MAC Lookup
free/v1/network/macIdentifies the hardware manufacturer from a MAC address using all four IEEE registries (MA-L 24-bit, MA-M 28-bit, MA-S 36-bit, and the CID Company-ID registry) with longest-prefix matching. Detects virtual machines, randomized/private MACs (iOS 14+, Android 10+, Windows), broadcast, and multicast addresses, and distinguishes legitimately-LAA CID assignments from true randomization. Returns vendor name, address, country, the registry source, and block size per IEEE 802 and RFC 7042.
What It Does
Parses the OUI of a MAC address and resolves it against all four IEEE registries via longest-prefix match — MA-L (24-bit), MA-M (28-bit), MA-S (36-bit), or CID — to identify the manufacturer. Analyzes the U/L and I/G bits to classify the address type. Detects virtual-machine MACs (VMware, VirtualBox, Hyper-V, QEMU/KVM, Xen, Parallels), identifies randomized MACs from mobile devices (iOS 14+, Android 10+), and uses an `is_cid` flag to suppress false-positive randomization classification on legitimate CID-registered hardware. Classifies addresses as UAA (Universally Administered) or LAA (Locally Administered). Accepts colon, hyphen, no-separator, and Cisco dot formats.
Why It's Useful
MAC vendor identification is the first step in network device profiling for asset management, NAC (Network Access Control), and security monitoring. The VM and randomized MAC detection is critical for modern networks where mobile devices use per-network random MACs and cloud workloads run on virtual NICs — both of which break traditional MAC-based identification.
Use Cases
Network Asset Discovery
Identify unknown devices on the network by looking up MAC addresses from switch port tables, ARP tables, or DHCP logs. Detect virtual machines and IoT devices automatically.
Maintain accurate network inventory and detect shadow IT without physical device inspection.
Randomized MAC Detection (BYOD)
Detect devices using randomized MAC addresses (iOS 14+, Android 10+, Windows) that bypass MAC-based access controls and tracking. Identify when NAC policies are being circumvented.
Adapt security policies for modern BYOD environments where MAC randomization is the default.
Virtual Machine & Container Detection
Identify virtual machine and container workloads on the network by detecting VM-specific OUI prefixes (VMware, Hyper-V, QEMU/KVM, VirtualBox).
Distinguish physical and virtual assets for compliance auditing and attack surface assessment.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
mac | string | Required | MAC address in any standard format: colon-separated (00:1A:2B:3C:4D:5E), hyphen-separated (00-1A-2B-3C-4D-5E), no separator (001A2B3C4D5E), or Cisco dot format (001A.2B3C.4D5E)Example: 00:50:56:C0:00:08 |
Response Fields
| Field | Type | Description |
|---|---|---|
mac | string | The original MAC address as provided |
mac_normalized | string | Normalized to XX:XX:XX:XX:XX:XX format |
oui | string | The OUI portion (first 3 octets) used for vendor lookup |
vendor.name | string | Manufacturer/vendor name from IEEE OUI database |
vendor.address | string | Registered organization address from the IEEE registry |
vendor.country | string | Vendor country of registration (ISO 3166-1 alpha-2) |
vendor.registry | string | IEEE registry source: MA-L, MA-M, MA-S, CID, or reserved |
vendor.block_size | number | Prefix bit-length: 24 (MA-L/CID), 28 (MA-M), or 36 (MA-S) |
vendor.is_cid | boolean | True when the assignment is from the Company ID registry (legitimately LAA — never randomized) |
is_private | boolean | Whether MAC is locally administered (LAA) — U/L bit set |
is_multicast | boolean | Whether MAC is a multicast address — I/G bit set |
is_broadcast | boolean | Whether MAC is the broadcast address (FF:FF:FF:FF:FF:FF) |
is_virtual | boolean | Whether MAC belongs to a known virtualization platform (VMware, VirtualBox, Hyper-V, QEMU, Xen, Parallels) |
is_randomized | boolean | Whether MAC appears to be randomized (LAA with no known vendor — common with iOS 14+, Android 10+) |
type | string | Address type: unicast, multicast, or broadcast |
administration | string | Address administration: UAA (universally administered) or LAA (locally administered) |
Code Examples
curl "https://api.edgedns.dev/v1/network/mac" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "mac=00:50:56:C0:00:08"const response = await fetch(
'https://api.edgedns.dev/v1/network/mac?mac=00%3A50%3A56%3AC0%3A00%3A08',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/network/mac',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'mac': '00:50:56:C0:00:08'
}
)
data = response.json()
print(data)Read the full MAC Lookup guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.