MAC Address Spoofing for Windows, Linux and Mac

MAC address spoofing is common technique for testing your network, and it's a favored method for penetrating poorly planned network security. Learn how to do it on the major platforms.

By Eric Geier | Posted Jun 7, 2010
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Network adapters come preconfigured from the factory with their own globally unique physical or Media Access Control (MAC) address, which helps them identify themselves when communicating with other networking components. Though you can't change the permanent MAC address actually stored by the network adapter, you can make it provide a different address using your operating system (OS). We'll see how to do this with Windows, Mac OS X, and Linux.

There are a few reasons you might want to simulate another MAC address, including troubleshooting and testing your network. From a security standpoint, it's a good idea to understand the technique, referred to as "MAC spoofing," because hackers also find it useful to get around MAC address filtering. This filtering is used by some network administrators to help control which devices end-users can connect to the network or even as another layer of security against hackers. If nothing else, understanding MAC spoofing will help you demonstrate to yourself or others just how easy it is to change your address and bypass MAC-based security measures.

Changing Your MAC Address in Windows

Before you change the MAC address, you might want to write down the original one. One way to bring it up is to open the Network Connections window, double-click the desired network adapter, and on the Network Connection Status window, click the Details button to look for the Physical Address. Another way is to open a Command Prompt, type ipconfig /all, find the desired Network Connection, and look for the Physical Address.

The more user-friendly way to change your MAC address in Windows is via the Network Adapter Properties. You probably want to try this first, leaving the Registry method as a last resort. When you're ready, give it a try:

  1. Open the Network Connections window and double-click the desired network adapter.
  2. On the Network Connection Status window, click the Properties button.
  3. On the Network Connection Properties window, click the Configure button.
  4. On the Network Adapter Properties window, select the Advanced tab.
  5. Choose the Network Address or Locally Administered Address Property, select the Value radio button, and then enter the new MAC address. If using Windows 7, you must use a special format as we'll note in a moment.
  6. Click OK to save changes.

If you don't have success changing your MAC via the Network Adapter Properties, you might want to try using the Windows Registry. However, you should first copy down the original address before proceeding so you'll have it if you want to restore it. When you're ready, here's how to edit the Windows Registry setting:

  1. Open the Registry Editor by typing regedit into the Start Menu field or Run prompt.
    Browse to the following key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4D36E972-E325-11CE-BFC1-08002BE10318}
  2. You should see 4-digit sub-keys, such as 0000, 0001, 0002, 0003 and so on. Find the right network adapter by referencing the DriverDesc attribute of each sub-key.
  3. Once you find the desired adapter, see if it contains a NetworkAddress attribute. If not, create a new String (REG_SZ) and label the Value Name as NetworkAddress.
  4. To edit the NetworkAddress, double-click it and type the desired MAC address (without separators) in as the Value Data. If using Windows 7, use the special format discussed next.

For either method in Windows 7, the second character of the MAC address must be a 2, 6, A, or E, such as the following examples:

x2-xx-xx-xx-xx-xx
x6-xx-xx-xx-xx-xx
xA-xx-xx-xx-xx-xx
xE-xx-xx-xx-xx-xx

Now you should double-check you're using the new MAC address, using one of the methods we discussed in the beginning of the section.

If you have problems changing your MAC address, you might consider using a third-party utility, such as Technitium MAC Address Changer.

Changing Your MAC Address in Mac OS X

Spoofing the MAC address for AirPort adapters in Mac OS X 10.4 (Tiger) and later is fairly easy. However, by default the original address is restored after rebooting. First, you might want to check out your current address; type the following into a Terminal window:

ifconfig en1 | grep ether

Then change the MAC with the following command:

sudo ifconfig en1 ether xx-xx-xx-xx-xx-xx

Be sure to replace the x's with your desired address. You might also need to change the interface number (en1) to something else. You can review interfaces by typing ifconfig. The IP address info listed for each interface might give you a clue when distinguishing between them.

If you have problems getting it to work, try disconnecting from all wireless networks but leave the AirPort adapter on, and then retry. You can force it to do this by copying and pasting the following command:

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport -z

If you run into issues, you might want to try the ChangeMAC utility.

Changing Your MAC Address in Linux

Changing the MAC address in Linux also requires a few commands in a Terminal window. First, you should check which interface number is associated with the desired network adapter and possibly copy down the original MAC address before making changes: type ifconfig into a Terminal window.

When you're ready, bring up a Terminal window, and start by deactivating the interface:

sudo ifconfig eth0 down

If you want an interface other than eth0, be sure to replace it in these examples.

Then you can assign it a new address, replacing the x's with your desired address:

sudo ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx

Now you can reactivate the interface:

sudo ifconfig eth0 up

Lastly, verify it has changed:

sudo ifconfig eth0 | grep HWaddr


Eric Geier is the Founder and CEO of NoWiresSecurity, which helps businesses easily protect their Wi-Fi with enterprise-level encryption by offering an outsourced RADIUS/802.1X authentication service. He is also the author of many networking and computing books, for brands such as For Dummies and Cisco Press.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter