MAC address (media access control)

Each network-compatible device has at least one unique hardware ID – the media access control address (in short: MAC address). What this is all about and how you can find or rewrite the MAC address is explained below.

Each device that is integrated into a computer network requires a network adaptor. This adapter receives a worldwide unique identification number from the manufacturer: the MAC address. This enables devices like desktop computers, tablets, or mobile phones to be identified in the network and addressed as required. If a device has several network adapters (for example, for several LAN connections or different communication standards like Ethernet, WiFi, FDDI, Bluetooth, or Token Ring), a different address is available for each standard.

Since MAC addresses are assigned directly by the hardware manufacturer, they are also referred to as hardware addresses. With Microsoft Windows, the MAC address is referred to as the physical address. Apple uses the terms Ethernet ID, Airport ID, or WiFi address, depending on the communication standard. The term device address, on the other hand, is fuzzy, since a device can have several network adapters and therefore different MAC addresses.

Conflicting MAC addresses are a basic requirement for error-free network communication.

Data transmission in computer networks is a complex communication process in which different requirements including reliability, security, and efficiency must be met. This can be illustrated using the OSI models (abbreviation for open systems interconnection) – a reference model developed by the ISO (International Organization for Standardization) that maps network communication to 7 layers. During data transmission, each layer of the OSI model is run through on both the sender and receiver sides.

MAC addresses are used on the backup layer (layer 2) of the OSI model – actually, the media access control sublayer introduced by the Institute of Electrical and Electronics Engineers (IEEE).

The backup layer is located between the bit transfer layer (layer 1) and the switching layer (layer 3). While the bit transmission layer provides protocols and tools responsible for maintaining the physical connection, protocols on the backup layer control how different systems share the available transmission medium. Secure system connections are abstracted from the physical connection. The actual transmission of data packets takes place at the switching level via IP.

For example, if you want to send an IP packet over Ethernet, your computer transmits a data frame that is addressed to the target computer’s MAC address on the backup layer, according to the OSI model.

An Ethernet data frame contains information that is read out at different levels of the OSI model.

Data frames in IPv4 networks contain the following components:

• Destination address (destination computer MAC address)
• Source address (sender’s MAC address)
• Control information for data flow control
• User data (the data packet that needs to be transmitted later on the switching layer)
• Checksums that ensure data integrity

A target computer that receives a data frame first reads it on the backup layer and compares the target address of the frame with its own MAC address. If the addresses match, the target computer starts interpreting the frame at the next higher level.

To link the address assignment on the backup layer with the address assignment on the switching layer, the address resolution protocol (ARP) is used in IPv4 networks. Each computer in the local network maintains an ARP table whereby IP addresses are assigned to MAC addresses.

The new internet protocol standard IPv6 uses the neighbor discovery protocol (NDP).

MAC addresses in LAN or WLAN networks consist of 6 bytes (48 bits) and are written in hexadecimal notation. The use of separators such as hyphens or colons between two bytes increases readability.

The following example shows the MAC address of a desktop computer in binary and hexadecimal format:

The bit sequence of each MAC address is divided into 4 areas, each of which encodes different information.

• Bit 1 (receiver): The first bit of the MAC address specifies whether it is an individual or group address. This bit is called I/G (short for individual/group). If I/G = 0, it is a unicast address for a single network adapter. Multicast addresses are identified by I/G = 1 and are addressed to several receivers.
• Bit 2 (registry): The second bit of the MAC address indicates whether it is an address with global validity (universal) or whether the address has been assigned locally (local). The bit is called U/L. If U/L = 0, the address is valid worldwide as a universally administered address (UAA). Addresses that are only locally unique are called locally administered address (LAA) and are marked with U/L = 1.
• Bit 3–24 (manufacturer identification): Bits 3 to 24 encode an identifier (organizationally unique identifier, OUI), which is assigned exclusively to hardware manufacturers by IEEE. The assignment of OUIs is usually public and can be determined via databases. A corresponding service is available, for example, on aruljohn.com.
• Bit 25-48 (network adapter identifier): Bits 25 to 48 provide device manufacturers with 24 bits for assigning a unique hardware identifier (organizationally unique address, OUA). This means that 2²⁴ (= 16.777.216) unique OUAs can be assigned per OUI.

Table: Subareas of an MAC address

MAC addresses can be queried through the terminal in all modern operating systems with little effort – both on the local system and remotely in the network. The following table shows the corresponding command line commands for the most common operating systems.

Table: MAC address read out

On mobile devices, you can display the MAC address in the settings.

Table: Get MAC addresses on mobile devices

Step 2: From Windows 2000 onwards you can use the command line utility ipconfig with the “/all” option to get the MAC address of all network adapters on your Windows computer.

Thanks to ARP, in IPv4 networks it is possible to determine other devices’ MAC addresses in the same local network. With Windows and most unixoid operating systems, use the command line “arp” with the option to display you system’s ARP table in the terminal.

You will receive a terminal output according to the following scheme:

If you just want to read the MAC address of a specific network adapter remotely, use the command “arp –a” in a combination with the target adapter’s local IPv4 address.

MAC addresses are invariably assigned by device manufacturers and are “burned” into the network adapter chip on the hardware side. However, numerous operating systems offer the option to overwrite hardware addresses on the software side. This is referred to as spoofing. In this case, a system does not send the addressed adapter’s real network hardware address in network communication, but instead a user-defined MAC address.

Unix derivatives such as Linux, macOS, Solaris, and the BSD operating systems support the assignment of MAC addresses through the terminal on the software side.

Table: Overwriting a MAC address

We illustrate the procedure using the most commonly used Unix derivative: Linux. If you want to change your network adapter’s MAC address, proceed as follows.

Step 1: Open the operating system terminal – for example, with the key combination [CTRL]+[ALT]+[T].

Step 2: Determine the name and current MAC address of the desired network adapter. To do this, enter the following command in the command line:

Step 3: Turn off the network adapter by entering the following command in the command line:

Step 4: Overwrite the network address assigned by the manufacturer with one of the options specified in the table.

Step 5: Restart the network adapter. Use the following command line command: