TOOLS / MAC VENDOR
MAC Address Vendor Lookup
Identify the manufacturer behind any MAC address using IEEE OUI registrations. Also detects randomized (locally-administered) MACs commonly used by privacy features on modern phones and OSes.
What it does
The first 24 bits (3 bytes / 6 hex chars) of a MAC address are the Organizationally Unique Identifier (OUI) — registered with IEEE by the network-interface manufacturer. Looking up an OUI tells you the device’s vendor: Apple, Cisco, Dell, Intel, etc. Modern privacy features in iOS, Android 10+, and Windows 10+ generate locally-administered random MACs to defeat WiFi tracking — those don’t map to a vendor but we detect and flag them.
How to use it
- Paste a MAC address in any common format (colons, hyphens, dots, or none).
- Result: vendor name (if found), OUI, and flags for locally-administered (random) and multicast bits.
- For ARP-table / DHCP-log triage, paste each unknown MAC to identify the device class.
Common use cases
Network inventory
When auditing a flat L2 network, MAC-vendor lookup classifies each device: Apple = laptop or phone, Cisco / Aruba = AP / switch, Intel / Realtek = unknown laptop.
Rogue-device detection
Compare DHCP leases against an inventory. Unfamiliar OUI = unauthorized device.
Forensics
Pcap or DHCP-log MAC addresses identify device classes when other identifying info is missing.
WiFi survey
Most modern devices randomize MACs across SSIDs — flagged here as "randomized / local".
Frequently asked questions
What is an OUI? +
Organizationally Unique Identifier — the first 24 bits of a MAC address. IEEE assigns OUIs to manufacturers in 3-byte blocks (16M addresses per OUI).
Why does my phone show "randomized / local"? +
iOS 14+, Android 10+, and Windows 10+ default to per-SSID random MAC for privacy. The "locally administered" bit is set; no vendor mapping exists.
Can I look up by full MAC or just OUI? +
Both. We only need the first 6 hex chars (the OUI). The rest are the NIC-specific identifier and aren’t in any public registry.
Is the vendor info reliable for forensics? +
Yes for registered OUIs — IEEE maintains the official registry. But the OUI can be spoofed at the OS level, so treat it as soft evidence.
Related tools
CIDR / Subnet Calculator
Network / broadcast / mask / wildcard / hosts. Pure JS — no network requests.
DNS Records Lookup
All 8 record types in one card. Powered by Cloudflare DNS-over-HTTPS.
IP Reputation Lookup
AbuseIPDB abuse score + ipinfo geo + Tor exit-node detection. IPv4 and IPv6.
Related coverage on Ciphers Security
- Vercel's v0.dev AI Tool Weaponized for Phishing Campaigns Targeting Microsoft, Nike Users
- Port Scanning Techniques: Nmap, Zenmap, and Scanning Through Firewalls
- Attackers Abuse Bun JavaScript Runtime to Spread NWHStealer Infostealer
- DAEMON Tools Supply Chain Attack Deploys QUIC RAT Backdoor
- NetworkMiner : TryHackMe Walkthrough
Free for everyone, no signup required. Tool runs at /tools/mac-vendor/ — bookmark or share.