MAC address

from Wikipedia, the free encyclopedia
Stickers on the bottom of a UMTS router , etc. a. with the MAC addresses for LAN and WLAN

The MAC address ( Media Access Control address) is the hardware address of each individual network adapter , which serves as a unique identifier for the device in a computer network . One also speaks of a physical address or device address . At Apple it is also called Ethernet ID , Airport ID or Wi-Fi address , at Microsoft it is a physical address .

Function in the network

The MAC address is assigned to the data link layer (layer 2) of the OSI model ; In the OSI model extended by the  IEEE , it is assigned to the Media Access Control sub- layer (Layer 2a). To the data link layer with the next higher layer, the network layer , to be connected, is z. B. in the case of Ethernet, the Address Resolution Protocol is used in the context of  IPv4 . In  IPv6 , a new protocol takes over this function, the Neighbor Discovery Protocol  (NDP).

Network devices then need a MAC address if they are to be explicitly addressed on layer 2 in order to offer services on higher layers; If, on the other hand, the device only forwards the network packets like a repeater or hub , it is not visible on the data link layer and therefore does not need a MAC address.

Bridges and switches examine the data link layer packets in order to physically divide the network into several collision domains, but they do not actively participate in the communication themselves, so they do not need a MAC address for these basic functions either. However, a switch requires a MAC address if it is administered via the computer network itself or if it offers monitoring services (e.g. via Telnet , SNMP or HTTP ). A MAC address is also required when bridges or switches use the spanning tree algorithm to avoid loops in redundant computer networks.

Form (syntax)

In the case of Ethernet networks, the MAC address consists of 48  bits or six  bytes . The addresses are usually written in hexadecimal .

A byte-by-byte notation is common, the individual bytes being separated from one another by hyphens or colons, e.g. B.

  • 00-80-41-ae-fd-7e
  • 008041-aefd7e or
  • 00:80:41:ae:fd:7e.

Information such as

  • 008041aefd7e or
  • 0080.41ae.fd7e.

However, the order of the characters is not the same in all applications. A distinction is made here between the canonical and the "bit-reversed" representation. The canonical form is preferred for representations.

Canonical representation

The usual representation of MAC addresses, as it appears, for example, in the output of ipconfig / ifconfig , is also referred to as canonical format (“canonical form”, “LSB format” or “Ethernet format”). It specifies the order in which the address is transmitted in IEEE 802.3 (Ethernet) and IEEE 802.4 (Token Bus). Here the transfer with the least significant bit (starts Least Significant Bit , LSB) of an octet (the exception is the Frame Check Sequence , FCS).

Bit reversed representation

IEEE 802.5 (Token Ring) and IEEE 802.6 start the transmission with the most significant bit (MSB, most significant bit ). This can easily lead to misunderstandings if it is not specified whether the reference is made to the canonical representation in normal byte representation or the inverse bit transfer representation. An address whose canonical form 12-34-56-78-9A-BCis, for example , is used in standard transmission (LSB first, means: read from right to left) on the line in the form of

01001000 00101100 01101010 00011110 01011001 00111101Transfer bit sequence .

In token ring networks (MSB first means: read from left to right, i.e. in natural language), the transmission would take the form of

Bit sequence 00010010 00110100 01010110 01111000 10011010 10111100take place.

If this is not consistently observed when converting the bit sequences into the canonical representation, z. B. the latter representation can be incorrectly interpreted as 48-2C-6A-1E-59-3D(LSB first).

The representation in token ring networks is then referred to as "bit reversed order", "non-canonical form", "MSB format", "IBM format", or "token ring format" as listed in RFC 2469 .


MAC addresses in an Ethernet Type II frame

In each frame according to the Ethernet II variant, the MAC address of the recipient and the sender is first transmitted before the type field and the data. Receiver and sender must be part of the Local Area Network (LAN). If a packet is to be sent to another network, it is first sent to a router at the Ethernet level . This analyzes the data on the subordinate layer and then forwards the packet. To do this, it generates a new Ethernet frame if the neighboring network is also an Ethernet. To do this, a router replaces the MAC addresses, i. H. when router R1 receives an Ethernet frame and is to pass it on to router R2, R1 replaces the source address with its own MAC address and the destination address with the Mac address of R2.

Pseudo receiver "broadcast address"

Ethernet broadcast frame

The MAC address with all 48 bits set to 1 ( ff-ff-ff-ff-ff-ff) is used as the broadcast address that is sent to all devices on a LAN. Broadcast frames are not transmitted to another LAN without special measures.

Special identifiers

Structure of a MAC address

Recipient group

The least significant bit (Engl. Least Significant Bit , LSB ) of the first byte (bit 0) indicates a MAC address, if there is a single address or group address (I / G Individual / Group). With a broadcast or multicast , I / G = 1 is set, otherwise and with source addresses I / G = 0.

In short: I / G is

  • 0 for I (individual) or
  • 1 for G (Group).

Most protocols that work on OSI Layer 2 have special MAC addresses, so-called MAC multicast addresses. The VLAN Trunking Protocol, for example, uses the address 01-00-0C-CC-CC-CC. This means that a frame is addressed to all switches at the same time. There are also whole groups of MAC multicast addresses: The TRILL protocol, for example, uses 01-80-C2-00-00-00 to 01-80-C2-00-00-0F, among others. Other protocols also have special, permanently assigned MAC addresses.


The following 2nd bit (bit 1, called U / L for Universal / Local) indicates whether the MAC address is globally unique ( Universally Administered Address (UAA); U / L = 0) or is administered locally and only there is unique ( Locally Administered Address (LAA); U / L = 1).

In short: U / L is

  • 0 for U (universal) or
  • 1 for L (Local).

Manufacturer IDs

Manufacturer codes of MAC addresses (selection)
00-50-8B-xx-xx-xx Compaq
00-07-E9-xx-xx-xx Intel
00-60-2F-xx-xx-xx Cisco
00-15-F2-xx-xx-xx Asus

In the next 22 bits (bits 2 to 23) one of which is IEEE assigned manufacturer code (also OUI - O rganizationally U nique I dentifier called) described, which are largely viewed in a database. The remaining 24 bits (bits 24 to 47) are specified individually for each interface by the respective manufacturer. For example Compaq has an OUI with the address 00-50-8b. Compaq may use all available addresses within this OUI, i.e. 00-50-8b-xx-xx-xx. This results in 2 24 = 16777216 (16.8 million) individual addresses.

In addition to the OUI, there are two smaller address areas:

  • an OUI-28, or MAC Address Block Medium (MA-M), consisting of 28 bits
  • an OUI-36, or MAC Address Block Small (MA-S), consisting of 36 bits

These are intended for private individuals and smaller companies and organizations that do not need as many addresses. The OUI-36 address begins with 36 bits that are assigned to an organization. This means that the address area within bits 11 to 0 remains usable, which means that 2 12 = 4096 individual addresses are possible. The MA-M are uniquely identified by 28 bits and with the remaining 20 bits result in: 2 20 = 1,048,576 individual addresses according to EUI-48 . More devices can be addressed when using the EUI-64 .

Theoretically, the addresses of the interfaces of every network-compatible device should be uniquely pre-assigned worldwide (but individual cases have already become known in which two network cards in the same network had identical MAC addresses, which initially led to completely inexplicable errors). This can be used to automatically configure devices and is used by protocols such as RARP , BOOTP and DHCP . However, the software also often supports being able to use any value as a MAC address. This is used, for example, in backup systems where replacement devices can take over the MAC address of a failed device.

Some software uses the MAC address of the first network card to identify the computer on which licensed programs are allowed to run. The calculation of a universal identification ( UUID or GUID ) also uses this MAC address along with other parts. However, since the MAC address can be changed, security experts advise against using the MAC address as the sole authentication criterion.

Manufacturer-independent identifiers

In addition to the broadcast address FF-FF-FF-FF-FF-FF, which addresses all devices in a local network, MAC addresses in the range to are used for IPv4 multicast . The lower 23 bits of the IP multicast address are then mapped directly to the lowest 23 bits of the MAC address. The multicast MAC address is thus permanently assigned to the IP multicast address . 01-00-5e-00-00-0001-00-5e-7f-ff-ff01-00-5e-00-00-01

In addition to the top four bits, which are always 1110 for an IPv4 multicast address, 5 bits of the IP address remain that cannot be mapped in the MAC multicast address. This makes it possible for a host to receive MAC multicast packets from a multicast group to which it does not belong. These packets are then discarded by the IP layer, since recognition based on the IP multicast address is possible there.

The MAC address range 33-33-xx-xx-xx-xx was reserved for IPv6 multicast. The lowest 32 bits of the IPv6 multicast address are embedded in the MAC address.

The manufacturer-independent identifier (in the area ) is reserved for high-availability logical routers in accordance with VRRP , whereby the last byte ID stands for the identifier of the virtual router. It remains the same even if another router takes over the service. 00-00-5E-00-01-ID00-00-5E

Trip hazard: "PRIVATE" label

The manufacturer AC-DE-48IDs , which - for example - have been marked as "PRIVATE" in the OUI database, are registered for companies that do not want to disclose their identity to the public. Addresses from these areas can therefore not be used for local purposes, as one would assume. (The "U / L address bit" described under " Registration office " is used for local purposes .)

Determination and award

Often the MAC address, partly integrated in the serial number , is on the network card. They can also be read out using software. Depending on the operating system , various commands are required in the command line or via the graphical user interface . But there are also various additional programs that can simplify these tasks.

operating system Read out (in your own system) Read out (in a foreign system) Award
AROS , MorphOS ifconfig -a arp -a
AIX netstat -ia arp -a
Android Einstellungen → Telefoninfo → Hardware-Informationen
bada Einstellungen → Telefoninfo → Systeminfo
FreeBSD ifconfig arp -a ifconfig <Interface> link <MAC-Adresse>
HP-UX lanscan lanadmin -A 0x<MAC-Adresse>
Apple iOS Einstellungen → Allgemein → Info → Wi-Fi-Adresse officially not possible
IOS (Cisco) show interfaces configure
interface <type> <number>
mac-address <H.H.H>
IRIX netstat -ia arp -a ifconfig <Interface> ether <MAC-Adresse>
Linux ip link ip neigh ip link set dev <Interface> addr <MAC-Adresse>

You can also use the ifconfig command, and with some network cards it only works correctly in promiscuous mode , that is

ifconfig <Interface> promisc


ifconfig <Interface> hw ether <MAC-Adresse>

Mac OS X ifconfig
arp -a ifconfig <Interface> ether <MAC-Adresse>

ifconfig <Interface> lladdr <MAC-Adresse>
or: for AirPort Extreme (802.11n) WLAN (both methods do not work for all models) for Leopard (OS X 10.5)/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport --mac=<MAC-Adresse>

/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport -z; sudo ifconfig <dev> lladdr <MAC-Adresse>

NetBSD ifconfig -a arp -a ifconfig <Interface> link <MAC-Adresse> activate
NeXTStep ifconfig -a
Nokia S60 *#MAC0WLAN#  (as vanity code ) or

(enter on the standby screen or when dialing the number)

OpenBSD ifconfig -a arp -a ifconfig <Interface> lladdr <MAC-Adresse>
OpenVMS tcpip show interface /full tcpip show arp
OS / 2 netstat -n via LAPS / MPTS
SCO Unix ndstat
8,9,10,11 ifconfig -a
(you have to be logged in as root, otherwise the MAC address will not be displayed)
alternatively with dladm show-phys -mordladm show-linkprop -p mac-address
arp -a
ifconfig <Interface> ether <MAC-Adresse>
dladm set-linkprop -p mac-address=<MAC-Adresse> <Interface>
Tru64 UNIX netstat -ia
95, 98, ME
From Windows 2000 and Server 2008
Start menu / Run: Enter the command "cmd", in the black window that opens, enter the command ipconfig /all; The ID you are looking for can then be found in the "Physical address" line.
with XP Professional Edition and successors
getmac /v (Stringing together of all MAC addresses, e.g. radio and cable)
  1. ping <IP-Adresse>
  2. arp -a
with XP Professional Edition too
getmac /s <IP-Adresse/Name>
it also works under Vista Home (64-bit) and higher, details about
getmac /?
in the Windows registry
  1. regedit
  2. 95, 98, ME
    2000, XP
  3. (xxxx) ( Find the appropriate key, e.g. using the DriverDesc subkey )
  4. Enter the MAC address without separators in the (new) string key NetworkAddress
  5. 95, 98, ME
    Restart the system
    2000, XP
    Restart network connection
in the control panel
Some device drivers make it possible to change the MAC address via the hardware properties (device manager).
Windows Mobile 5.0 (Pocket PC)
Start → Einstellungen → Verbindungen → Drahtlos-LAN → Erweitert
Windows Phone 7 (from version 7.0.7389.0)
Einstellungen → Info → Weitere Informationen

Acquisition of your own MAC address space

Prices for registering your own MAC address ranges can be viewed on an IEEE website. A separate MAC address block costs between 730 and 2905 US dollars (as of June 5, 2019). This address range can also be kept secret for an additional annual fee; he is then not known to others and you are not entered in a public database.

Further use

The MAC address is often used as access protection ( MAC filter ) for LANs and WLANs. Due to the fact that MAC addresses can easily be changed, a MAC filter offers only weak protection and can easily be overridden by MAC spoofing .

Individual evidence

  1. ^ Mark A. Dye, Rick McDonald, Antoon W. Rufi: Network Basics: CCNA exploration companion guide. 2008, ISBN 3827326850 , p. 93 ( limited preview in Google book search).
  2. Where this can only be seen as a part: MAC address = manufacturer code + device address; Frank Morkowsky: Basics of network technology. 2015, ISBN 3734774519 , p. 20 ( limited preview in Google Book Search)
  3. VTP reference
  4.  ( page no longer available , search in web archivesInfo: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice. Current network standards@1@ 2Template: Toter Link /  
  5. Std 802-2001 - IEEE Standard for Local and Metropolitan Area Networks: Overview and Architecture ( English ) IEEE (The Institute of Electrical and Electronics Engineers, Inc.). S. February 21, 2002. Retrieved July 9, 2010: “The Universally or Locally administered (U / L) address bit is the bit of octet 0 adjacent to the I / G address bit. This bit indicates whether the address has been assigned by a local or universal administrator. Universally administered addresses have this bit set to 0. If this bit is set to 1, the entire address (i. E., 48 bits) has been locally administered. "
  6. Online query of the manufacturer IDs in the OUI database at the IEEE (English). (No longer available online.) Formerly in the original ; Retrieved September 29, 2006 .  ( Page no longer available , search in web archives )@1@ 2Template: Dead Link /
  7. ieee website Registration Authority of the IEEE MA-M (English). Retrieved October 30, 2014.
  8. ^ Registration Authority of the IEEE MA-S (English). Retrieved October 30, 2014.
  9. RFC 3768 Virtual Router Redundancy Protocol (VRRP) . Section “7.3. Virtual Router MAC Address "
  10. ^ "Public OUI listing" by the IEEE. Retrieved September 13, 2018 .
  11. MicrosoftTechNet: Use of "Winipcfg" to view TCP / IP settings
  12. MicrosoftTechNet: Command-line reference AZ (English)
  13. MAC Address Spoofing for Windows 98 / ME (English)
  14. MAC Address Spoofing for Windows 2000 / XP
  15. Price list of the IEEE (English)

Web links