Finding MAC Address & Spoofing

Finding MAC Address & Spoofing

MAC (Media Access Control) address is a unique 48bit code assigned by network adapters manufacturers to their 802.x models; the code is directly written in the adapter EEPROM memory and is used for the first authentication stage to a local network by a network device, such a router, a switch and whatnot, which will later specify a local IP.

MAC Address is composed by 6 couples of alphanumeric characters, including numbers from 0 to 9 and letters from A to F (the so called hexadecimal notation, or base 16) and is represented as follows: ab:bc:cd:de:ef:f0. The first three sets of numbers (ab:bc:cd) are related to the manufacturer; check the
IEEE2 standard list for the manufacturers index.

Image to connect to a hotel or a public plaza WiFi connection: in this case, a network structure will manage the DHCP protocol, a system which automatically assigns the MAC Address a local IP address, allowing you to freely surf the web! The importance of leaving no traces of a MAC Address is that data is
stored in the network device, and the latter may not allow to remove logs, not even to its owner. Furthermore, this MAC Address will be probably shared by the router/switch with the ISP (Internet Service Provider), which could store it into their own databases.

Identifying the MAC Address

In order to spoof MAC address, first we need to be able to identify our MAC Address first. To achieve this,
we can use a command line tool available in any operating system (on Windows itʼs known as Command Prompt, while on Linux and macOS itʼs called Terminal.

On Windows, launch the command ipconfig; on macOS and Linux, use ifconfig; actually, the latter one is going to be deprecated and replaced by the iproute2 software (evoked using the ip command). Please, keep in mind that commands have to be run as root, therefore you must use the su command to be granted with admin access. However, each command may show the configuration of all the network interface controllers in the computer:

$ ip link show {interface}


ether 61:a8:5d:53:b1:b8

inet6 fe80::6aa8:6dff:fe53:b1b8%en1 prefixlen 64 scopeid 0x4

inet netmask 0xffffff00 broadcast

nd6 options=1 <PERFORMNUD>

media: autoselect

status: active

Where {interface} is the name of our network adapter. Usually, eth0 represents the Ethernet adapter, while wlan0 is the WiFi controller. It may happen that identifiers are different, according to the number of interfaces installed on your PC. If you wish to verify it, you can see which interfaces are enabled using the command: $ ip link show or ip a

We need to identify our MAC Address which is composed by 6 couples of hexadecimal characters, as mentioned above, separated by colons. In our case, the MAC Address will be 61:a8:5d:53:b1:b8.

MAC Spoofing

Fortunately, in almost all cases, we can hide our MAC Address – doing the MAC Spoofing in IT jargon – in a very easy and effortless way. On GNU/Linux, you just have to execute a couple of commands from the terminal:

$ ip link set dev {interface} down
$ ip link set dev {interface} address 00:00:00:00:00:01
$ ip link set dev {interface} up

Please note that when you set this MAC Address, your computer won’t be able to access the net anymore. You’ll have to generate a valid MAC Address, but I won’t cover this here, due to the complexity of the topic. You can restart your network manager using the command:

$ service network-manager restart

Instead, we’ll use a tool available in most of the GNU/Linux distros repositories to generate a random MAC Address. This program is macchanger and you have to install it first. In order to install it, use the command: $ apt-get install macchanger

You will be prompted to change your MAC Address immediately. If you select No, you can do it anyway using three commands:

$ ifconfig {interface} down
$ macchanger -r {interface}
$ ifconfig {interface} up

On Linux, the ifconfig command allows you to check your configurations and control your network interfaces. As you have seen, with {interface} down, you told your network adapter (in this example identified as eth0) to shut off. In this way, you can use the macchanger command to generate a random value (using the -r parameter) and apply it to the eth0 network adapter. Once you complete these steps, reactivate your adapter using the ifconfig {interface} up command. Feel free to replace the ifconfig command with the newer ip (iproute2) one. In case of connectivity issues, you can also restart using the
$ service network-manager restart
Although this operation is quite easy, you can find different scripts online to automatize the entire process.

Leave a Reply
Your email address will not be published. *

This site uses Akismet to reduce spam. Learn how your comment data is processed.