How to spoof the MAC address ?

How to spoof the MAC address ?

by -
0 1073

What is MAC((Media Access Control) Address?

The MAC address is a unique value associated with a network adapter. MAC addresses are also known as hardware addresses or physical addresses. They uniquely identify an adapter on a LAN.

MAC addresses are 12-digit hexadecimal numbers (48 bits in length). By convention, MAC addresses are usually written in one of the following formats:

MM:MM:MM:SS:SS:SS <——– 48 Bit ( Hexa Decimal )

MMMM-MMSS-SSSS

The first half (24 BITS) of a MAC address contains the ID number of the adapter manufacturer. These IDs are regulated by an Internet standards body . The second half (24 MORE BITS) of a MAC address represents the serial number assigned to the adapter by the manufacturer. In the example,

00:0C:29:04:F5:6D

The prefix

000C29

indicates the manufacturer is Advanced Micro Devices.

How to find a MAC Address ?

A MAC (Media Access Control) address is a number that identifies the network adapter(s) installed on your computer. To find your MAC address on any system with a network connection. Use following method in linux

Method 1:

[root@gateway1 ~]# ifconfig eth0

eth0      Link encap:Ethernet  HWaddr 00:0C:29:04:F5:6D
inet addr:192.168.0.88  Bcast:192.168.0.255  Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe04:f56d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:63499 errors:0 dropped:0 overruns:0 frame:0
TX packets:37332 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:68272685 (65.1 MiB)  TX bytes:3699886 (3.5 MiB)
Interrupt:19 Base address:0x2000

 

 Method 2:

Communicate with required interface and fetch result with arp command

[root@gateway1 ~]# ping 192.168.0.254

PING 192.168.0.254 (192.168.0.254) 56(84) bytes of data.

64 bytes from 192.168.0.254: icmp_seq=1 ttl=64 time=2.03 ms
64 bytes from 192.168.0.254: icmp_seq=2 ttl=64 time=1.37 ms

^C

— 192.168.0.254 ping statistics —

2 packets transmitted, 2 received, 0% packet loss, time 1797ms

rtt min/avg/max/mdev = 1.376/1.706/2.036/0.330 ms

 

[root@gateway1 ~]# arp -a 192.168.0.254

? (192.168.0.254) at 34:40:b5:86:6e:a6 [ether] on eth0      <—- 34:40:b5:86:6e:a6 represent MAC Address

[root@gateway1 ~]#

Method 3:

Using nmap command we can fetch MAC Adress too, if PC is in our LAN

[root@gateway1 ~]# nmap 192.168.0.254

Starting Nmap 5.51 ( http://nmap.org ) at 2016-07-03 19:15 IST
Nmap scan report for 192.168.0.254
Host is up (0.0015s latency).
Not shown: 985 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
110/tcp  open  pop3
111/tcp  open  rpcbind
143/tcp  open  imap
443/tcp  open  https
993/tcp  open  imaps
995/tcp  open  pop3s
3128/tcp open  squid-http
3306/tcp open  mysql
5666/tcp open  nrpe
8009/tcp open  ajp13
8080/tcp open  http-proxy
MAC Address: 34:40:B5:86:6E:A6 (Unknown)                 < —34:40:B5:86:6E:A6 ( MAC Address)

Nmap done: 1 IP address (1 host up) scanned in 17.62 seconds
[root@gateway1 ~]#

Note : MAC can be obtained  in same network ( Switch Network ) using arp or NMAP command. Because router bypass MAC info as MAC address works in layer2.

 

What is MAC Spoofing ?

MAC Address is a Hardware Address, it has burnt in the network interface, can not be changed physically. While a MAC address is a manufacturer-assigned hardware address, it can actually be modified by a user. This practice is often called “MAC address spoofing.” In this post, I am going to show how to spoof the MAC address of a network interface on Linux

 

Why Spoof a MAC Address?

  1. There could be several technical reasons you may want to change a MAC address. Some ISPs authenticate a subscriber’s Internet connection via the MAC address of their home router. Suppose your router is just broken in such a scenario. While your ISP re-establishes your Internet access with a new router, you could temporarily restore the Internet access by changing the MAC address of your computer to that of the broken router.
  2. Many DHCP servers lease IP addresses based on MAC addresses. Suppose for any reason you need to get a different IP address via DHCP than the current one you have. Then you could spoof your MAC address to get a new IP address via DHCP, instead of waiting for the current DHCP lease to expire who knows when.
  3. Some Software like ( DMA Radius Server ) register their software license with a particular MAC Address. If our Network interface gone down means software will not work. In this case we should use our MAC spoofed with previous one. Later this post I will show you, how it can be done.
  4. Apart  from all Technical reasons aside, there are also legitimate privacy and security reasons why you wish to hide your real  MAC address. Unlike your layer-3 IP address which can change depending on the networks you are connected to, your MAC address can uniquely identify you wherever you go. where a hacker snoops on your MAC address on a public WiFi network.

 

How to Spoof a MAC Address Temporarily ?

Before any change view the  status of MAC is

[root@gateway1 ~]# ifconfig eth0

eth0      Link encap:Ethernet  HWaddr 00:0C:29:04:F5:6D
inet addr:192.168.0.88  Bcast:192.168.0.255  Mask:255.255.255.0

Now I want to change this MAC with 00:0C:29:04:F5:FF

# service network stop
# ifconfig eth0 hw ether 00:0C:29:04:F5:FF

# service network start

Then  to view the change

[root@gateway1 ~]# ifconfig eth0

eth0      Link encap:Ethernet  HWaddr 00:0C:29:04:F5:FF      < value changed here
inet addr:192.168.0.88  Bcast:192.168.0.255  Mask:255.255.255.0

 

Note : This MAC Address is temporary , it will back to previous after rebooting the server.
To make this permanent, follow next step

Making Changes of MAC Address  Permanent

The HWADDR “directive is useful for machines with multiple NICs to ensure that the interfaces are assigned the correct device names regardless of the configured load order for each NIC’s module. This directive should not be used in conjunction with MACADDR.” … The MACADDR “directive is used to assign a MAC address to an interface, overriding the one assigned to the physical NIC. This directive should not be used in conjunction with HWADDR.”

Upper and lower case letters are accepted when specifying the MAC address, because the network function converts all letters to upper case.

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
# HWADDR=00:0C:29:04:F5:6D    <– to remove or comment  this entry
MACADDR=00:0C:29:04:F5:FF       < — to add this Entry
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.0.88
NETMASK=255.255.255.0

Now reboot the machine and check for the changes  or  restart the network service

[root@gateway1 ~]# service network restart
[root@gateway1 ~]# ifconfig eth0

eth0      Link encap:Ethernet  HWaddr 00:0C:29:04:F5:FF      <—changes took place|
inet addr:192.168.0.88  Bcast:192.168.0.255  Mask:255.255.255.0

Note :  We used in CentOS/Fedora/RHEL  versions, May be different method with other distributions.

 

Enjoy Linux …it Works…!!

Do share and comment, if you liked the post

CEO, KV IT-Solutions Pvt. Ltd. | vikas@kvit.in | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “

Download PDF

SIMILAR ARTICLES

0 1236

0 897

NO COMMENTS

Leave a Reply

Required Captcha *