Tracking and tracing with MAC addresses
Every network interface controller has a media access control address (or MAC address) — a unique identifier consisting of 6 pairs of 2 hexadecimal digits. Because you need a network interface controller to connect, MAC addresses let others track you from network to network. Don’t be alarmed — here’s everything you need to know about MAC address tracking.
Contents
Benefits of tracking MAC addresses
Let’s get one thing out of the way first — the word “tracking” may have a negative vibe to it, but being able to track MAC addresses has real benefits.
Network communications
A MAC address plays an important role in communications under the Open Systems Interconnection (OSI) model. As layer 2 (data link layer) addresses, MAC addresses are used by layer 2 devices (such as network switches) to correctly route data frames to their destination. As such, devices automatically broadcast their MAC address to the network to facilitate data delivery.
Without a concrete MAC address, a layer 2 device would be forced to send the frame to every node on the network. Some network setups might be able to deliver data with just your IP address, but that’s not always the case — IP addresses are layer 3 addresses, which means they are meant for layer 3 devices (like routers) and ignored by layer 2 infrastructure.
Network troubleshooting and diagnostics
Keeping track of MAC addresses helps network administrators quickly resolve network-related issues. When there is a problem with data transmission to or from a specific MAC address, the tech support staff know where to start their investigation.
Network security
MAC addresses identify all devices connected to a network — including devices that have no business being there. By tracking MAC addresses, network administrators can detect unauthorized devices, defeat cyberattacks in progress, and kick out intruders.
MAC address filtering
MAC address filtering is an access control measure that lets you specify which devices are permitted to use your network. It relies on the fact that MAC addresses are theoretically unique to each network interface card. To properly configure the MAC address filters, administrators need to track down the MAC addresses that connect to the network from day to day.
Identifying stolen devices
Some devices display their real MAC address on the chassis or sale documents. By registering identifiable information like a MAC address and serial number with the vendor or the authorities, owners have an easier time proving a recovered stolen device is theirs — even when it’s been scrubbed of all their personal files.
How to find your MAC address
Different operating systems have different ways of tracking a MAC address. We’ll cover the most popular methods of tracking a MAC address on Windows, macOS, and Linux. We also offer instructions on how to discover your MAC address on other operating systems — when in doubt, simply follow our guide.
Find out a MAC address on Windows
- Press the Windows key, enter “cmd,” and click the command prompt icon to open it.
- Type “ipconfig /all” (without the quotation marks) and press “Enter.”
- Look for the “Physical address” or “MAC Address” entry under the network adapter you wish to track.
Find out a MAC Wi-Fi address on macOS
- Click on the Wi-Fi icon on the top of your screen and select “Wi-Fi settings” in the drop-down menu.
- Click “Advanced.”
- Your MAC address will be listed as the “Wi-Fi MAC address.”
Find out a MAC address on Linux
- Open the terminal application.
- Type “ifconfig” or “ip link show,” then press “Enter.”
- Look for the “ether” or “link/ether” entry under the network adapter you wish to track.
What can MAC address lookup tell you?
By itself, a MAC address can tell snoops several important details about your device. Using free MAC address lookup tools, someone can track down your device’s vendor and potentially identify what type of device it is and the time period it was produced in. These details are encoded in the first six digits of the MAC address — its Organizational Unique Identifier.
Why would anyone be interested in this information? Simple — these details help hackers identify vulnerable devices on the network based on known exploits. If your device model or its manufacturer are prone to certain vulnerabilities, you can bet that the attacker will try those first to see if you’re easy prey.
And that’s the least of your worries. If someone is able to link you to a particular MAC address, they now have a way of tracking you from network to network.
Can you be traced via Wi-Fi using a MAC address?
The short answer is yes — you can absolutely be tracked through your MAC address. In fact, one company attempted just that with smart trash cans in London. The cans would track the MAC address of Wi-Fi enabled devices and display targeted ads based on the owners’ travel and shopping habits.
Like Bictoin wallets, a MAC address is pseudonymous — it doesn’t display any personally identifiable information about you, but if an administrator of a large network (such the one at your office) knows it’s yours, they can track you through that network easily. Unless you hide your real MAC address using MAC randomization or MAC spoofing, it reveals your movements based on the Wi-Fi hotspots you pass by.
How to locate a device using a MAC address on your network
We’ve discussed how a MAC address can help system administrators resolve problems and improve a network’s security. By identifying the MAC addresses of your devices, you can track down unwelcome guests and boot them from an otherwise secure Wi-Fi network. But what about the reverse? What if you have a device’s IP address but don’t know who it belongs to?
Using the Address Resolution Protocol (ARP), devices can map a MAC address to a valid IP address. When one device wants to connect to another, it broadcasts an ARP request for everyone on the network to provide a destination MAC address associated with a specific IP address. The discovered MAC/IP address pair is then stored in an ARP table.
ARP tables let system administrators track MAC address/IP address pairs to hunt down unidentified devices on the network. Here’s how you can locate a local device’s MAC address on the Windows and macOS operating systems.
Locate a device’s MAC address on Windows
- Press the Windows key, enter “cmd,” and click the command prompt icon to open it.
- Type “arp” (without the quotation marks) and press “Enter.”
- Type “arp -a” and press “Enter” to view the ARP table.
- You will see a list of network IP addresses with the corresponding MAC addresses. You may have multiple MAC addresses for the same device because each address is tied to its own network interface card. With a MAC address in hand, you can identify which IP address the device is using and track it down.
Locate a device’s MAC address on macOS
- Go to the “Applications” folder and navigate to the “Utilities” subfolder.
- Click on the terminal app to launch it.
- Enter “arp -a” and press “Enter” to view the ARP table on your computer.
- You will see a list of network IP addresses with the corresponding MAC addresses. You may have multiple MAC addresses for the same device because each address is tied to its own network interface card. With a MAC address in hand, you can identify which IP address the device is using and track it down.
How to hide your MAC address
As long as you have Wi-Fi enabled on your device, it will keep broadcasting your MAC address to any router along the way — even if you use a VPN. The easiest way to keep this data to yourself is to simply turn off Wi-Fi, but not everyone can afford to miss out on free public hotspots and rely solely on their mobile data.
Fortunately, you can hide your device’s real MAC address without affecting its connectivity in various ways.
MAC randomization
MAC randomization cycles through random fake MAC addresses whenever your device isn’t connected to a network. This prevents your real MAC address from being broadcast to the devices you pass without stopping you from making connections. Some manufacturers (like Apple) have already implemented automatic MAC randomization for user security.
MAC spoofing
MAC spoofing assigns a fake MAC address to a network interface card. It’s a method often employed by hackers, so the network administrator may mistake you for an attacker if you’re found out. Changing your MAC address while connected to a router may also boot you from the network because your device’s MAC address is no longer on the router’s allowlist.
Want to read more like this?
Get the latest news and tips from NordVPN.