MAC Address
MAC (Media Access Control) address is a unique 48bit code assigned by
network adapters manufacturers to their 802.x models; the code is directly
written in the adapter EEPROM memory and is used for the first authentication
stage to a local network by a network device, such a router, a switch and
whatnot, which will later specify a local IP.
MAC Address is composed by 6 couples of alphanumeric characters,
including numbers from 0 to 9 and letters from A to F (the so called hexadecimal
notation, or base 16) and is represented as follows: ab:bc:cd:de:ef:f0. The first
three sets of numbers (ab:bc:cd) are related to the manufacturer; check the
IEEE2 standard list for the manufacturers index
[2]
.
Image to connect to a hotel or a public plaza WiFi connection: in this case, a
network structure will manage the DHCP protocol, a system which automatically
assigns the MAC Address a local IP address, allowing you to freely surf the
web! The importance of leaving no traces of a MAC Address is that data is
stored in the network device, and the latter may not allow to remove logs, not
even to its owner. Furthermore, this MAC Address will be probably shared by
the router/switch with the ISP (Internet Service Provider), which could store it
into their own databases.
2.1.1 Identifying the MAC Address
In order to test the upcoming techniques – allowing us to change our MAC Address – we need to be able to identify our MAC Address first. To achieve this,
we can use a command line tool available in any operating system (on Windows
itʼs known as Command Prompt, while on Linux and macOS itʼs called
Terminal).
On Windows, launch the command ipconfig; on macOS and Linux, use
ifconfig; actually, the latter one is going to be deprecated and replaced by the
iproute2 software (evoked using the ip command). Please, keep in mind that
commands have to be run as root, therefore you must use the su command to be
granted with admin access. However, each command may show the
configuration of all the network interface controllers in the computer:
$ ip link show {interface}
en1:
flags=8863
mtu 1500
ether 61:a8:5d:53:b1:b8
inet6 fe80::6aa8:6dff:fe53:b1b8%en1 prefixlen 64 scopeid 0x4
inet 192.168.0.12 netmask 0xffffff00 broadcast 192.168.0.255
nd6 options=1
media: autoselect
status: active
Where {interface} is the name of our network adapter. Usually, eth0
represents the Ethernet adapter, while wlan0 is the WiFi controller. It may
happen that identifiers are different, according to the number of interfaces
installed on your PC. If you wish to verify it, you can see which interfaces are
enabled using the command:
$ ip link show or ip a
We need to identify our MAC Address which is composed by 6 couples of
hexadecimal characters, as mentioned above, separated by colons. In our case,the MAC Address will be 61:a8:5d:53:b1:b8.
2.1.2 MAC Spoofing
Fortunately, in (almost) all cases, we can hide our MAC Address – doing the
MAC Spoofing in IT jargon – in a very easy and effortless way. On GNU/Linux,
you just have to execute a couple of commands from the terminal:
$ ip link set dev {interface} down
$ ip link set dev {interface} address 00:00:00:00:00:01
$ ip link set dev {interface} up
Please note that when you set this MAC Address, your computer won’t be
able to access the net anymore. You’ll have to generate a valid MAC Address,
but I won’t cover this here, due to the complexity of the topic
[3]
. You can restart
your network manager using the command:
$ service network-manager restart
Instead, we’ll use a tool available in most of the GNU/Linux distros
repositories to generate a random MAC Address. This program is macchanger
and you have to install it first. In order to install it, use the command:
$ apt-get install macchanger
You will be prompted to change your MAC Address immediately. If you
select No, you can do it anyway using three commands:
$ ifconfig {interface} down
$ macchanger -r {interface}
$ ifconfig {interface} up
On Linux, the ifconfig command allows you to check your
