MAC Address Converter

Convert a MAC address between integer, hexadecimal, dot notation and more formats instantly.


Invalid MAC address format

EUI-48
Hexadecimal

Bit-reversed

Byte String

Dot Notation

Integer

Base-16 Integer

EUI-64
Hexadecimal

Bit-reversed

Byte String

Dot Notation

Integer

Base-16 Integer

Different MAC Address Formats and How to Convert Them

Key Takeaways

  • A MAC address is a unique 48-bit hardware address assigned to every network interface card (NIC) and operates at the data link layer of the OSI model.
  • MAC addresses are expressed in hexadecimal notation and can appear in several formats, including colon-separated, hyphen-separated, and no-separator styles.
  • The IEEE establishes the standards governing MAC address structure, dividing each address into an Organizationally Unique Identifier (OUI) and a device-specific identifier.
  • Different operating systems and networking tools — including Cisco devices, Wireshark, Microsoft Windows, and Linux — use different default MAC address formats.
  • Converting between MAC address formats is straightforward once you understand the underlying hexadecimal structure and the conventions each system follows.
  • MAC address lookup tools and vendor lookup tools can help identify the manufacturer of a device from its OUI prefix, aiding in network troubleshooting and security audits.

Introduction to MAC Addresses

Every device that connects to a network carries a unique identifier burned directly into its hardware — a Media Access Control address, or MAC address. This 48-bit address is assigned to the network interface card (NIC) and serves as its permanent hardware address at the data link layer of the OSI model. Whether you’re connecting a laptop to Wi-Fi, plugging a server into a switch, or troubleshooting an enterprise network, MAC addresses work silently in the background. They make sure data reaches exactly the right destination.

Unlike IP addresses — which are logical and shift depending on the network a device joins — MAC addresses are physically embedded into hardware by the manufacturer. The Address Resolution Protocol (ARP) uses them to map IP addresses to hardware addresses, letting devices on the same local segment communicate. From the smallest IoT sensor to a powerful enterprise server, every networked device depends on its MAC address to participate in Ethernet-based communication. Understanding how these addresses are structured, formatted, and converted is a foundational skill for anyone in networking, cybersecurity, or IT administration.

A MAC address is a unique 48-bit identifier assigned to a network interface card by its manufacturer. Written in hexadecimal, it operates at the data link layer and is used by protocols like ARP to direct network traffic. MAC addresses appear in multiple formats depending on the operating system or networking tool in use.

Understanding MAC Address Formats

At its core, a MAC address is a sequence of 48 binary bits, which translates into 12 hexadecimal characters. The IEEE (Institute of Electrical and Electronics Engineers) sets the standards that define MAC address structure. Each 48-bit address splits into two equal halves: the first 24 bits form the Organizationally Unique Identifier (OUI), identifying the manufacturer, while the remaining 24 bits are assigned by that manufacturer to uniquely identify the specific device. This structure means no two devices in the world should share the same MAC address — though address spoofing and manufacturing errors can occasionally create exceptions.

The IEEE 802 standard family governs Ethernet address formats, and most modern networking equipment follows it. When a Cisco router displays a MAC address, when Wireshark captures packets, or when Windows reports a network adapter’s hardware address, they’re all reading the same underlying 48-bit value — they just display it differently (which is the part that trips up even experienced network engineers). This is where MAC address formats become important. The same hardware address can look completely different depending on the tool or operating system showing it. Knowing that all these formats represent the same binary value is the first step toward working with MAC addresses confidently across different environments.

Common MAC Address Formats

The most widely recognized MAC address format is the colon-separated style, where pairs of hexadecimal digits are divided by colons — for example, 00:1A:2B:3C:4D:5E. This is the default on Linux-based systems and the format Wireshark uses when displaying captured Ethernet frames. Each byte is clearly delineated, which makes it highly readable. Most MAC address lookup tools and vendor lookup tools accept and display addresses this way, making it the de facto standard for cross-platform hardware address discussions.

The hyphen-separated format works identically but swaps colons for hyphens, giving you something like 00-1A-2B-3C-4D-5E. Microsoft Windows historically uses this style through command-line tools like ipconfig /all — a detail that catches people off guard the first time they compare output across operating systems. A third format drops separators entirely, presenting the address as a continuous 12-character string such as 001A2B3C4D5E. This compact style shows up often in database storage, programming applications, and certain hardware configurations. Cisco devices use yet another variation, grouping the 12 hexadecimal characters into three sets of four separated by periods — for example, 001A.2B3C.4D5E — known as dot-notation style. Recognizing each of these formats on sight is essential for network troubleshooting, security audits, or any conversion work across mixed-vendor environments.

Converting MAC Address Formats

Converting between MAC address formats is simpler than it looks. Every format represents the same underlying 48-bit binary value — the only real difference between 00:1A:2B:3C:4D:5E, 00-1A-2B-3C-4D-5E, and 001A.2B3C.4D5E is the separator character, or the absence of one. Most conversions just need you to strip separators, regroup digits, and drop in new delimiters. Network engineers do this dozens of times in a single troubleshooting session, often mentally, once hexadecimal feels comfortable.

Manual conversion follows a simple pattern. Start by removing all separators to get the raw 12-character hex string. From there, reinsert colons after every two characters for Linux format, hyphens for Windows format, or periods after every four characters for Cisco dot-notation. Hexadecimal to binary goes one step further — each hex digit maps directly to a 4-bit binary group, so A becomes 1010 and F becomes 1111. That binary representation matters when you’re working at the data link layer, examining individual bits for multicast flags or locally administered address flags buried in the MAC structure (a detail most conversion guides skip over entirely).

Network administrators consistently flag the same error-prone step: losing track of byte boundaries when working with the no-separator format. One misplaced grouping shifts every subsequent byte, producing a completely wrong address. Using a structured tool or script cuts this risk entirely and saves real time when troubleshooting under pressure.

Tools for MAC Address Conversion

Several reliable tools handle MAC address conversion quickly and accurately. Each fits a slightly different use case depending on your environment and workflow.

  • Wireshark: The industry-standard packet analyzer automatically displays MAC addresses in colon-separated format and resolves the OUI portion to a vendor name. It’s invaluable for live capture analysis and supports download from the official Wireshark site.
  • MAC Address Lookup Tools: Web-based tools such as those provided by the IEEE Registration Authority let you paste any format and instantly pull up vendor information tied to the OUI block.
  • Linux Command Line: The iproute2 package provides the ip link show command, which displays MAC addresses in colon-separated format. Simple sed or awk scripts can reformat that output into any target style on the fly.
  • Microsoft PowerShell: Windows administrators use Get-NetAdapter to retrieve hardware addresses. A short PowerShell one-liner can strip hyphens and reformat the address into whatever notation you need.
  • Python Scripts: A few lines of Python using string slicing and the re module can convert any input format to any output format reliably — which makes it a natural fit for automation pipelines and network inventory systems.
  • Online Converters: Dedicated web-based MAC address converter tools accept any format and output all common variations at once. Handy for quick one-off conversions when you don’t want to write code.
Pro Tip: When writing scripts that process MAC addresses Cisco configs alongside Linux logs — normalize every address to the no-separator lowercase format first. Store and compare in that canonical form, then reformat only for display output. I started doing this after chasing a maddening address-matching bug that turned out to be nothing but a hyphen-versus-colon mismatch. This single habit eliminates the vast majority of those issues in network automation tools.

Building a small personal library of format-conversion snippets pays off more than you’d expect. Store them in a shared team repository and every colleague gets access to tested, reliable conversion logic — nobody has to rewrite the same thing from scratch ever again.

Importance of MAC Addresses in Networking

MAC addresses form the core identity mechanism at the data link layer of the OSI model. Every time a device sends an Ethernet frame, it stamps that frame with its own source MAC address and the destination MAC address of the next-hop device. Network switches read these hardware addresses to build forwarding tables, directing traffic only to the correct physical port. Without this, every frame would flood every port on the network — which would make high-speed Ethernet completely unworkable at scale.

The Address Resolution Protocol, commonly known as ARP, depends entirely on MAC addresses to function. When a device knows the IPv4 address of a target but needs the matching hardware address, it broadcasts an ARP request across the local network segment. The target device responds with its MAC address, and the requesting device caches that mapping. This ARP table ties IP addresses to MAC addresses, letting the network interface card encapsulate outgoing packets correctly. IPv6 uses a similar mechanism called Neighbor Discovery Protocol — which replaces ARP but still leans on MAC addresses as the underlying hardware identifier.

MAC Addresses and Network Security

Network security leans heavily on MAC address identification. Many enterprise environments run MAC address filtering on wireless access points, allowing only pre-approved hardware addresses to connect. Cisco switches support a feature called port security, which locks a switch port to a specific MAC address and raises an alert or shuts the port down if an unauthorized device shows up (something I’ve seen save a network team a lot of headache during an audit). These controls add a real layer of defense against unauthorized physical access.

Security teams use MAC address lookup and vendor lookup tools during incident response to quickly identify unfamiliar devices on the network. Spotting an unknown OUI in network logs can flag rogue hardware before it does any damage. Correlating MAC addresses with switch port logs and DHCP lease records is one of the fastest ways to trace a suspicious device back to its physical location — a detail that gets overlooked far too often in incident response playbooks.

That said, you should understand the limitations of MAC-based security. MAC address spoofing — where software overrides the hardware address burned into the network interface card — is trivially easy on Linux, Windows, and macOS. Attackers can impersonate trusted devices by cloning their MAC addresses. MAC filtering should never be your only security control. Use it as one layer within a broader defense-in-depth strategy that includes stronger authentication like 802.1X port-based network access control.

MAC Addresses and Network Security: Key Protocols and Practices

Building on those limitations, security professionals fold MAC address awareness into broader protocol frameworks. The IEEE 802.1X standard uses MAC addresses as part of port-based network access control, requiring devices to authenticate through a RADIUS server before gaining network access. This pairs hardware address identification with credential verification, closing the gap that simple MAC filtering leaves wide open.

Wireshark, the widely used packet analysis tool, lets security analysts filter captured traffic by MAC address at the data link layer. This makes it straightforward to isolate all frames from a specific network interface card, trace communication patterns, and catch anomalies like ARP spoofing attacks. ARP spoofing works by sending forged ARP replies that tie an attacker’s MAC address to a legitimate IP address, quietly redirecting traffic through the attacker’s machine (the kind of attack that’s elegant in a deeply unsettling way). Recognizing this pattern in packet captures requires a solid grasp of the Ethernet address format and how ARP tables behave under normal conditions.

Pro Tip: Enable dynamic ARP inspection on managed Cisco switches to automatically drop ARP packets that don’t match trusted DHCP binding entries. This single configuration step blocks most ARP spoofing attacks without requiring manual MAC address management.

Network security engineers consistently point to logging MAC addresses alongside timestamps in DHCP server records as one of the most valuable habits you can build — that audit trail becomes critical during incident investigations. Many organizations also deploy network access control systems that cross-reference the MAC address structure against known vendor OUI databases, automatically quarantining devices whose manufacturer can’t be verified against the expected hardware inventory.

Common Issues with MAC Addresses

MAC address problems surface more often than most network administrators expect. Knowing the root causes saves real troubleshooting time and stops you from misdiagnosing deeper infrastructure issues.

Duplicate MAC Addresses on the Same Network

Duplicate MAC addresses cause serious connectivity disruptions. When two devices share the same hardware address on one network segment, switches build conflicting forwarding table entries. Traffic meant for one device intermittently reaches the other — producing erratic connectivity for both. This most commonly happens when virtual machines are cloned without regenerating their virtual NIC addresses, or when a manufacturer ships a batch of devices with the same burned-in address due to a production error.

Tracking down duplicates means identifying both offending devices first. Running arp -a on Windows or Linux reveals the local ARP table, where duplicate entries sharing one IP address give the problem away. You can also check switch MAC address tables using commands like show mac address-table on Cisco equipment to pinpoint which physical ports are reporting the same hardware address (a step that most junior admins skip entirely). Once you’ve found them, regenerating the MAC on the virtual machine or swapping out the faulty hardware resolves the conflict right away.

MAC Address Spoofing and Filtering Failures

MAC address spoofing undermines filtering-based access controls. On Linux, a single ip link set dev eth0 address XX:XX:XX:XX:XX:XX command changes the active hardware address instantly. Windows and macOS offer the same capability through driver settings or terminal commands. When a spoofed address matches a trusted device, MAC filtering passes the connection without question — which is exactly as alarming as it sounds.

Many owners find this frustrating after spending hours building MAC-based allow lists. The practical fix is layering 802.1X authentication on top of MAC filtering rather than leaning on either control alone. Even a perfectly spoofed MAC address then fails authentication without valid credentials, keeping unauthorized devices off the network.

Format Mismatches Causing Configuration Errors

Different systems expect MAC addresses in different formats, and mismatches cause silent configuration failures. A firewall rule written with colon-separated notation may reject an entry pasted from a Cisco switch that uses dot notation. Troubleshooting logs get harder to read when some tools display uppercase hex and others use lowercase — a detail that wastes more diagnostic time than you’d think. Normalize MAC addresses to one consistent format before entering them into configuration files or access control lists. A MAC address lookup tool like Wireshark’s OUI database accepts multiple formats and helps you verify entries before deployment.

Frequently Asked Questions

Can Two Devices Have the Same MAC Address?

Technically, two devices should never share a MAC address. The IEEE assigns unique OUI blocks to manufacturers specifically to prevent this. Duplicates do occur though — through virtual machine cloning, manufacturing defects, or deliberate spoofing. On a single network segment, duplicates cause immediate connectivity problems. Across separate networks, identical addresses cause no issues, because MAC addresses only operate at the local data link layer and are never routed between networks.

Does a MAC Address Change When You Connect to a Different Network?

The burned-in MAC address stored in a network interface card doesn’t change between networks. Modern operating systems — including Windows 10 and later, iOS, and Android — now randomize MAC addresses by default when scanning for Wi-Fi or connecting to new access points. This privacy feature prevents location tracking based on hardware address. The randomized address applies only to that specific network association and can be turned off in device settings if consistent identification is required.

What Is the Difference Between a MAC Address and an IP Address?

A MAC address is a permanent hardware identifier assigned to a network interface card at the data link layer. An IP address is a logical, software-assigned identifier that works at the network layer and can change whenever a device joins a different network. MAC addresses handle local delivery within a single network segment. IP addresses handle routing across multiple networks and the broader internet. The Address Resolution Protocol bridges the two, mapping IP addresses to MAC addresses so data can complete its final hop to the correct physical device.

How Do I Find the MAC Address of My Device?

On Windows, open Command Prompt and type ipconfig /all to see the physical address listed for each network adapter. On Linux, run ip link show or ifconfig to display hardware addresses for all interfaces. On macOS, go to System Settings, select Network, choose your active connection, and click Details to find the hardware address. Mobile devices show MAC addresses under Wi-Fi settings in the network detail view. The address always appears as six pairs of hexadecimal digits, regardless of which separator format the operating system uses.

Changing your own device’s MAC address is legal in most jurisdictions and is standard practice in network testing, privacy protection, and virtual machine management. Using a spoofed MAC address to bypass access controls, impersonate another device, or gain unauthorized network access is illegal under computer fraud laws in most countries. Before modifying any hardware address settings, confirm your intended use complies with applicable regulations and the terms of service of any network you’re connecting to.


🔄

Multiple Formats

Convert between hexadecimal, integer, dot notation, and more.

Instant Conversion

Get results immediately with a single click.

📋

Easy Copy

Copy any format to clipboard with one click.

🔢

EUI-48 & EUI-64

Support for both 48-bit and 64-bit MAC formats.