Can a MAC address be traced?

//
I know that all computers have a unique MAC address. But how traceable are they? If my laptop gets stolen, and I know my MAC address, can I get back to it if the person stole it gets connected to internet, even after formatting the machine and thinking that it’s safe to connect? Seems like this could stop laptop burglaries if that MAC address thing is traceable. 

You’re correct … it could put a big dent in laptop burglaries if MAC addresses were truly traceable. It would at least increase the odds of stolen equipment being recovered.

But they’re not traceable… at least not in any way that could help.

Let’s look at why.

Become a Patron of Ask Leo! and go ad-free!

MAC addresses are unique – sort of

A MAC1 address, or “Media Access Control” address, is a unique 48-bit number2 assigned to every network interface. If your computer has multiple network interfaces – say both a wired ethernet port and a wireless network adapter – each interface will have its own MAC address.

In theory, it’s unique. In theory, every network card or network interface should have its own unique MAC address that is different from every other network card on the planet.

There are two problems:

  • Occasionally, manufacturers don’t ensure they’re unique, so multiple network interfaces can in fact have the same MAC address.
  • In many network interfaces, the MAC address can be set in software – meaning whatever the original MAC address, it can be overridden and changed.

So the uniqueness on which we might want to rely is not completely reliable.

But that isn’t really the biggest problem.

MAC addresses travel only so far, usually

The MAC address is used by the network to identify which piece of hardware a packet of information is to be sent to. While the IP addresses involved indicate the original source3 and ultimate destination, a MAC address is used only on connections from one piece of networking equipment to the next.

The travels of a MAC address

That means when information leaves your computer, it has your computer’s network adapter’s MAC address. But when it arrives at your router, that MAC address is removed. When your router sends the information further upstream to your ISP’s router, it contains the MAC address of your router. When it moves from the ISP’s router to another router on the internet, it contains the MAC address of the ISP’s router.

And so on.

When it comes to data traveling over the network, your MAC address never makes it further than the first piece of networking equipment between you and the internet.

MAC addresses gone wild

MAC addresses, however, have been used for other things.

For example, since MAC addresses are theoretically unique, a MAC address could be used as a unique identifier for tracking the actions being taken by or on a specific computer.

MAC address in network connection

The MAC addresses of the network adapters on your computer are easily readable by software running on your machine, and could be used for just about anything… except tracking your stolen laptop via its network connection.

Sorry.

Podcast audio

Play

 

Footnotes & references

1: Completely unrelated to Apple. Except that like all computers your Mac’s network adapter has a MAC address. But it’s unrelated to it being a Mac from Apple.

2: Meaning it can have a value between 0 and 281,474,976,710,655.

3: The original source at that time. IP addresses are typically dynamic, and often change.

91 comments on “Can a MAC address be traced?”

  1. What you can do is install a tool like dyndns or no-ip on your system. What they do is resolve the wan ip address of the system the software is installed on into a hostname. You can then log into your account and see the IP address last used when the software was running. This can aid law enforcement with the combination of the ISP used by the thief, to track him down. You can even run a tracert on the hostname and get a general idea where they are located by the routers the ping packets hop through.

    All this is one of the many things software like Leo is talking about and law enforcement use to track down stolen computers. Chances are though, if it was a professional thief, they would have whipped the drives, software and all, making it virtually impossible.

    A hostname will definitely log an IP Address the machine used to connect from so you at least get something if the machine was connected before being wiped.

  2. everytime u have some thing special to tell
    but i still confuse why i need mac address when there ip address is still there to identify the unique host on the network at point of time
    plz plz plzz
    can anybody help me in finding the answer plzz
    sir help in this topic

    • The MAC address is used between two devices. It’s value is static. It’s effectively a local address.

      The IP address is used across the internet. It’s a global address. It’s value is usualy attibuted to your device for some time and may change periodicaly.

    • Check the “OSI layer” on Google. That’s the way it works in deep. When you talk to Google you talk to the to the server going thrue each layer ip , tcp, MAC, physical machine,…. We can say that each ip is Attached to a MAC address

  3. hiii….

    i want to know that whether the websites i visit through my laptop be traced by the company i work for, if they dont know my MAC id.

    Depends on how you’re connected to the internet. If it’s through the company’s internet connection, of course they can. If that’s a company laptop, I’m guessing they can too. Safest to assume that they can.

    Leo
    12-Jun-2010

    • Hello, yea it’s very simple actually , if your company host a network , the network administrator do have access to proxy,firewall and most network logs, they can find most of the web info a particular ip was accessing, if your company uses DHCP for ip allocation that might make it harder to pin you since the lifetime of an ip is dynamic, on the other point as a digital forensic analyst i can easilly pin you on whatever corner you can think of,if i acquire your laptop and you had accessed some “suspicious sites” then you are done, thats it for you, even if you try to wipe you history or format your harddisk.

      • unless you run a live usb linux distro that runs only on ram…..as long as the computer is clean before hand you arnt gona find much of anything on my laptop……stay wise mt friends

  4. Hi, interesting… ” Your MAC address never makes it further than the first piece of networking equipment between you and the internet”.

    I have to confess up to making an ill-advised comment on a forum post. I know that the blog is being watched by my bosses now. I want to remove the post the same way I put it on – by using my netbook on a public wifi network (free one). I think my paranoia may be just a bit overboard but I don’t want them to trace the comment (or removal) back to me – free wifi safe for this purpose? Thanks

  5. I received a mail, which is sent from a system of network from my office. I want to know from which system it was sent.

  6. I’m studying for a middleware exam atm, reading about home gateways.
    When talking about device discovery and management (DHCP) my lecture notes say “This data will be accessible to the RMS” (ISP’s Remote Management System)
    Does this not mean that the ISP’s sytem can see what devices are connected to my network and therefore trace a stolen laptop if it’s connected via one of their clients networks??

    Thanks

    • When you have a local network, it usualy mean that you have a router connected to the internet, and any other devices are connected to the router.
      An ISP can ONLY see the router itself. There is no way that it can know what, and how many, devices are connected to that router.

      • This is not always true. If the ISP manages the router as well (which is very common in a lot of markets where the ISP provides the modem which includes the router function), they can definitely see all the devices with their MAC-addresses. To prevent this add a router of your own to the network.

        Another way for ISP’s (or other internet access providers) to do get access to your device’s MAC address is by providing free WiFi spots or guest networks.

        If you are paranoid about your MAC address begin logged or tracked, having an additional firewall and providing your own WiFi device is wise.

  7. can i trace a stolen laptop by mac adress . just like a mobile phone can be traced from its service provider mobile number by using imei number

    Nope. That’s actually discussed in the article you just commented on.

    Leo
    16-Oct-2011
    • Do you know how to trace a lost mobile with imei number?
      my mobile phone is lost, it had very important documents of my work.
      Can you please help me?

      • Contact your mobile provider. If anyone can help, they can.

        And then learn a lesson: BACK UP IMPORTANT DATA. If it’s only on your phone it’s not backed up.

  8. I thought they could be traced. I opened 47 hushmail email accts for my students one morning at Starbucks. When we went to log into them, hushmail said they had blocked my computer (not closed the accts) in case of fraud or spam and to contact them. I did (but they never responded). I went home and tried again. That’s 3 different IP addresses that hushmail knew it was my computer. I thought they’d IDed my mac address. If not, what was it.

  9. could say a big corporate company with the right hardware/software access your mac address as so to identify you?

    Please read the article – the MAC address never leaves your network. Unless they have access to your network somehow I don’t see how they could. I suppose if they planted spyware on your machine anything’s possible.

    Leo
    18-Dec-2011
  10. One thing that I believe is an exception to the rule is when one connects to the internet using an ISP’s “Hotspot” or Wifi Network (like Xfinity, Optimum Wifi) on the road or some of those “free” connections like the ones in McDonald’s, Starbucks, etc. Some of these hotspots require you to have an account and log-in first, while others are free to roam on or give you a time-limited trial. I experimented with the “free” ones (no log-in credentials needed) and realized after going to the same spot several days that my MAC address was totally traceable because obviously the ISP controls their switches and routers (I cleaned all cookies, etc so I know it was MAC-related tracing). If you actually look at the first URL once you start browsing, you will see your MAC address as identifier at the end of the URL, as a way of remembering you the next time you are on their network. Also, the “fine print” disclaimers on these connections (which no one bothers to read) explain that your MAC address is being logged. If you think about it, in theory, if a laptop was stolen and you knew your mac address and someone tried to log on one of these hotspots, the ISP should be able to identify such connection, however I’m assuming that only law-enforcement would be able to obtain such records and as Leo kindly pointed out, equipment manufacturers can’t ensure that a MAC is unique…just food for thought…cheers

  11. Hello Leo,
    I have a problem with one comment you made in this article. The MAC address of a networking device has nothing to do with the Media Access Control sublayer of the Data Link Layer of the OSI model. The MAC address is an identifier that is put on every networking device that is made. The MAC sublayer on the other hand deals with how data is put on the physical media.

    MAC stands for Media Access Control – ref: Wikipedia.

    Leo
    22-Jan-2012
  12. As Leo pointed out, the MAC addresses of the interfaces on your device can be accessed by software. And to paraphrase leo regarding malware, once some MAC address reading software is on your device it can do almost anything with it. (Some proprietary software used MAC addresses for license control – which played havoc when people installed a new interface.) So, there may be an opportunity for some clever soul to develop a security app that will periodically read the MAC address of your interface(s), plus any current location identifying info (that might include network & ISP data), and register it all with a server somewhere. If you installed that app, it would provide a way to track, somewhat, a stolen device, as long as it was still running. And for the overly security minded – you do know what all those background apps on your computer are doing, don’t you?

  13. I have downloaded an evaluation copy of an application online.after 30days it wont function anymore.now i already got a genuine copy already but everytime i open it the taskbar always says that the evaluation copy ends already.my sister told me that the app traces the MAC ADDRESS of my laptop.how can i use my genuine copy? i have already tried to uninstall the program and use my new copy but the same thing happen again..

    • The way to turn an evaluation copy into a genuine copy is to register the software and pay for it.

  14. Sir if we can’t find stolen laptop by mac address .. then what type of information should be used to find a stolen laptop .. or there is no way to find a laptop…?

    • There are apps you can install on your computer like PreyProject https://preyproject.com/ which can help recover a lost computer or device. Obviously, they are not perfect and are probably not difficult to circumvent, but it might work in the case of your device being stolen by a non-sophisticated thief. Has anyone here had an experience with PreyProject?

  15. HI I’m heet.I’ve lost my tablet.but i know the MAC address (A0:F4:59:A9:49:E9)so can i get my tablet back using the MAC address??Please answer me via E-mail sir…

    • It cannot. Repeat IT CANNOT. That feature only applies to certain routers in certain network layouts. It does NOT work outside of some very specific situations.

  16. but why the hell manufacturer do not create a unique ID for any device connected to the internet and for all networks, like the IMEI for phones and help people to find their stolen devices… oh they are only good to let you buy their devices … but not to recover them.

  17. My bt home hub 5 lets me see what devices are connected to it. Once i log in to it, in the section ‘settings’, ‘bt access control’ there is a drop down list of devices (which can have their access limited at certain times). on my list there are all our household devices but also 17 (!) other devices which are described as ‘uknown : xxxxx’ where the numbers in xxxxx are the same as the mac address.

    can anyone explain what these ‘devices’ are and how come they have access to my home hub (and presumably therefore to my network login password and other devices o the system?). Also, any advice on how to delete themwould be great thanks asthere are more of them than the maximum number of ‘rules’ I can set for limiting access.

    I assumed they were left over from the times my isp has accessed my router to help sort variousproblems …but I guess they coukd be from anywhere (including hackers?)

    any information and advice very welcome …thanks

    • As long as your wireless network is protected by WPA/PSK and NOT WEP, the mac addresses that you are seeing shouldn’t be of any concern. It is theoretically possible that if you have a relatively large family with friends that there may be 17 unique devices listed that have had access at one time or another in the recent past to your home’s internal network. However it is highly unlikely that these have anything to do with any equipment that your ISP may have used at any time in the past. You can do a lookup of a mac address to find out the Hardware Vendor and then use that information to help you determine which devices each mac address might represent. If your wireless network is open, the devices could be anything around your home within a reasonably short distance. But, if you live in an apartment in New York City for example, that could be a LOT of folks!

  18. Hi Leo first of all I must say this is a tremendously interesting forum that you have here and I have a question. I pay $30 per month fee to a company to access market information. That information is accessed by login.Recently the owner of the company contacted me to say that I would have to pay $150 per month for no reason other than I worked in the industry and therefore he wanted to charge me a commercial rate. I cancelled that account and reapplied so I could get the same rate as everybody else, using a friends name and Credit Card. Unfortunately probably through IP tracking he established that the new account which I opened was in fact mine I assume that this was done through IP tracking so I have arranged with my carrier to get a new IP address. Because I have cable connection to my PC I can’t get a new IP address unless I get a new router so I have ordered the new router which should give me a new IP address . My question is … once I have the new IP address is there any way for this thief 2 determine if it is me logging into the system and can he in fact find out my MAC address to identify me. What can you recommend I do to stop him knowing my new account is not me ….im being held to ransom by this grubby businessman. Please help me.

      • if sim card is not inserted in mobile phone but internet acessing in that mobile through router, so then is it possible to track that phone .

        • If the SIM card is removed, you phone would be untraceable unless you have a security program like PreyProject installed.
          preyproject.com

        • A phone could be located through the cell phone company, but if the SIM card is removed, the phone couldn’t be traced via the MAC address. You’d need some kind of tracking software like preyproject.com installed to find it via WiFi.

  19. if someone cant put sim card in mobile phone but use internet through router then mobile is able to traced

    • Not unless the phone has tracking software or some kind of remote access software installed.

  20. Some one stolen my laptop please help me how to trace

    please help me

    Thanks & regards
    Sandeep Andhale

    • Read the article you are commenting on. It can’t be done. In the future on your next computer, you can install a program like Prey Project which can assist in tracing a lost or stolen computer.

      • Then how can police trace the device if any stolen device connect to the Internet? Suppose if a man get lost his smart phone or laptop.He complain regarding this issue to police with full purchase document than how corps can find that stolen device with location if theft connect with Internet?

        • Unfortunately, they can’t. They would be able to trace a smart phone via the cell network if they continue to use it with the same SIM card, but that’s a long shot. There are utilities like Prey Project to help locate lost or stolen devices, but again if the thief uninstalls that, it wouldn’t be traceable.

  21. If some one stoles your laptop and have a active google account on it, try searching thru web history & saved accounts & passwords in to that account & you may even find even his name or at least accounts that he uses to login on sites & you may ask the site admin to try to track the ip that the tief it’s ussing. Note that it may also be a normal person that bought the laptop fron the tief.

    • As the article you’re commenting on states, a MAC address cannot be traced. Please re-read it. Then contact the appropriate authorities regarding the theft.

  22. However, on some builds of Linux distributions, you can find a Geolocator Application within the Fern Wifi Cracker Application, which claims to be a Mac Geolocatory Tracker. Why would this utility even be created if it is impossible to track a MAC address from two separate networks?

    • Without knowing how it works, I can’t say. What I do know is how far MAC addresses travel in the protocol, and it’s not far enough to be useful.

  23. I am using an Android phone and using Internet directly from sim card ( no wifi)
    Is there any android application installed on my phone can have access to my device’s Mac address ?

    • Programs can access your MAC address, although as the article states, they can’t use it to trace you.

  24. someone is using my mac address on my apple mac air book
    how do I change my mac address is it possible? If I reset my computer to factory default will that change the mac address. It is someone I know who lives rather close to me who is manually connecting my computer via an apple airport tower and some how remotely connecting my computer, I find my bluetooth setting turned on sometimes, I have tried everything I have firevalult on encryption on. Im about to buy another computer.

    • It shouldm’t be possible for someone to use your MAC address without actually using your computer – it’s assigned TO THE COMPUTER. So I’d have to know why you think someone is using it.

  25. Can the MAC Address be traced by a purchase. Like do retailers keep records of who purchased the device with that specific Mac address? I know that the first 6 characters are linked to a manufacturer, but can the entire MAC Address be traced to the original buyer, maybe if they bought tge item by credit card or other payment method?

    • Retailers wouldn’t generally have access to a MAC address unless they opened the box and turned on the machine. It’s not impossible, but extremely unlikely. But even if they did have your MAC address, they couldn’t do anything with it. If you’re worried, don’t buy a computer whose box has been opened.

  26. If I am understanding the article correctly, the MAC doesn’t do much for tracking equipment because it is removed once its a couple of steps away from the router/modem. In my case the ex-wife took 2 iPads and a laptop (and cash). I took it as no chance to recover. After about a year an iPad appeared. Mom said it was from a Verizon promotion, free when you buy her model of mobile phone. Apple and Verizon both never heard of a promotion like that. Since I know the MAC address it should appear in the ISP log right? Its only one step in the chain of communication. Please say yes.

  27. if you have an idea were your laptop is just use airodump-ng aka you live in a small town drive around with it running watch for your mac. No one that steals a laptop is going to change the wireless card aka the mac addy. and a website can record the mac addy btw. so this art is rubbish. google can prolly tell you right were it is 🙂

    • It’s like looking for a needle in a haystack. My bicycle was stolen last week, and I think it would be a waste of time driving around looking for it even though it would be much easier than driving around stopping at every house looking for a MAC address.

  28. my laptop has been stolen and so that my important data has been lost.
    can you please help me to track my system via MAC address.
    I have it as I took it from DELL customer care.
    I will be very thankful to you if you will help me for the same.
    I will pay fees also for the same.
    MAC ID is: {removed}

    Thanks

    • Please read the article you are commenting on. It answers your question.
      To sum it up: It can’t be done.

    • We cannot help. A MAC ID will also not help find it. (Though it may help confirm that a laptop once found is the one you’re looking for.)

  29. Leo I have gone through your article and then somehow I came across a article in daily mail that a senior officer of Delhi Police cyber cell said adding that there are many crucial cases which can be cracked if MAC addresses is given and Only BSNL has infrastructure to give MAC details while rest of service providers are violating Telecom Ministry’s Internet Protocol Detail Record (IPDR) guidelines. http://www.dailymail.co.uk/indiahome/indianews/article-3418094/Laptop-thefts-rise-Delhi-police-struggle-track-stolen-machines.html

    • As Leo’s article states, the MAC address goes no further than the device your laptop or phone is connecting to. That would make it impossible to identify the device remotely the way you can with a phone. The phone has the IMEI which is necessary for connecting to the mobile network. The MAC is only used to connect to the router, and in turn, the router’s MAC is transmitted to the next step along the network. And the MAC isn’t really connected to the computer. It is connected to the wireless network card in the computer. In the case of a laptop, this is usually embedded in the motherboard, but can be circumvented by using a USM wireless card. It’s possible that in the future a unique identifier may be assigned to every computer, but this would raise a serious privacy issue and provoke a major outcry from privacy advocates.

  30. Ok, so if I understand you correctly, MAC for tracking is a non issue.
    What if the device broadcasts or searches for a firmware update?
    Is this not MAC specific and directed only back to the requestor device?

    • Nope. First, there’s no standard for this type of broadcast/search. Second, the device would be looking for updates based on its model number, not it’s mac address.

  31. Hey,

    I need some assistance.

    Mac address was stolen by hacker/cracker from wifi/wireless along with other information.

    I am in the process of installing and connecting through another connection for my office. The wireless feature has been removed from the modem and will be disabled from the get go. I’ve done this by desolidering/clipping the router antennae wires inside. The modem and computer will not be connected to the outside world, but only to the WWW through ethernet. So, no intrusion or attacks may be suffered. NO chance, basically.

    PC has been reformatted, OS reinstalled. I’ve even got a new antivirus/pc security since the old one is connected to a previous e-mail that was on the wireless network.

    I had the same question. I would like to know even if I take all the necessary precautions what can a hacker do with a stolen mac address.

    My refreshed PC will have the wireless USB dongle removed and I will be connected through a LAN cable to a new /ISPs router/modem with the antennas clipped from the get go, right from the start before the modem is even put on.

    Should I add another router with disabled antennas to increase the security regarding mac addresses?

    I had to save all e-mails offline, including other information and all accounts have been scheduled for deletion, and ultimately even my hotmail email accounts have to be deleted. I will be handling this from the wireless setup itself form a different machine/pc . Hotmail and Google services record IPs and update devices, so I will be accessing these only form the wireless/separate network and separate machine, until they are ultimately deleted.

    So, If I have done the needful what can a hacker do, through the internet, with a stolen PC mac address. Again, I will not be connected through the wifi antennas to the outside world or any other device to the PC or the ISPs modem, right form the start.

    Do I need to/could I/should add another wired router/with the detached antennas to the modem setup? This so that the routers mac address appears on the DHCP table for the ISPs modem.

    Do I need to worry regarding the stolen mac addresses?

    • As I mentioned above the accounts which were on and associated with the old network are/have been scheduled for deletion. I will have to make new email accounts for the antivirus/pc security.
      I have had to request delinking of information from my bank accounts as well, as well as putting the internet banking facility off.
      I have taken care of that end by understanding that these accounts record IPs and update the devices and will not be logging onto them through the ethernet PC. Infact they will all be deleted and I will access them through the wireless setup only through a different machine connected to the wireless.
      So for e.g. google records the IP and identifies the location.

      So the PC will be afresh with an internet connected in the manner I described above, with the antennas clipped form the start and everything refreshed. My query is regarding the stolen mac addresses only.
      From what I gather above is that if I add a router the router will record the PC mac address and the router’s mac address will appear on the ISPs modem, which will be communicated further to the ISPs server.

    • This seems like a lot of effort for what, ultimately, doesn’t seem like a problem. Mac addresses don’t get “stolen”, and even if they were they’re of very limited use. I’m having a very difficult time understanding just what it is you’re trying to protect yourself from. Honestly, a single router, properly secured, even with Wi-Fi enabled, is quite sufficient for most folk.s

    • If you’ll read the article, you’ll see that the MAC address is only visible to the router and possibly other computers behind that router. So even if someone knows that machine’s MAC address, they won’t be able to access that computer or even know where it is if they are outside that local network. Leo even published his MAC address in this article and no one can use that to hack his machine. So you don’t need to worry. The best action you can take in this case is to do nothing other than follow safe internet practices.

      • Please excuse my ignorance in the matter.

        @ Leo Thank you for your prompt reply.

        I do not know what information is leaked/lost in the event of a wireless network attack, including IPs, the mac addresses(hence my query) and passwords and private information, and what the person doing it is after.

        I/My PC was connected through a wireless extender NETGEAR WN3000rpv3, to a d-link router D-Link DIR-605L which was connected to the ISPs modem/router, a Beetel one.

        I reside in South Asia.

        All my e-mails were being uploaded. The browser kept saying uploading in the bottom task bar everytime I used certain sites, including my private hotmail. Private information was being stolen.

        Pressing the reset button on the router did not restore administrator control. After the ten second reset time, and the initial setup, remote administration is obviously off by default, but the panel could be accessed wirelessly from any pc through the wireless/antennas.
        Through this reset setup as well the router acted weirdly/abnormally. It would go offline for minutes, something like two minutes, even though connected to it through a LAN cable, during this procedure.
        10 seconds was the reset time, blinking LED and about 3 seconds before the setup screen to appear etc.

        Somebody had set up the wireless router for us.

        I had no idea that people would/could crack passwords with a click of a mouse button, for example. I then learned about other devious inventions.

        My machine/PC was connected to that home wireless network through an extender.

        Other family members PCs and devices are connected to the wireless setup/network.

        Somebody had set up the wireless router for us.

        @ Mark Jacobs Thank you for your prompt reply. That helps greatly.

        Thank you for your article, the diagrammatic representation above from computer A to Router to Server D helps clear up/elucidate the information in the article.

  32. I’m closing comments on this article because the questions being asked are answered in the article.

    I don’t know how to say this any more clearly: Read The Article. If you still have a question after carefully reading the article, you can use the “Ask A Question” page (its linked from the menu at the top of every page).

Comments are closed.