Difference between revisions of "MAC address spoofing"

From ArchWiki
Jump to: navigation, search
m (Bot: Removing from Category:HOWTOs (English))
(ifconfig to iproute2)
Line 32: Line 32:
  
 
First, you can check your current MAC address with the command:
 
First, you can check your current MAC address with the command:
  $ ifconfig eth0
+
  $ ip link show eth0
  
The section that interests us at the moment is the one that has "HWaddr" followed by a 6-byte number. It will probably look something like this:
+
The section that interests us at the moment is the one that has "link/ether" followed by a 6-byte number. It will probably look something like this:
  HWaddr 00:1D:98:5A:D1:3A
+
  link/ether 00:1d:98:5a:d1:3a
  
 
The first step to spoofing the MAC address is to bring the network interface down. You must be logged in as root to do this. It can be accomplished with the command:
 
The first step to spoofing the MAC address is to bring the network interface down. You must be logged in as root to do this. It can be accomplished with the command:
  $ ifconfig eth0 down
+
  $ ip link set dev eth0 down
  
 
Next, we actually spoof our MAC. Any hexadecimal value will do, but some networks may be configured to refuse to assign IP addresses to a client whose MAC does not match up with a vendor. Therefore, unless you control the network(s) you are connecting to, it is a good idea to test this out with a known good MAC rather than randomizing it right away.
 
Next, we actually spoof our MAC. Any hexadecimal value will do, but some networks may be configured to refuse to assign IP addresses to a client whose MAC does not match up with a vendor. Therefore, unless you control the network(s) you are connecting to, it is a good idea to test this out with a known good MAC rather than randomizing it right away.
  
 
To change the MAC, we need to run the command:
 
To change the MAC, we need to run the command:
  $ ifconfig eth0 hw ether XX:XX:XX:XX:XX:XX
+
  $ ip link set dev eth0 address XX:XX:XX:XX:XX:XX
  
 
Where any 6-byte value will suffice for 'XX:XX:XX:XX:XX:XX'.
 
Where any 6-byte value will suffice for 'XX:XX:XX:XX:XX:XX'.
  
 
The final step is to bring the network interface back up. This can be accomplished by running the command:
 
The final step is to bring the network interface back up. This can be accomplished by running the command:
  $ ifconfig eth0 up
+
  $ ip link set dev eth0 up
  
 
If you want to verify that your MAC has been spoofed, simply run 'ifconfig eth0' again and check the value for HWaddr. If it worked, HWaddr should be whatever address you decided to change it to.
 
If you want to verify that your MAC has been spoofed, simply run 'ifconfig eth0' again and check the value for HWaddr. If it worked, HWaddr should be whatever address you decided to change it to.

Revision as of 14:49, 24 July 2011

This template has only maintenance purposes. For linking to local translations please use interlanguage links, see Help:i18n#Interlanguage links.


Local languages: Català – Dansk – English – Español – Esperanto – Hrvatski – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Norsk Bokmål – Polski – Português – Slovenský – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – العربية – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어


External languages (all articles in these languages should be moved to the external wiki): Deutsch – Français – Română – Suomi – Svenska – Tiếng Việt – Türkçe – فارسی

There are two methods for spoofing a Media Access Control (MAC) address on Arch. Both of them are outlined below.

Warning: Changing network options usually requires special privileges. As such, you will need to be root to do this.

Method 1: macchanger

The first method uses macchanger (a.k.a., the GNU MAC Changer), written by Alvaro Lopez Ortega. It provides a variety of features such as changing the address to match a certain vendor or completely randomizing it. The first step is to download it from [extra]:

# pacman -S macchanger

After this, the MAC can be spoofed with a random address. The syntax is macchanger -r <device>. Standard names for devices are eth0 (for Ethernet) and wlan0 (for wireless), if only one device of each type is connected. For a secondary device, it would be eth1 or wlan1.

Here is an example command for spoofing the MAC address of a device named eth0.

# macchanger -r eth0

To randomize all of the address except for the vendor bytes (that is, so that if the MAC address was checked it would still register as being from the same vendor), you would run the command:

# macchanger -e eth0

Finally, to change the MAC address to a specific value, you would run:

# macchanger --mac=XX:XX:XX:XX:XX:XX

Where 'XX:XX:XX:XX:XX:XX' is the MAC you wish to change to.

Note: A device cannot be in use (connected in any way or with its interface up) while the MAC address is being changed.

Method 2: Manual

This method also assumes that your device name is eth0. For clarification, read the second paragraph of Method 1.

First, you can check your current MAC address with the command:

$ ip link show eth0

The section that interests us at the moment is the one that has "link/ether" followed by a 6-byte number. It will probably look something like this:

link/ether 00:1d:98:5a:d1:3a

The first step to spoofing the MAC address is to bring the network interface down. You must be logged in as root to do this. It can be accomplished with the command:

$ ip link set dev eth0 down

Next, we actually spoof our MAC. Any hexadecimal value will do, but some networks may be configured to refuse to assign IP addresses to a client whose MAC does not match up with a vendor. Therefore, unless you control the network(s) you are connecting to, it is a good idea to test this out with a known good MAC rather than randomizing it right away.

To change the MAC, we need to run the command:

$ ip link set dev eth0 address XX:XX:XX:XX:XX:XX

Where any 6-byte value will suffice for 'XX:XX:XX:XX:XX:XX'.

The final step is to bring the network interface back up. This can be accomplished by running the command:

$ ip link set dev eth0 up

If you want to verify that your MAC has been spoofed, simply run 'ifconfig eth0' again and check the value for HWaddr. If it worked, HWaddr should be whatever address you decided to change it to.

Spoofing MAC On Boot

You will notice with the above methods that upon reboot, your MAC will return to its initial default value. To set your MAC on boot, place the command used to spoof your MAC into the rc.multi script prior to the #Start Daemons loop. This will change your MAC prior to the network interface coming online.

Links and References