Collection MAC addresses Device tracking on a Wi-Fi network is a task that administrators may need for security audits, access control, or troubleshooting. However, this process is surrounded by myths and legal nuances: many users mistakenly believe that obtaining such data automatically violates the law or requires hacking skills. In practice, there are legal Methods for collecting MAC addresses without hacking the network—and these are the ones we will discuss in this article.
It is important to understand the difference between passive scanning (by analyzing open traffic on your network) and active attacks (interception of data on other people's networks). The first is permitted by law under certain conditions, while the second is a criminal offense. We will focus on methods that can be used in own Wi-Fi networks or with the express consent of the owner, for example, to inventory devices in an office or home.
In this article you will find:
- 🔍 Basic principles of MAC addresses in Wi-Fi networks
- 📡 Legal tools for collecting addresses (including built-in router functions)
- ⚖️ Legal aspects and restrictions in 2026
- 🛠️ How-to instructions for Windows, Linux, and Android
- ⚠️ Risks and precautions when working with network data
What is a MAC address and how does it work in Wi-Fi?
MAC address (Media Access Control) is a unique 48-bit identifier assigned to each network interface at the hardware level. In the context of Wi-Fi, it is used for:
- 🆔 Identification of devices on a local network (as opposed to IP, which can change)
- 🔄 Routing packets between the router and clients
- 🔒 Access filtering (via
MAC filteringin the router settings) - 📊 Traffic statistics (some routers log by MAC address)
In Wi-Fi networks, MAC addresses are transmitted in plain text in the frame headers of the standard IEEE 802.11This means that any device within range of the network can "hear" these addresses if they are broadcast. However, Collecting MAC addresses from other people's networks without permission is classified as a violation of privacy and can be prosecuted under Article 272 of the Criminal Code of the Russian Federation ("Unauthorized access to computer information")..
Technically, a MAC address consists of two parts:
- OUI (Organizationally Unique Identifier) - the first 3 bytes indicating the manufacturer (for example,
00:1A:79belongs Apple) - NIC (Network Interface Controller) - the last 3 bytes, unique to each device
Example MAC address: 00:1A:79:12:34:56, Where 00:1A:79 — this is OUI Apple, A 12:34:56 — a unique part.
Is it possible to spoof a MAC address?
Yes, most modern devices allow you to change your MAC address programmatically (this is called "MAC spoofing"). For example, in Linux, this is done with the command:
sudo ifconfig wlan0 downsudo ifconfig wlan0 hw ether 00:11:22:33:44:55
sudo ifconfig wlan0 up
However, many routers are able to detect such substitutions by analyzing the device's behavior.
Legal ways to collect MAC addresses on your network
If you're a network administrator (home or business), you have several legal ways to obtain a list of MAC addresses of connected devices. Here are the main methods that don't require specialized software:
1. Via the router's web interface
Most modern routers (TP-Link, ASUS, Keenetic, MikroTik) displays a list of connected devices with their MAC addresses. Instructions:
- Open your browser and enter the router's IP address (usually
192.168.1.1or192.168.0.1). - Log in (default logins:
admin/adminor see the sticker on the router). - Go to the type section
DHCP Clients,Connected DevicesorLocal area network. - Export the list to CSV or copy the data manually.
☑️ Checking the list of devices in the router
Interface example Keenetic:
| Device | MAC address | IP address | Connection time |
|---|---|---|---|
| iPhone-12 | 00:1A:79:A1:B2:C3 | 192.168.1.100 | 12:34:56 |
| Samsung-TV | 00:0E:35:D4:F6:87 | 192.168.1.101 | 11:22:33 |
| Laptop-Lenovo | 78:2B:CB:45:67:89 | 192.168.1.102 | 10:15:44 |
2. Via the command line (Windows/Linux)
On computers running Windows or Linux You can get a list of devices on the local network using standard utilities:
In Windows:
arp -a
This command will display the ARP (Address Resolution Protocol) table, which will show IP and corresponding MAC addresses. For a more detailed analysis, use:
netsh wlan show networks mode=bssid
In Linux:
sudo nmap -sn 192.168.1.0/24
Or to monitor Wi-Fi traffic:
sudo airodump-ng wlan0
3. Specialized utilities
For a more in-depth analysis, you can use the following programs:
- 🖥️ Wireshark - real-time packet analysis (requires monitoring mode)
monitor mode) - 📱 Fing (Android/iOS) - Network scanning from a mobile device
- 🌐 Advanced IP Scanner — a simple scanner for Windows
- 🐧 Kismet — a powerful tool for Linux (supports MAC address logging)
⚠️ Attention: Using the mode monitor mode on public networks may be considered an attempt to intercept traffic. In some countries (for example, Germany), this is punishable by fines of up to €50,000.
Active Scanning: When is it Appropriate?
Active scanning involves sending special packets into the network to identify devices. This method is more accurate, but also more noticeable. It is useful in the following cases:
- 🏢 Corporate network security audit (with management permission)
- 🔧 Search for "dead" devices that occupy an IP address but don't respond to ping
- 📡 Optimizing access point placement (MAC signal strength analysis)
Example of active scanning using nmap:
sudo nmap -sn --script broadcast-dhcp-discover 192.168.1.0/24
This command sends DHCP requests and logs responses, allowing devices to be discovered even with ICMP (ping) disabled.
For Wi-Fi networks you can use airodump-ng from the package aircrack-ng:
sudo airmon-ng start wlan0
sudo airodump-ng wlan0mon
This tool will show all devices within range, including those that are not connected to your network but are sending probe requests.
⚠️ Attention: In Russia, amendments to the law "On Personal Data" (Federal Law 152) have been in effect since 2026. According to these amendments, collecting MAC addresses without prior notice to users is considered the processing of personal information. Legal use in an office requires including a clause regarding the collection of such data in the company's privacy policy.
Analyzing the collected data: what can be learned from a MAC address?
The MAC address itself does not contain personal information, but it can be used to determine:
| Data | How to get | Example |
|---|---|---|
| Device manufacturer | By the first 3 bytes (OUI) via IEEE base | 00:1A:79 → Apple |
| Device type | Behavior analysis (packet sending frequency, protocols) | Frequent ARP requests → it might be the printer |
| Approximate location | Signal strength analysis (RSSI) from multiple access points | RSSI = -50 dBm → device next to the router |
| Activity time | Router logs or traffic analysis | Active from 9:00 AM to 6:00 PM → work laptop |
To automatically determine the manufacturer by MAC, you can use online services:
- 🌍 MAC Vendors (free OUI database)
- 🔍 Arul John (advanced search)
- 📊 Wireshark (built-in OUI resolution function)
Output example Wireshark for MAC address 00:1A:79:A1:B2:C3:
Frame 1: 60 bytes on wire (480 bits)
Ethernet II, Src: Apple_A1:B2:C3 (00:1A:79:A1:B2:C3),Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Legal aspects of MAC address collection in 2026
Legislation regarding the processing of online identifiers is becoming stricter. In Russia, the key regulations are:
- 📜 Federal Law No. 152 "On Personal Data" (as amended in 2026) - a MAC address is linked to a device that may belong to an individual and is therefore considered personal information.
- 📜 Federal Law 262 "About communication" - regulates traffic interception.
- 📜 Criminal Code of the Russian Federation, Article 272 - unauthorized access to computer information.
Basic rules for legal collection:
- Collect MAC addresses only in his own network or with the written consent of the owner.
- Inform users about the collection of such data (for example, through a notification when connecting to Wi-Fi).
- Do not store data longer than necessary (for example, 30 days is sufficient for an audit).
- Do not link MAC addresses to other personal information (names, phone numbers) without consent.
In the European Union it is in effect GDPR, which classifies MAC addresses as personal data. Fines for violations can reach 4% of a company's global turnover.
⚠️ Attention: In 2026, Roskomnadzor issued clarifications stating that collecting MAC addresses on public Wi-Fi networks (cafes, hotels) without explicit consent is considered a violation. An exception is made when this is necessary to provide a service (for example, for portal authorization).
Practical examples of using collected MAC addresses
Knowing the MAC addresses of devices on the network allows you to solve many problems:
1. Access control by MAC filtering
Many routers support MAC filtering — a function that allows connections only to devices from a "white list." Setting it up with an example TP-Link:
- Go to
Wireless → Wireless MAC Filtering. - Select mode
Allow(allow only specified). - Add MAC addresses of trusted devices.
- Save the settings.
Limitation: Advanced users can spoof the MAC address, so this method does not provide 100% protection.
2. IP to MAC Binding (DHCP Reservation)
To ensure that the device always receives the same IP address, you can create a static binding in the DHCP settings. Example for Keenetic:
Interface: Home
MAC address: 00:1A:79:A1:B2:C3
IP address: 192.168.1.100
3. Monitoring device activity
By using PRTG Network Monitor or Zabbix You can track:
- 📊 Device connection/disconnection time
- 📈 The amount of traffic consumed by each MAC
- ⚡ Peak network loads
Example of a dashboard in PRTG:
Device: 00:1A:79:A1:B2:C3 (iPhone-12)
Traffic: 1.2 GB per day
Activity: 8:00–22:00
4. Search for unauthorized devices
If unknown devices appear in the MAC address list, this may indicate:
- 🚨 Network hacking (for example, through a WPS vulnerability)
- 📱 Connecting neighbors if the network is not password protected
- 🤖 Smart devices (lamps, sockets) that automatically connect to open networks
To check suspicious MAC addresses:
- Check OUI via MAC Vendors.
- Exclude known devices (routers, printers).
- Use Wireshark to analyze traffic from a suspicious MAC.
Risks and precautions
Incorrect collection or use of MAC addresses may result in:
- 🚨 Legal consequences (fines, lawsuits)
- 🔓 Security compromises (if the data falls into the hands of attackers)
- 🛠️ Technical problems (for example, blocking devices due to MAC filtering errors)
Basic precautions:
- 🔐 Store MAC address lists securely (encrypted files, restricted access).
- 🗑️ Delete data after the audit is complete.
- 📋 Keep a log of your activities (who, when, and why collected MAC addresses).
- 📢 Inform users about data collection (e.g., via an online notification).
Example of data retention policy:
Shelf life: 30 days
Access: Network administrators only
Purpose: security audit, search for unauthorized devices
⚠️ Attention: If you use cloud services to analyze MAC addresses (for example, Meraki Dashboard), ensure that your provider complies with Federal Law No. 152. In 2026, Roskomnadzor fined several companies for transferring MAC addresses abroad without user consent.
FAQ: Frequently Asked Questions about MAC Address Collection via Wi-Fi
❓ Is it possible to collect MAC addresses of devices on someone else's network?
Technically yes, but legally, this qualifies as unauthorized access to computer information (Article 272 of the Russian Criminal Code). The exception is if you are the administrator of the network (for example, in an office) and are acting within the scope of your job responsibilities.
❓ How can I find out what device is behind a MAC address?
The MAC address itself can only identify the manufacturer (the first 3 bytes). To find out the device type, you need to analyze its network activity (which ports it uses, protocols) or check the hostname via nmblookup (for Windows devices) or avahi-browse (for Linux/Mac).
❓ Is it possible to block the collection of my MAC address?
It's impossible to completely block MAC address collection, as the MAC address is transmitted openly in the Wi-Fi frame headers. However, it is possible:
- Use random MAC addressing (function
MAC Randomization(in iOS/Android). - Turn off Wi-Fi when not needed.
- Connect via VPN (will hide traffic, but not MAC).
❓ Is it legal to use MAC addresses to restrict children's internet access?
Yes, if you are a parent or legal guardian and are acting in the child's best interests. It is recommended:
- Use parental controls on your router (e.g. Keenetic or ASUS AiProtection).
- Set up an access schedule by MAC addresses.
- Inform your child about the rules for using the Internet.
Legally, this is considered the processing of personal data, but in a family context it does not require separate consent.
❓ How often do MAC addresses change on modern devices?
Most devices use a permanent MAC address, but modern OS (iOS 14+, Android 10+) support MAC Randomization:
- 📱 iPhone — random MAC when connecting to new networks (starting with iOS 14).
- 🤖 Android — the "Random hardware address" option in the Wi-Fi settings.
- 💻 Windows 11 - random MAC when connecting to public networks.
This makes it more difficult to track devices, but does not prevent the collection of MAC addresses during an active connection.