Difference between revisions of "MAC address spoofing"
m (style/updated a bit)
m (→Systemd unit: /usr/sbin --> /usr/bin)
|Line 90:||Line 90:|
ExecStart=/usr//ip link set dev %i address 36:aa:88:c8:75:3a
ExecStart=/usr//ip link set dev %i up
Revision as of 05:11, 23 June 2013
zh-CN:MAC Address Spoofing This article gives several methods to spoof a Media Access Control (MAC) address.
ip linkto check your actual device name, and adjust the examples as necessary
There are two methods for spoofing a MAC address using either Official Repositories).(installed by default) or (available on the
Both of them are outlined below.
Method 1: iproute2
First, you can check your current MAC address with the command:
# ip link show enp1s0
The section that interests us at the moment is the one that has "link/ether" followed by a 6-byte number. It will probably look something like this:
The first step to spoofing the MAC address is to bring the network interface down. You must be logged in as root to do this. It can be accomplished with the command:
# ip link set dev enp1s0 down
Next, we actually spoof our MAC. Any hexadecimal value will do, but some networks may be configured to refuse to assign IP addresses to a client whose MAC does not match up with a vendor. Therefore, unless you control the network(s) you are connecting to, it is a good idea to test this out with a known good MAC rather than randomizing it right away.
To change the MAC, we need to run the command:
# ip link set dev enp1s0 address XX:XX:XX:XX:XX:XX
Where any 6-byte value will suffice for 'XX:XX:XX:XX:XX:XX'.
The final step is to bring the network interface back up. This can be accomplished by running the command:
# ip link set dev enp1s0 up
If you want to verify that your MAC has been spoofed, simply run
ip link show enp1s0 again and check the value for 'link/ether'. If it worked, 'link/ether' should be whatever address you decided to change it to.
Method 2: macchanger
Another method uses(a.k.a., the GNU MAC Changer). It provides a variety of features such as changing the address to match a certain vendor or completely randomizing it.
After this, the MAC can be spoofed with a random address. The syntax is
macchanger -r <device>.
Here is an example command for spoofing the MAC address of a device named enp1s0.
# macchanger -r enp1s0
To randomize all of the address except for the vendor bytes (that is, so that if the MAC address was checked it would still register as being from the same vendor), you would run the command:
# macchanger -e enp1s0
To change the MAC address to a specific value, you would run:
# macchanger --mac=XX:XX:XX:XX:XX:XX enp1s0
XX:XX:XX:XX:XX:XX is the MAC you wish to change to.
Finally, to return the MAC address to its original, permanent hardware value:
# macchanger -p enp1s0
Put the following line in your netcfg profile to have it spoof your MAC address when it's started:
PRE_UP='macchanger -e enp1s0'
You may have to replace
enp1s0 with your interface name.
[Unit] Description=MAC address change %I Before=dhcpcd@%i.service [Service] Type=oneshot ExecStart=/usr/bin/ip link set dev %i address 36:aa:88:c8:75:3a ExecStart=/usr/bin/ip link set dev %i up [Install] WantedBy=network.target
You may have to edit this file if you do not use dhcpcd.
Systemd unit using random address
A unit featuring random address, which requires macchanger:
[Unit] Description=Macchanger service for %I Documentation=man:macchanger(1) [Service] ExecStart=/usr/bin/macchanger -e %I Type=oneshot [Install] WantedBy=multi-user.target