# MAC Address ## What is a MAC Address A MAC address, which stands for Media Access Control address, is a unique hardware identifier assigned to every network interface card or NIC. It is also called a physical address or hardware address. MAC addresses operate at the Data Link layer of the OSI model and are used to identify devices within a local network. Unlike IP addresses, which are logical addresses that can be changed and are assigned based on network location, MAC addresses are typically burned into the hardware by the manufacturer and remain with the device throughout its lifetime. ## Format of a MAC Address A MAC address is a 48-bit number, written as 12 hexadecimal digits. It is typically formatted as six pairs of hexadecimal digits separated by colons or hyphens. For example, 00:1A:2B:3C:4D:5E is a MAC address. The first 24 bits, or the first three pairs of hexadecimal digits, are called the Organizationally Unique Identifier or OUI. The IEEE assigns OUIs to network hardware manufacturers. Every device from a given manufacturer shares the same OUI prefix. The remaining 24 bits are assigned by the manufacturer to uniquely identify each device they produce. This combination ensures that every MAC address in the world is unique. ## How MAC Addresses are Used When a device on a local network wants to send data to another device on the same network, it places the destination device's MAC address in the frame header. The switch or hub that connects the devices uses MAC addresses to direct frames to the correct destination. A switch maintains a MAC address table that maps each known MAC address to the port on which that device is connected. When a frame arrives, the switch looks up the destination MAC address and forwards the frame only to the correct port. ## MAC Address Learning Switches learn MAC addresses dynamically. When a frame arrives at a switch port, the switch reads the source MAC address from the frame header and records it in the MAC address table along with the port number. Over time, as devices send frames, the switch builds a complete picture of which devices are connected to which ports. If the destination MAC address of a frame is not in the table, the switch floods the frame out all ports except the one it arrived on, similar to a hub. ## Broadcast MAC Address The broadcast MAC address is FF:FF:FF:FF:FF:FF. A frame with this destination address is sent to all devices on the local network. Switches forward broadcast frames out all ports. Protocols like ARP use broadcast frames to discover the MAC address associated with a particular IP address. ## MAC Address Spoofing MAC address spoofing is the practice of changing a device's MAC address to a different value. While MAC addresses are supposed to be permanently burned into hardware, modern operating systems allow the MAC address to be overridden in software. MAC address spoofing is used legitimately for purposes like network testing and privacy protection, but can also be used maliciously to impersonate another device or bypass MAC address-based security controls.