An Overview of MAC Addresses


In 1983, computer networking was totally different than it is today. One of the notable differences in land topology was that switchable hub hadn’t been invented yet. This meant that frequently, many or all devices on a network shared a single collision domain.

A Collision Domain is a scenario in which when a device sends out a message to the network, all other devices which are included in its collision domain have to pay attention to it, no matter if it was destined for them or not. A collision domain is a network segment where only one device can speak at a time. This causes a problem because, in a situation where two devices send out their messages simultaneously, a collision will occur leading them to wait and re-transmit their respective messages, one at a time. If two computers were to send data across the wire at the same time, this would result in literal collisions of the electrical current representing ones and zeros, leaving the end result unintelligible. Ethernet, as a protocol, solved this problem by using a technique known as Carrier Sense Multiple Access with Collision Detection (CSMA/CD). CSMA/CD is used to determine when the communications channels are clear and when the device is free to transmit data. The way CSMA/CD works is actually pretty simple. If there’s no data currently being transmitted on the network segment, a node will feel free to send data.

If it turns out that two or more computers end up trying to send data at the same time, the computers detect the collision and stop sending data. Each device involved with the then waits a random interval of time before trying to send data again. This random interval helps to prevent all the computers involved in the collision from colliding again the next time they try to transmit anything. When a network segment is a collision domain, it means that all devices on that segment receive all communication across the entire segment. This means we need a way to identify which node the transmission was actually meant for. This is where something known as a media access control address or MAC address comes into play. 

What is a MAC adress?

Media Access Control or MAC address is a globally unique identifier attached to an individual network interface. It is a 48-bit number generally represented by six groupings of two hexadecimal numbers. Each group of numbers in a MAC address is an octet. A MAC address is split into two sections. The first three octets of a MAC address are known as the organizationally unique identifier or OUI. These are assigned to individual hardware manufacturers by the IEEE or the Institute of Electrical and Electronics Engineers. One can always identify the manufacturer of a network interface purely by its MAC address. The last three octets of MAC address can be assigned in any way that the manufacturer would like with the condition that they only assign each possible address once to keep all MAC addresses globally unique.

Ethernet uses MAC addresses to ensure that the data it sends has both an address for the machine that sent the transmission, as well as the one that the transmission was intended for. In this way, even on a network segment, acting as a single collision domain, each node on that network knows when traffic is intended for it.

Unicast, Multicast, and Broadcast

When one device transmits data to one other device this is called unicast. Unicast transmission is always meant for just one receiving address. At the Ethernet level, this is done by looking at a special bit in the destination MAC address. If the least significant bit in the first octet also known as The Individual / Group (I/G) Bit of a destination address is set to zero, it means that the Ethernet frame is intended for only the destination address.

This means it would be sent to all devices on the collision domain, but only actually received and processed by the intended destination.

For example, A MAC address’s 4A30-10-21-10-1A first octet when converted to binary:


Here, the least significant bit in the first octet is 0. So, the Ethernet frame is intended for only one destination address.

If the least significant bit in the first octet of a destination address is set to one, it means it is a multicast frame.

For example, when the first octet of the multicast MAC address 01-00-0C-CC-CC-CC converted to binary:


A multicast frame is similarly set to all devices on the local network signal. What’s different is that it will be accepted or discarded by each device depending on criteria aside from their own hardware MAC address. Network interfaces can be configured to accept lists of configured multicast addresses for these sort of communication. The third type of Ethernet transmission is known as broadcast. An Ethernet broadcast is sent to every single device on a LAN. This is accomplished by using a special destination known as a broadcast address. The Ethernet broadcast address is FF-FF-FF-FF-FF-FF. Ethernet broadcasts are used so that devices can learn more about each other

Universal vs. local

A MAC address can either be universally administered addresses (UAA) or locally administered addresses (LAA). A universally administered address is uniquely assigned to a device by its manufacturer. A locally administered address is assigned to a device by a network administrator, overriding the burned-in address.

Universally administered and locally administered addresses are distinguished by setting the second-least-significant bit of the first octet of the address. This bit is also referred to as the U/L bit, short for Universal/Local, which identifies how the address is administered. If the bit is 0, the address is universally administered. If it is 1, the address is locally administered. In the example address 06-00-00-00-00-00 the first octet is 06 (hex), the binary form of which is 00000110, where the second-least-significant bit is 1. Therefore, it is a locally administered address.