Difference between revisions of "MAC address spoofing"

From ArchWiki
Jump to: navigation, search
m
m (Automatically: moved out-of-date note to related section)
(42 intermediate revisions by 14 users not shown)
Line 1: Line 1:
{{i18n|MAC Address Spoofing}}
+
[[Category:Networking]]
[[Category:HOWTOs (English)]]
+
[[Category:Security]]
[[Category:Networking (English)]]
+
[[cs:MAC Address Spoofing]]
[[Category:Security (English)]]
+
[[de:MAC-Adresse abfragen und setzen]]
 +
[[es:MAC Address Spoofing]]
 +
[[ru:MAC Address Spoofing]]
 +
[[zh-CN:MAC Address Spoofing]]
 +
This article gives several methods to spoof a Media Access Control (MAC) address.
 +
{{Note|In the examples below is assumed the ethernet device is {{ic|enp1s0}}. Use {{ic|ip link}} to check your actual device name, and adjust the examples as necessary}}
  
There are two methods for spoofing a Media Access Control (MAC) address on Arch. Both of them are outlined below.
+
== Manually ==
  
{{Warning|Changing network options usually requires special privileges. As such, you will need to be root to do this.}}
+
There are two methods for spoofing a MAC address using either {{Pkg|iproute2}} (installed by default) or {{Pkg|macchanger}} (available on the [[official repositories]]).
__TOC__
+
  
== Method 1: macchanger ==
+
Both of them are outlined below.
The first method uses [http://www.alobbs.com/macchanger macchanger] (a.k.a., the GNU MAC Changer), written by Alvaro Lopez Ortega. It provides a variety of features such as changing the address to match a certain vendor or completely randomizing it. The first step is to download it from [extra]:
+
# pacman -S macchanger
+
  
After this, the MAC can be spoofed with a random address. The syntax is ''macchanger -r <device>''. Standard names for devices are eth0 (for Ethernet) and wlan0 (for wireless), if only one device of each type is connected. For a secondary device, it would be eth1 or wlan1.
+
=== Method 1: iproute2 ===
  
Here is an example command for spoofing the MAC address of a device named eth0.
+
First, you can check your current MAC address with the command:
  # macchanger -r eth0
+
 
 +
# ip link show enp1s0
 +
 
 +
The section that interests us at the moment is the one that has "link/ether" followed by a 6-byte number. It will probably look something like this:
 +
 
 +
link/ether 00:1d:98:5a:d1:3a
 +
 
 +
The first step to spoofing the MAC address is to bring the network interface down. You must be logged in as root to do this. It can be accomplished with the command:
 +
 
 +
# ip link set dev enp1s0 down
 +
 
 +
Next, we actually spoof our MAC. Any hexadecimal value will do, but some networks may be configured to refuse to assign IP addresses to a client whose MAC does not match up with a vendor. Therefore, unless you control the network(s) you are connecting to, it is a good idea to test this out with a known good MAC rather than randomizing it right away.
 +
 
 +
To change the MAC, we need to run the command:
 +
 
 +
# ip link set dev enp1s0 address XX:XX:XX:XX:XX:XX
 +
 
 +
Where any 6-byte value will suffice for 'XX:XX:XX:XX:XX:XX'.
 +
 
 +
The final step is to bring the network interface back up. This can be accomplished by running the command:
 +
 
 +
# ip link set dev enp1s0 up
 +
 
 +
If you want to verify that your MAC has been spoofed, simply run {{ic|ip link show enp1s0}} again and check the value for 'link/ether'. If it worked, 'link/ether' should be whatever address you decided to change it to.
 +
 
 +
=== Method 2: macchanger ===
 +
 
 +
Another method uses {{Pkg|macchanger}} (a.k.a., the GNU MAC Changer). It provides a variety of features such as changing the address to match a certain vendor or completely randomizing it.
 +
 
 +
[[Pacman|Install]] the package {{Pkg|macchanger}} from the [[official repositories]].
 +
 
 +
After this, the MAC can be spoofed with a random address. The syntax is {{ic|macchanger -r ''<device>''}}.
 +
 
 +
Here is an example command for spoofing the MAC address of a device named enp1s0.
 +
 
 +
  # macchanger -r enp1s0
  
 
To randomize all of the address except for the vendor bytes (that is, so that if the MAC address was checked it would still register as being from the same vendor), you would run the command:
 
To randomize all of the address except for the vendor bytes (that is, so that if the MAC address was checked it would still register as being from the same vendor), you would run the command:
# macchanger -e eth0
 
  
Finally, to change the MAC address to a specific value, you would run:
+
  # macchanger -e enp1s0
  # macchanger --mac=XX:XX:XX:XX:XX:XX
+
  
Where 'XX:XX:XX:XX:XX:XX' is the MAC you wish to change to.
+
To change the MAC address to a specific value, you would run:
 +
 
 +
# macchanger --mac=XX:XX:XX:XX:XX:XX enp1s0
 +
 
 +
Where {{ic|XX:XX:XX:XX:XX:XX}} is the MAC you wish to change to.
 +
 
 +
Finally, to return the MAC address to its original, permanent hardware value:
 +
 
 +
# macchanger -p enp1s0
  
 
{{Note|A device cannot be in use (connected in any way or with its interface up) while the MAC address is being changed.}}
 
{{Note|A device cannot be in use (connected in any way or with its interface up) while the MAC address is being changed.}}
  
== Method 2: Manual ==
+
== Automatically ==
  
This method also assumes that your device name is eth0. For clarification, read the second paragraph of Method 1.
+
=== Netcfg ===
  
First, you can check your current MAC address with the command:
+
{{Out of date|netcfg is deprecated, use [[netctl]] instead}}
$ ifconfig eth0
+
  
The section that interests us at the moment is the one that has "HWaddr" followed by a 6-byte number. It will probably look something like this:
+
This example uses [[#Method 2: macchanger]], so make sure that {{Pkg|macchanger}} is [[Pacman|installed]].
HWaddr 00:1D:98:5A:D1:3A
+
  
The first step to spoofing the MAC address is to bring the network interface down. You must be logged in as root to do this. It can be accomplished with the command:
+
Put the following line in your [[netcfg]] profile to have it spoof your MAC address when it's started:
$ ifconfig eth0 down
+
  
Next, we actually spoof our MAC. Any hexadecimal value will do, but some networks may be configured to refuse to assign IP addresses to a client whose MAC does not match up with a vendor. Therefore, unless you control the network(s) you are connecting to, it is a good idea to test this out with a known good MAC rather than randomizing it right away.
+
PRE_UP='macchanger -e enp1s0'
  
To change the MAC, we need to run the command:
+
You may have to replace {{ic|enp1s0}} with your interface name.
$ ifconfig eth0 hw ether XX:XX:XX:XX:XX:XX
+
  
Where any 6-byte value will suffice for 'XX:XX:XX:XX:XX:XX'.
+
=== Systemd unit ===
  
The final step is to bring the network interface back up. This can be accomplished by running the command:
+
This example uses [[#Method 1: iproute2]].
$ ifconfig eth0 up
+
 
 +
{{hc|/etc/systemd/system/macspoof@.service|<nowiki>
 +
[Unit]
 +
Description=MAC address change %I
 +
Before=dhcpcd@%i.service
 +
 
 +
[Service]
 +
Type=oneshot
 +
ExecStart=/usr/bin/ip link set dev %i address 36:aa:88:c8:75:3a
 +
ExecStart=/usr/bin/ip link set dev %i up
 +
 
 +
[Install]
 +
WantedBy=network.target
 +
</nowiki>}}
 +
 
 +
You may have to edit this file if you do not use [[dhcpcd]].
 +
 
 +
=== Systemd unit using random address ===
 +
 
 +
This example uses [[#Method 2: macchanger]], so make sure that {{Pkg|macchanger}} is [[Pacman|installed]].
 +
 
 +
{{hc|/etc/systemd/system/macchanger@.service|<nowiki>
 +
[Unit]
 +
Description=Macchanger service for %I
 +
Documentation=man:macchanger(1)
  
If you want to verify that your MAC has been spoofed, simply run 'ifconfig eth0' again and check the value for HWaddr. If it worked, HWaddr should be whatever address you decided to change it to.
+
[Service]
 +
ExecStart=/usr/bin/macchanger -e %I
 +
Type=oneshot
  
== Spoofing MAC On Boot ==
+
[Install]
 +
WantedBy=multi-user.target
 +
</nowiki>}}
  
You will notice with the above methods that upon reboot, your MAC will return to its initial default value. To set your MAC on boot, place the command used to spoof your MAC into the rc.multi script prior to the #Start Daemons loop. This will change your MAC prior to the network interface coming online.
+
== See also ==
  
== Links and References ==
+
* [http://www.alobbs.com/macchanger Macchanger project page
* [http://www.alobbs.com/macchanger macchanger] project page.
+
* [http://www.debianadmin.com/change-your-network-card-mac-media-access-control-address.html Article on DebianAdmin] with more macchanger options
* [http://www.debianadmin.com/change-your-network-card-mac-media-access-control-address.html Article on DebianAdmin] with more macchanger options.
+

Revision as of 12:26, 5 August 2013

This article gives several methods to spoof a Media Access Control (MAC) address.

Note: In the examples below is assumed the ethernet device is enp1s0. Use ip link to check your actual device name, and adjust the examples as necessary

Manually

There are two methods for spoofing a MAC address using either iproute2 (installed by default) or macchanger (available on the official repositories).

Both of them are outlined below.

Method 1: iproute2

First, you can check your current MAC address with the command:

# ip link show enp1s0

The section that interests us at the moment is the one that has "link/ether" followed by a 6-byte number. It will probably look something like this:

link/ether 00:1d:98:5a:d1:3a

The first step to spoofing the MAC address is to bring the network interface down. You must be logged in as root to do this. It can be accomplished with the command:

# ip link set dev enp1s0 down

Next, we actually spoof our MAC. Any hexadecimal value will do, but some networks may be configured to refuse to assign IP addresses to a client whose MAC does not match up with a vendor. Therefore, unless you control the network(s) you are connecting to, it is a good idea to test this out with a known good MAC rather than randomizing it right away.

To change the MAC, we need to run the command:

# ip link set dev enp1s0 address XX:XX:XX:XX:XX:XX

Where any 6-byte value will suffice for 'XX:XX:XX:XX:XX:XX'.

The final step is to bring the network interface back up. This can be accomplished by running the command:

# ip link set dev enp1s0 up

If you want to verify that your MAC has been spoofed, simply run ip link show enp1s0 again and check the value for 'link/ether'. If it worked, 'link/ether' should be whatever address you decided to change it to.

Method 2: macchanger

Another method uses macchanger (a.k.a., the GNU MAC Changer). It provides a variety of features such as changing the address to match a certain vendor or completely randomizing it.

Install the package macchanger from the official repositories.

After this, the MAC can be spoofed with a random address. The syntax is macchanger -r <device>.

Here is an example command for spoofing the MAC address of a device named enp1s0.

# macchanger -r enp1s0

To randomize all of the address except for the vendor bytes (that is, so that if the MAC address was checked it would still register as being from the same vendor), you would run the command:

# macchanger -e enp1s0

To change the MAC address to a specific value, you would run:

# macchanger --mac=XX:XX:XX:XX:XX:XX enp1s0

Where XX:XX:XX:XX:XX:XX is the MAC you wish to change to.

Finally, to return the MAC address to its original, permanent hardware value:

# macchanger -p enp1s0
Note: A device cannot be in use (connected in any way or with its interface up) while the MAC address is being changed.

Automatically

Netcfg

Tango-view-refresh-red.pngThis article or section is out of date.Tango-view-refresh-red.png

Reason: netcfg is deprecated, use netctl instead (Discuss in Talk:MAC address spoofing#)

This example uses #Method 2: macchanger, so make sure that macchanger is installed.

Put the following line in your netcfg profile to have it spoof your MAC address when it's started:

PRE_UP='macchanger -e enp1s0'

You may have to replace enp1s0 with your interface name.

Systemd unit

This example uses #Method 1: iproute2.

/etc/systemd/system/macspoof@.service
[Unit]
Description=MAC address change %I
Before=dhcpcd@%i.service

[Service]
Type=oneshot
ExecStart=/usr/bin/ip link set dev %i address 36:aa:88:c8:75:3a
ExecStart=/usr/bin/ip link set dev %i up

[Install]
WantedBy=network.target

You may have to edit this file if you do not use dhcpcd.

Systemd unit using random address

This example uses #Method 2: macchanger, so make sure that macchanger is installed.

/etc/systemd/system/macchanger@.service
[Unit]
Description=Macchanger service for %I
Documentation=man:macchanger(1)

[Service]
ExecStart=/usr/bin/macchanger -e %I
Type=oneshot

[Install]
WantedBy=multi-user.target

See also