"Private" MAC Address

Private MAC addresses are often found in embedded systems that do not have an official address. Many cheap "credit card computers" such as the Raspberry Pi must generate their own address to operate without an official, manufacturer-assigned address.

For you interest: Private MAC addresses can be identified by having the second-least-significant bit of the most significant byte set. (And as unicast addresses, they must not have the least significant bit set.) That means any addres matching any pattern below is private.

x2:xx:xx:xx:xx:xx
x6:xx:xx:xx:xx:xx
xA:xx:xx:xx:xx:xx
xE:xx:xx:xx:xx:xx

To find what and where your ghost device actually is, I suggest looking for small computers and embedded electronics. A less likely possibility is an intruder in your network with a spoofed MAC address.

And lastly, what actually is your question? ;)

Private registrations are either MA-L, MA-M, or MA-S assignments from the IEEE to an entity that has paid an additional initial fee and/or an annual recurring fees to the IEEE to prevent their name and address from showing up in the public listing. More details of MA-L listings as an example can be found at the IEEE site.

There is no way to determine the manufacturer of this device from the OUI unless you have access to the private list. You will need to locate and/or identify this device by other means.

Just to be clear, this is in no way related to locally administered MAC addresses which is indicated by the second bit transmitted, specifically the second least significant bit for Ethernet.

I had the same issue, a "private" MAC suddenly showed up in my router table. I discovered that this appeared whenever my Kindle device was turned on and signed onto my network talking to Amazon. It's apparently something Amazon is doing related to the Kindle.since this appears to be normal behavior when using the Kindle, I am no longer concerned by its' appearance. My secret spy concern is gone.