Doug Vitale Tech Blog

Recall that each network adapter (whether wired or wireless) has a hard-coded  (“burned in”) Media Access Control (MAC) address that uniquely identifies the adapter on the local network to which it is connected. MAC addresses are 48-bit values comprised of twelve hexadecimal characters (0-9 and A-F). The twelve characters are separated into six pairs or octets. The first three octets are called the organizationally unique identifier (OUI) which identifies the manufacturer of the network adapter and the last three octets uniquely identify the adapter itself.

Many networks (WLANs in particular) enforce access restrictions based on host MAC addresses. To bypass this MAC filtering you can fake or “spoof” your own MAC address (you will need a known permitted MAC address to change to, obviously).

Linux

Modern operating systems give you the ability to bypass the burned in MAC address in favor of an arbitrary one that you specify. In Linux this is a simple process. To temporarily (until next reboot) change your MAC address, enter the following commands as root (where eth0 is your network interface card).

# ifconfig eth0 down
# ifconfig eth0 hw ether 00:70:59:CE:f1:20 (or whichever value you choose)
# ifconfig eth0 up

To use the new ip command (which replaces the deprecated ifconfig):

# ip link set dev [interface] address [mac_addr]

When you reboot, Linux will revert back to using the network interface card’s (NIC’s) normal MAC address. To make your spoofed MAC address “permanent”, in Red Hat/Fedora/CentOS you can edit /etc/sysconfig/network-scripts/ifcfg-eth0 (replace ‘eth0’ with your interface) and add:

MACADDR=21:22:44:34:23:27 (or whichever value you prefer).

Read the rest of this entry »