberry Pi Foundation uses B8:27:EB on most original-generation Pis, and DC:A6:32 on the Pi 4.
• The last three bytes are the device-specific portion, assigned by the manufacturer to each individual adapter. Apple, having sold a few hundred million devices under AC:DE:48, has clearly burned through that namespace and rotates between many OUIs in modern production.

Because the IEEE publishes the OUI registry, anyone can look at the first half of a MAC and tell you which company shipped the device. That's exactly what the MAC address lookup tool does — paste any address and it returns the manufacturer along with their registered address and country, drawn from the official IEEE registry. We bundle the full database of 39,000+ entries directly into the lookup so the answer comes back in a few milliseconds.

For a manufacturer that needs more space than one OUI's worth of devices, IEEE also issues larger MA-L blocks (the standard 24-bit OUI) and smaller MA-M (28-bit) and MA-S (36-bit) blocks for organisations that only need a few thousand or a few hundred addresses respectively. These shorter prefixes are how small IoT vendors get into the registry without paying for a full block of 16 million.

How to find your MAC address

Every operating system makes this slightly easier or harder than it needs to be:

• Windows. Open Command Prompt and run ipconfig /all. Look for "Physical Address" under your Wi-Fi or Ethernet adapter.
• macOS. System Settings → Network → click your active connection → Details → Hardware. (Or, in Terminal, ifconfig en0 | grep ether.)
• Linux. ip link show is the modern command; ifconfig still works on most distros. Each interface lists its link/ether address.
• iPhone / iPad. Settings → General → About → Wi-Fi Address.
• Android. Settings → About Phone → Status → Wi-Fi MAC address. (Some devices put it under Settings → Network & Internet → Wi-Fi → tap the connected network → Advanced.)

One catch: most modern devices show you a MAC address that isn't the one burned into the hardware. That's by design, and it's the next thing to talk about.

MAC randomization (and why your address keeps changing)

Until about 2014, MAC addresses were a privacy disaster. Every smartphone broadcast its real hardware MAC in every Wi-Fi probe request — the background "is anyone here?" packets every device sends while looking for known networks. Retail stores and analytics companies built business models on logging those probe requests, tracking which devices visited which shops on which days, and selling the resulting footfall data. ISPs and airport Wi-Fi networks could correlate users across sessions just by remembering MAC addresses.

MAC randomization shut most of that down. Modern operating systems no longer transmit the real hardware MAC unless they have a good reason. Instead:

• iOS 14+ (released September 2020) generates a fresh random MAC for every Wi-Fi network you connect to. The same address is reused when you reconnect to the same network, but never shared between networks.
• Android 10+ behaves identically — a per-network randomized MAC, regenerated periodically.
• Windows 10+ can be configured to use random MACs globally or per network. On Wi-Fi adapters, this is now usually on by default.
• macOS uses "Private Wi-Fi Address" by default since Big Sur (macOS 11). Same per-network randomized scheme.

You can tell a randomized MAC apart from a real one by looking at the second-least-significant bit of the first byte — the so-called U/L (universal/local) bit. If that bit is 0, the address is "globally unique" — it was assigned by IEEE through the OUI system. If it's 1, the address is "locally administered" — it was made up by software. Randomized MACs always set that bit, so they're identifiable: the first byte will end in 2, 6, A, or E in hex (those are the values whose binary form has the U/L bit set, e.g. 02, 06, 0A, 0E, 12, 16…).

This is also why a randomized MAC won't match anything in the IEEE OUI database. The lookup tool returns "no manufacturer found" for those — and that's the correct answer. There is no manufacturer; the address was generated locally for privacy reasons.

Unicast, multicast, and broadcast

Two more bits of the first byte carry meaning. We've covered the U/L bit (bit 1, value 0x02). The other one is the I/G bit, bit 0, value 0x01:

• If the I/G bit is 0, the address is unicast — it identifies a single device.
• If it's 1, the address is multicast — it identifies a group of devices that have opted into listening on that address. IPv6's neighbour discovery and a lot of audio/video distribution protocols use multicast.

And finally, the all-ones address — FF:FF:FF:FF:FF:FF — is the broadcast address. Any frame sent to it is delivered to every device on the local network segment. ARP requests (the protocol that maps IPv4 addresses to MAC addresses) start out as broadcasts because the sender doesn't yet know the recipient's MAC.

MAC vs IP — different addresses, different jobs

The most common question we get about MAC addresses is how they relate to IP addresses. The short version: they operate at different layers and they don't replace each other.

• MAC addresses are Layer 2. They identify a specific network interface on the local segment — within your home Wi-Fi network, within your office Ethernet, within the same VLAN. They do not cross routers. A packet leaving your house never carries your laptop's MAC; the router strips it off and substitutes its own.
• IP addresses are Layer 3. They identify a host on the global network and they do cross routers — that's the whole point. Your phone's public IP is what an external server sees.

Both addresses are present on every frame. The MAC tells the local switch "deliver this to the device at MAC X on this network." The IP, wrapped inside the frame, tells the wider internet "this is going to the host at IP Y." When your traffic crosses a router, the IP stays the same but the MAC gets rewritten — the outgoing frame has the next router's MAC as the destination, and so on, hop by hop, until the packet reaches its target.

The protocol that maps between the two is ARP (Address Resolution Protocol) for IPv4, or NDP (Neighbor Discovery Protocol) for IPv6. When your laptop wants to talk to 192.168.1.1 on the local network, it doesn't know that router's MAC yet — so it broadcasts an ARP request ("who has 192.168.1.1?") and the router replies with its MAC. That mapping is cached, and from then on local traffic to that IP goes straight to the right MAC.

What you actually use MAC addresses for

A few real-world tasks where MAC addresses are the right tool:

• MAC filtering. Routers can restrict which devices are allowed to connect to a network based on their MAC. With randomization, this is mostly theatre — anyone who wants on can spoof a valid MAC trivially — but it's a useful nudge for keeping casual neighbours off.
• Identifying unknown devices on your network. Open your router's "connected devices" list, see an unfamiliar entry, paste its MAC into the MAC lookup tool, and find out it's a Roomba you forgot you had. This is the lookup tool's most common use case.
• Wake-on-LAN. Sending a specially formatted UDP packet (a "magic packet") to a device's MAC address can wake it from sleep, as long as the network card was left listening for that signal. The packet has to be delivered on the local network because MACs don't route.
• Network troubleshooting. Two devices with the same MAC on a segment causes traffic to bounce unpredictably. Some virtual machines and Docker containers default to the same MAC unless told otherwise — if a network suddenly stops working after spinning up a VM, this is the first thing to check.
• DHCP reservations. Setting a static IP by MAC is the right way to give a server, printer, or NAS a predictable address — you tell the DHCP server "if you see this MAC, always hand it this IP." Survives reboots and OS reinstalls.

What MAC addresses don't tell you

Worth being clear about the limits, especially given how often people overweight what a MAC reveals:

• A MAC isn't an IP, and it isn't a location. You can't trace someone's MAC across the internet — it's stripped at the first router. The MAC of a phone connected to a coffee-shop Wi-Fi is meaningless to anyone outside that coffee shop.
• A MAC isn't an identity. With randomization, even the manufacturer information is hidden on most consumer devices. A randomized MAC tells you exactly nothing about what kind of device it is.
• A MAC isn't a fingerprint. If you're trying to identify a specific browser session, the MAC isn't visible to the server anyway — it lives at Layer 2, way below HTTP. Web servers fingerprint browsers using completely different signals (canvas, fonts, screen size, audio context). See our piece on browser fingerprinting for what actually gets surfaced to a remote site.

And one slightly counter-intuitive corollary of MAC randomization: if you're looking at your phone's "Wi-Fi address" in settings and it doesn't match any IEEE-registered manufacturer, that's the system working correctly. The lookup tool will return "no match" for randomized addresses, which is the right answer.