A little off-topic, but since you are interested in "safety" (I think you mean "security"), it's important to understand that security is a problem of multiple points of protection.
A few considerations -
The router - strong passwords, open ports, firewall config, wifi security
The network - split between the router (WAN to LAN protection) and devices (LAN to LAN protection).
The device - strong passwords, firewall config, OS patching, AV/AM protection.
The applications - application patching, permission levels, sandboxing.
The account - Standard User or Administrator. Principle of "least privilege".
The data - Frequent disk imaging, frequent backups of volatile data between images, testing backups, storing copies offline.
A checklist prefaced with "Do I use", "Do I have", "Do I do", on the appropriate line item, makes it easy to go down that list.
I wasn't aware that you didn't believe that the equipment at the far-end of the connection (i.e. your ISP) needs a MAC too. Others mentioned this as well. You still haven't considered the fact that all Ethernet devices need a MAC, including the device the ISP uses to connect you.
Connecting only the laptop to the modem would likely prove this. you should only see 2 MACs, the laptop and the ISP equipment.
As someone else already noted, you haven't shown anything that demonstrated someone accessed your network.
That DHCP broadcast packet is not something that an ISP would normally send toward a customer, since the customer's router is just going to ignore it. The ISP network seems to have an incorrect setup. It does not appear to be anything malicious.