The problem
I am trying to figure out whether a mobile app user is located within a given wifi network. In order to do the match, I am comparing the MAC address reported by the user to the one sampled manually in advance.
I have found that the router MAC address of users within the same network slightly differ, and I'm wondering if there's a way to figure out the reason behind the differences.
Data
The following MAC addresses were reported by three different Android users connected to the same Starbucks wireless network:
02:18:1a:31:21:ce - User A
00:18:0a:31:21:ce - User B
02:18:1A:31:21:CE - User C
-+:--:+-:--:--:-- - Differences (+) (ignoring case)
The MAC addresses have 10 characters in common, and differ by two other characters. The wireless network requires sign-in with a username and password given by the cashier; all the customers in the shop used the same username/password combination.
The question
Is there any logic behind the differences in the MAC addresses? Can I assume that similar router MAC address insinuate users within the same wifi network?
Clarification
Clearly, MAC addresses can be spoofed to any arbitrary value. I wonder whether, in practice, similar MAC addresses are likely to belong to the same network - a.k.a the reason behind spoofing.
There is no pattern for a given network, they're hardware based. If you see similar addresses, you just got lucky. Here's the standard for MAC addresses: http://standards.ieee.org/develop/regauth/tut/macgrp.pdf
However, remember that just about every device is set up to be able to fake a MAC address or change them. So really don't trust them.