This tutorial explains the MAC (Media Access Control) address in detail. Learn what the MAC address is, how it is formed, and the types of MAC addresses (unicast, multicast, and broadcast).
In network, an address provides a unique identity to an end device. Unless an end device has a unique address, it can’t communicate with other devices in the network. A unique address enables an end device to send and receive data in the network.
- A MAC address table, sometimes called a Content Addressable Memory (CAM) table, is used on Ethernet switches to determine where to forward traffic on a LAN. Now let's break this down a little bit to understand how the MAC address table is built and used by an Ethernet switch to help traffic move along the path to its destination.
- A MAC address, also known as “hardware address” or “physical address”, is a binary number used to uniquely identify computer network adapters. Packets that are sent on the Ethernet are always coming from a MAC address and sent to a MAC address.
A MAC address i.e. A Media Access Control Address is the address assigned to the network interface controller of a device. Specifically, this is an address that your Ethernet port or your network card has. Every device that connects to the internet does so via hardware and this hardware, generally called the network interface, has a MAC Address.
In the LAN network, a unique address is the combination of two addresses; software address and hardware address.
Addressing in Networking Reference models
A networking reference model defines the standards, characteristics, definitions, and functionalities of the network. There are two popular networking models; the OSI Seven Layers model and the TCP/IP model.
In both models, the software address and hardware address are defined in the network layer and data link layer, respectively. In both models, the network layer and data link layer stand on the third and second positions, respectively. Because of this, both layers are also known as layer 3 and layer 2, respectively.
Software address
The software address is also known as the network layer address or layer 3 address. This address is manageable and configurable. Based on network requirements and layout, this address can be configured and assigned to an end device. Almost all modern LAN implementations use the IP protocol in the network layer. The IP protocol uses the term IP address to define the software address.
I have already explained IP addresses in the following tutorial.
In this tutorial, I will explain the hardware addresses in detail.
Hardware address
The hardware address is also known as the data link layer address or layer 2 address or MAC (Media Access Control) address. From these terms, the term MAC address is commonly used to refer to the hardware address. Unlike the IP address or software address, this address can’t be configured or managed. When you purchase a new NIC (Network Interface Card), or any device which has onboard NICs, it comes with a pre-configured MAC address.
A MAC address is 6 bytes (48 bits) long address in the binary numbers. MAC addresses are written in the hexadecimal format. The hexadecimal format uses the base-16 to refer to numbers. If we divide the total available length (48 bits) in binary numbers by the base (base-16) that is used to write a number in hexadecimal format, we get the total digits (12 = 48 ÷ 16) of that number in the hexadecimal format. Thus, if we write a 6 bytes (48bits) long binary MAC address in hexadecimal format, we get a 12 digits long hexadecimal number.
For convenience and easier readability, when writing a MAC address in hexadecimal format, extra space or periods or colons are added after every two or four digits. For example, you can write a MAC address in the following ways.
- Without any separator: - 00000ABB28FC
- Extra space after every two digits: - 00 00 0A BB 28 FC
- Extra space after every four digits: - 0000 0ABB 28FC
- Colon after every two digits: - 00:00:0A:BB:28:FC
- Colon after every four digits: - 0000:0ABB:28FC
- Period after every two digits: - 00.00.0A.BB.28.FC
- Period after every four digits: - 0000.0ABB.28FC
No matter which style you use to write the MAC address, or an application or networking software uses to display the MAC address, a MAC address is always processed in binary numbers only. NIC converts hexadecimal numbers of the MAC address in binary numbers before processing and using it.
Structure or format of the MAC address
As mentioned above, you can’t assign MAC address to a NIC or onboard NICs. When you purchase a new NIC or a device with onboard NICs, it arrives with a pre-configured MAC address or MAC addresses, respectively. Before we understand how manufacturers select MAC addresses for NICs, let’s briefly understand why a MAC should be unique in the LAN network.
If a LAN network has two or more NICs configured with the same MAC address then that network will not work. Let’s understand this with an example.
Suppose in a network three PCs; PC-A (11000ABB28FC), PC-B (00000ABB28FC) and PC-C (00000ABB28FC) are connected through a switch. NICs of PC-B and PC-C have the same MAC address 00000ABB28FC.
If PC-A sends a frame to the destination MAC address 00000ABB28FC, the switch fails to deliver this frame as it has two recipients of this frame.
The following image shows this example.
A LAN network does not work unless each device in the LAN network has a unique MAC address.
Now let's be back to our main question. How do manufacturers assign a unique MAC address to each NIC?
Before manufacturing NICs, every manufacturer obtains a universally unique 3-byte code, known as the organizationally unique identifier (OUI), from the IEEE. The IEEE is an international organization that regulates and maintains the namespace of MAC addresses.
After obtaining the OUI bytes, the manufacturer uses these OUI bytes at the beginning of the MAC address of all its NICs or on-board NIC devices. The manufacturer also assigns a unique hexadecimal value in the remaining bytes.
6 bytes MAC address = 3 bytes OUI number obtained from the IEEE + 3 bytes unique number assigned by the manufacturer
MAC addresses of all NICs or onboard NIC devices manufactured by the same manufacturer always start with the same 3-bytes OUI numbers. For example, suppose the IEEE assigns an OUI “0000AA” to the xyz company. Now the xyz company will use the OUI number 0000AA as the first 24 bits to build MAC addresses for its NICs or onboard NICs devices.
To keep each product separately from others, the manufacturer uses the remaining 3-bytes. Manufacturers are free to use any sequence or method on the remaining three bytes. For example, the xyz company can assign the MAC addresses to its NICs in the incremental order.
The following table extends this example and adds two more demo companies (ABC and JKL) in the example. It also shows MAC addresses of 5 NICs from each company.
Thus, this procedure ensures that no two NICs use the same MAC address in the universe.
Types of MAC address
There are three types of MAC address; unicast, multicast, and broadcast.
Unicast MAC address
Unicast MAC address represents a specific NIC or onboard NIC ports in the network. The inbuilt MAC address of a NIC is the unicast MAC address of that NIC.
Multicast MAC address
Multicast MAC address represents a group of devices (or NICs in Layer 2). The IEEE has reserved the OUI 01-00-5E (first 3-bytes or 24 bits) for the multicast MAC addresses. The remaining 24 bits are set by the network application or device that wants to send data in the group. A multicast MAC address always starts with the prefix 01-00-5E.
Mac Address What Is It Used For Kids
Broadcast MAC address
Broadcast MAC address represents all devices in the network. The IEEE has reserved the address FFFF.FFFF.FFFF as the broadcast MAC address. Any device that wants to send the data to all devices of the network, can use this address as the destination MAC address.
That’s all for this tutorial. If you like this tutorial, please don’t forget to share it with friends through your favorite social channel.
To many, 'personally identifiable information' (also 'PII' or 'personal information') means information that can be used to identify an individual, such as a person's name, address, email address, social security number/drivers' license number, etc. However, in the US, there is no uniform definition of personal information. This is because the US takes a 'sectoral' approach to data privacy. In the US, data privacy is governed by laws, rules and regulations specific to market sectors such as banking, healthcare, payment processing, and the like, as well as state laws such as breach notification statutes). Companies, such as Google, often include their own definition of personal information in their privacy policy. Even though there is no uniform definition, however, it's clear that that more and more information is falling under the PII/personal information umbrella.
One category of data with potentially significant implications to US businesses if classified as PII are Internet Protocol (IP) and Media Access Control (MAC) addresses.
- An IP address is a unique numerical or hexadecimal identifier used by computing devices such as computers, smartphones and tablets to identify themselves on a local network or the Internet, and to communicate with other devices. IP addresses can be dynamic (a temporary IP address is assigned each time a device connects to a network), or static (a permanent IP address is assigned to a network device which does not change if it disconnects and reconnects). There are two types of IP addresses - the original IPv4 (e.g., '210.43.92.4'), and the newer IPv6 (e.g., '2001:0db8:85a3:0000:0000:8a2e:0370:7334').
- A MAC address is a unique identifier used to identify a networkable device, such as a computer/phone/tablet/smartwatch, as well as other connected devices such as smart home technologies, printers, TVs, game consoles, etc. A MAC address is a 12-character hexadecimal (base 16) identifier, e.g., '30:0C:AA:2D:FB:22'. The first half of the address identifies the device manufacturer, and the second half is a unique identifier for a specific device. If a device needs to talk to other devices, it likely has a MAC address.
- Why do devices need both? There are incredibly technical reasons for this, but at a very high level, MAC addresses are used to identify devices on a local wired or wireless network (e.g., your home network) to transmit data packets between devices on that local network, and IP addresses are used to identify devices on the worldwide Internet to transmit data packets between devices connected directly to the Internet. Your router has an IP address assigned by your ISP, as well as a MAC address which identifies it to other devices on the local network. Your router assigns a local IP address (e.g., 192.168.1.2-192.168.1.50) to connected devices by MAC address. Network traffic comes to your router via IP address, and the router determines what MAC device on the network to which to route the traffic.
Think of a letter mailed to your attention at your corporate office address of 1234 Anyplace Street, Suite 1500, Anytown, US 12345. The mailing address will tell the mail carrier what address to deliver it to, but the carrier won't deliver it right to you personally. Suppose you are in Cube 324. Your mail room will look up your cube number, and deliver the letter to you. The letter is like an online data packet, the mailing address is like an IP address, the cube number is like a MAC address, and the mail room is like a router -- the router takes the inbound packet delivered by IP address and uses the local device's MAC address to route the packet to the right device on the network.
Canada's approach. In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) defines 'personal information' as 'information about an identifiable individual.' The Office of the Privacy Commissioner of Canada (OPCC) has released an interpretation making clear that this definition must be given a 'broad and expansive interpretation,' and that it includes information that 'relates to or concerns' a data subject. With respect to IP addresses, according to the OPCC an Internet Protocol (IP) address is personal information if it can be associated with an identifiable individual. (Note that in Canada, business contact information is not considered personal information, which implies that an IP or MAC address of a work computing device associated with an employee's work contact information is not personal information.)
The European approach. In Europe, the current Data Protection Directive and the proposed Data Protection Regulation both define personal data as 'any information relating to an identified or identifiable natural person.' Individual EU member states differ on whether an IP address should be considered personal data. The European Court of Justice (ECJ) has held that IP addresses are protected personal information 'because they allow ... users to be precisely identified,' and is considering whether to adopt an even stronger position that dynamic IP addresses collected by a website operator are personal information even if though the Internet service provider, and not the website operator, has the data needed to identify the data subject. The same rules should apply to MAC addresses. The new Data Protection Regulation, which will override member state implementations of the Directive, states in its findings that '[n]atural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.'
In the US, the sectoral and state-by-state approach to data privacy does not paint a clear picture as to whether an IP address or MAC address should be considered personal information.
- Specific laws. The one US statute that clearly states that IP and MAC addresses are personal information is the Children's Online Privacy Protection Act (COPPA). In 2013, the FTC revised the COPPA Rule, which defines 'personal information' as 'individually identifiable information about an individual collected online,' as specifically including IP addresses, MAC addresses, and other unique device identifiers. The Health Insurance Portability and Accessibility Act (HIPAA) includes device identifiers (such as MAC addresses) and IP addresses as 'identifiers' that must be removed in order to de-identify protected health information. State security breach notification laws define personal information, but those laws do not include IP address, MAC address, or other device identifier as PII.
- The FTC's view. In April, Jessica Rich, the Director of the FTC's Bureau of Consumer Protection, wrote on the FTC's business blog about cross-device tracking. In her remarks, she restated the FTC's long-held position that data is personally identifiable, 'and thus warranting privacy protections, when it can be reasonably linked to a particular person, computer, or device. In many cases, persistent identifiers such as device identifiers, MAC addresses, static IP addresses, or cookies meet this test.' She then specifically cited the FTC's 2013 amendments to the COPPA Rule as an example of this in practice. Director Rich's comments signal that the FTC views IP and MAC addresses, and other unique device identifiers, in a similar manner as the Office of the Privacy Commissioner of Canada -- if it can be associated with an identifiable individual, it should be considered personal information.
- Google's View. It is also worth looking at Google's definition from its privacy policy, given Google's prominence as a collector and user of consumer personal information. Google defines personal information to include both information that personally identifies a person, as well 'other data which can be reasonably linked to such information by Google, such as information we associate with your Google account.' This is essentially the FTC's view, with a reasonableness standard.
Given all this, what should US businesses do?
Mac Address On A Mac
- Consider using a term to define IP addresses, MAC addresses, and other user device identifiers which identify a thing, not a person, but can be linked to an individual depending on what information is collected or obtained about that individual. I call this information linkableinformation.
- If linkable information is, or reasonably can be, associated or linked with an identifiable individual in your records, it becomes personal information.
Think of your driver's license and your license plate as things. Your drivers' license has your name, photo, and other information, so it identifies you. Therefore, a copy of your license would be personal information. On the other hand, your license plate by itself identifies a thing (your vehicle), and therefore by itself is linkable information, but not personal information. However, if your license plate is contained in a list of names and associated license plates maintained by a company, the license plate is associated with you, and therefore the company should handle it as personal information. Similarly, your phone number identifies a thing (your phone, not you, as you can let anyone use your phone) and therefore is linkable information; if your number is linked with an identifiable individual (e.g., the number is associated with a recording an individual's voice on a phone call), the phone number becomes personal information.
An IP address in a server log, by itself, is linkable information not linked or associated with an individual, and therefore not personal information. However, an IP address as part of an electronic signature record, where the IP address is collected and stored with a person's name, time/date stamp of acceptance, and IP address are collected, would be personal information. - If your company's privacy policy defines personal information to include device identifiers such as IP addresses and MAC addresses, or defines when device identifiers would be considered personal information, ensure you are doing what your privacy policy says you will do. Failing to comply with a stated privacy policy can give rise to an FTC investigation and/or complaint under §5 of the FTC Act, as well as state AG investigations/actions and private litigation.
- If you collect information from European consumers, given the extra-territorial reach of the upcoming Regulation US companies should carefully watch how IP and MAC addresses fall into the EU's definition of personal data, and determine whether it needs to comply with Europe's approach.
- If you collect IP address information from a child under 13 through a website or app governed by COPPA, by law it's personal information.
- Talk to your IT group about whether you collect any device information, such as IP or MAC addresses, that could be linkable information, and analyze whether that data is linked or associated with personal information in your systems.
What Is My Mac Address
Eric Lambert is Assistant General Counsel at CommerceHub, Inc., a leading cloud services provider helping retailers and brands increase sales and delight shoppers by expanding product assortment, promoting and selling products on the channels that perform, and enabling rapid, on-time customer delivery. Eric works primarily from his home office outside of Minneapolis, Minnesota. Any opinions in this post are his own. He is a technophile and Internet evangelist/enthusiast. In his spare time Eric dabbles in voice-over work and implementing and integrating connected home technologies.