Difference between revisions of "MAC address spoofing"

Revision as of 12:22, 15 February 2014

zh-CN:MAC Address Spoofing This article gives several methods to spoof a Media Access Control (MAC) address.

Note: In the examples below is assumed the ethernet device is enp1s0. Use ip link to check your actual device name, and adjust the examples as necessary

Manually

There are two methods for spoofing a MAC address using either iproute2 (installed by default) or macchanger (available on the official repositories).

Both of them are outlined below.

Method 1: iproute2

First, you can check your current MAC address with the command

# ip link show interface

where interface is the name of your network interface.

The section that interests us at the moment is the one that has "link/ether" followed by a 6-byte number. It will probably look something like this:

link/ether 00:1d:98:5a:d1:3a

The first step to spoofing the MAC address is to bring the network interface down. It can be accomplished with the command:

# ip link set dev interface down

Next, we actually spoof our MAC. Any hexadecimal value will do, but some networks may be configured to refuse to assign IP addresses to a client whose MAC does not match up with a vendor. Therefore, unless you control the network(s) you are connecting to, it is a good idea to test this out with a known good MAC rather than randomizing it right away.

To change the MAC, we need to run the command:

# ip link set dev interface address XX:XX:XX:XX:XX:XX

Where any 6-byte value will suffice for 'XX:XX:XX:XX:XX:XX'.

The final step is to bring the network interface back up. This can be accomplished by running the command:

# ip link set dev interface up

If you want to verify that your MAC has been spoofed, simply run ip link show interface again and check the value for 'link/ether'. If it worked, 'link/ether' should be whatever address you decided to change it to.

Method 2: macchanger

Another method uses macchanger (a.k.a., the GNU MAC Changer). It provides a variety of features such as changing the address to match a certain vendor or completely randomizing it.

Install the package macchanger from the official repositories.

The spoofing is done on per-interface basis, specify network interface name as interface in each of the following commands.

The MAC address can be spoofed with a fully random address:

# macchanger -r interface

To randomize all of the address except for the vendor bytes (that is, so that if the MAC address was checked it would still register as being from the same vendor), you would run the command:

# macchanger -e interface

To change the MAC address to a specific value, you would run:

# macchanger --mac=XX:XX:XX:XX:XX:XX interface

Where XX:XX:XX:XX:XX:XX is the MAC you wish to change to.

Finally, to return the MAC address to its original, permanent hardware value:

# macchanger -p interface

Note: A device cannot be in use (connected in any way or with its interface up) while the MAC address is being changed.

Automatically

Systemd unit

This example uses #Method 1: iproute2.

/etc/systemd/system/macspoof@.service

[Unit]
Description=MAC address change %I
Before=dhcpcd@%i.service

[Service]
Type=oneshot
ExecStart=/usr/bin/ip link set dev %i address 36:aa:88:c8:75:3a
ExecStart=/usr/bin/ip link set dev %i up

[Install]
WantedBy=network.target

You may have to edit this file if you do not use dhcpcd.

Systemd unit using random address

This example uses #Method 2: macchanger, so make sure that macchanger is installed.

/etc/systemd/system/macchanger@.service

[Unit]
Description=Macchanger service for %I
Documentation=man:macchanger(1)

[Service]
ExecStart=/usr/bin/macchanger -e %I
Type=oneshot

[Install]
WantedBy=multi-user.target

@@ Line 6: / Line 6: @@
 [[ru:MAC Address Spoofing]]
 [[zh-CN:MAC Address Spoofing]]
-There are two methods for spoofing a Media Access Control (MAC) address on Arch. Both of them are outlined below.
+This article gives several methods to spoof a Media Access Control (MAC) address.
+{{Note|In the examples below is assumed the ethernet device is {{ic|enp1s0}}. Use {{ic|ip link}} to check your actual device name, and adjust the examples as necessary}}
-== Method 1: macchanger ==
+== Manually ==
-The first method uses {{Pkg|macchanger}} (a.k.a., the GNU MAC Changer). It provides a variety of features such as changing the address to match a certain vendor or completely randomizing it.
+There are two methods for spoofing a MAC address using either {{Pkg|iproute2}} (installed by default) or {{Pkg|macchanger}} (available on the [[official repositories]]).
-[[Pacman|Install]] the package {{Pkg|macchanger}} from the [[Official Repositories]].
+Both of them are outlined below.
-After this, the MAC can be spoofed with a random address. The syntax is {{ic|macchanger -r ''<device>''}}.
+=== Method 1: iproute2 ===
-Here is an example command for spoofing the MAC address of a device named eth0.
+First, you can check your current MAC address with the command
-{{bc|# macchanger -r eth0}}
+ # ip link show ''interface''
-To randomize all of the address except for the vendor bytes (that is, so that if the MAC address was checked it would still register as being from the same vendor), you would run the command:
+where {{ic|''interface''}} is the name of your [[Network configuration#Network_Interfaces|network interface]].
+The section that interests us at the moment is the one that has "link/ether" followed by a 6-byte number. It will probably look something like this:
+ link/ether 00:1d:98:5a:d1:3a
+The first step to spoofing the MAC address is to bring the network interface down. It can be accomplished with the command:
+ # ip link set dev ''interface'' down
-{{bc|# macchanger -e eth0}}
+Next, we actually spoof our MAC. Any hexadecimal value will do, but some networks may be configured to refuse to assign IP addresses to a client whose MAC does not match up with a vendor. Therefore, unless you control the network(s) you are connecting to, it is a good idea to test this out with a known good MAC rather than randomizing it right away.
-Finally, to change the MAC address to a specific value, you would run:
+To change the MAC, we need to run the command:
-{{bc|1=# macchanger --mac=XX:XX:XX:XX:XX:XX}}
+ # ip link set dev ''interface'' address XX:XX:XX:XX:XX:XX
-Where {{ic|XX:XX:XX:XX:XX:XX}} is the MAC you wish to change to.
+Where any 6-byte value will suffice for 'XX:XX:XX:XX:XX:XX'.
-{{Note|A device cannot be in use (connected in any way or with its interface up) while the MAC address is being changed.}}
+The final step is to bring the network interface back up. This can be accomplished by running the command:
-== Method 2: Manual ==
+ # ip link set dev ''interface'' up
-First, you can check your current MAC address with the command:
+If you want to verify that your MAC has been spoofed, simply run {{ic|ip link show ''interface''}} again and check the value for 'link/ether'. If it worked, 'link/ether' should be whatever address you decided to change it to.
-{{bc|# ip link show eth0}}
+=== Method 2: macchanger ===
-The section that interests us at the moment is the one that has "link/ether" followed by a 6-byte number. It will probably look something like this:
+Another method uses {{Pkg|macchanger}} (a.k.a., the GNU MAC Changer). It provides a variety of features such as changing the address to match a certain vendor or completely randomizing it.
-{{bc|link/ether 00:1d:98:5a:d1:3a}}
+[[Pacman|Install]] the package {{Pkg|macchanger}} from the [[official repositories]].
-The first step to spoofing the MAC address is to bring the network interface down. You must be logged in as root to do this. It can be accomplished with the command:
+The spoofing is done on per-interface basis, specify [[Network configuration#Network_Interfaces|network interface]] name as {{ic|''interface''}} in each of the following commands.
-{{bc|# ip link set dev eth0 down}}
+The MAC address can be spoofed with a fully random address:
-Next, we actually spoof our MAC. Any hexadecimal value will do, but some networks may be configured to refuse to assign IP addresses to a client whose MAC does not match up with a vendor. Therefore, unless you control the network(s) you are connecting to, it is a good idea to test this out with a known good MAC rather than randomizing it right away.
+ # macchanger -r ''interface''
-To change the MAC, we need to run the command:
+To randomize all of the address except for the vendor bytes (that is, so that if the MAC address was checked it would still register as being from the same vendor), you would run the command:
-{{bc|# ip link set dev eth0 address XX:XX:XX:XX:XX:XX}}
+ # macchanger -e ''interface''
-Where any 6-byte value will suffice for 'XX:XX:XX:XX:XX:XX'.
+To change the MAC address to a specific value, you would run:
-The final step is to bring the network interface back up. This can be accomplished by running the command:
+ # macchanger --mac=XX:XX:XX:XX:XX:XX ''interface''
-{{bc|# ip link set dev eth0 up}}
+Where {{ic|XX:XX:XX:XX:XX:XX}} is the MAC you wish to change to.
-If you want to verify that your MAC has been spoofed, simply run {{ic|ip link show eth0}} again and check the value for 'link/ether'. If it worked, 'link/ether' should be whatever address you decided to change it to.
+Finally, to return the MAC address to its original, permanent hardware value:
-== Spoofing the MAC address ==
+ # macchanger -p ''interface''
-=== With netcfg ===
+{{Note|A device cannot be in use (connected in any way or with its interface up) while the MAC address is being changed.}}
-Put the following line in your [[netcfg]] profile to have it spoof your MAC address when it's started:
+== Automatically ==
-{{bc|1=PRE_UP='macchanger -e wlan0'}}
+=== Systemd unit ===
-You may have to replace {{ic|wlan0}} with your interface name.
+This example uses [[#Method 1: iproute2]].
-=== On Boot ===
+{{hc|/etc/systemd/system/macspoof@.service|<nowiki>
+[Unit]
+Description=MAC address change %I
+Before=dhcpcd@%i.service
-You will notice with the above methods that upon reboot, your MAC will return to its initial default value. To set your MAC on boot, create the the following:
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/ip link set dev %i address 36:aa:88:c8:75:3a
+ExecStart=/usr/bin/ip link set dev %i up
-{{hc|/etc/rc.d/functions.d/macspoof|
+[Install]
-spoof_mac() {
+WantedBy=network.target
-	ip link set dev eth0 address XX:XX:XX:XX:XX:XX
+</nowiki>}}
-}
-add_hook sysinit_end spoof_mac}}
+You may have to edit this file if you do not use [[dhcpcd]].
-=== Systemd Unit ===
+=== Systemd unit using random address ===
-Same thing with systemd:
+This example uses [[#Method 2: macchanger]], so make sure that {{Pkg|macchanger}} is [[Pacman|installed]].
-{{hc|/etc/systemd/system/macspoof@.service|
+{{hc|/etc/systemd/system/macchanger@.service|<nowiki>
 [Unit]
-Description&#61;MAC address change %I
+Description=Macchanger service for %I
-Before&#61;dhcpcd@%i.service
+Documentation=man:macchanger(1)
 [Service]
-Type&#61;oneshot
+ExecStart=/usr/bin/macchanger -e %I
-ExecStart&#61;/usr/sbin/ip link set dev %i address 36:aa:88:c8:75:3a
+Type=oneshot
-ExecStart&#61;/usr/sbin/ip link set dev %i up
 [Install]
-WantedBy&#61;network.target}}
+WantedBy=multi-user.target
-You may have to edit this file if you do not use dhcpcd.
+</nowiki>}}
-Note: This works without netcfg. If you are using netcfg, see above.
 == See also ==
-* [http://www.alobbs.com/macchanger macchanger project page]
+* [https://github.com/alobbs/macchanger Macchanger GitHub page]
-* [http://www.debianadmin.com/change-your-network-card-mac-media-access-control-address.html Article on DebianAdmin] with more macchanger options.
+* [http://www.debianadmin.com/change-your-network-card-mac-media-access-control-address.html Article on DebianAdmin] with more macchanger options
-* [http://wiki.gotux.net/downloads/smac SMAC] Arch Linux MAC Address Spoofer

Difference between revisions of "MAC address spoofing"

Revision as of 12:22, 15 February 2014

Contents

Manually

Method 1: iproute2

Method 2: macchanger

Automatically

Systemd unit

Systemd unit using random address

See also

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Interaction

Tools

In other languages