I want to build a MAC address spoofer that spits out a randomize mac address everytime my computer boots up. My question is how and from where do all my computer programs in linux pull up my MAC address. I know that my wi-fi network driver is responsible for telling my network card what to send, but from where does that driver get my MAC address? I also know that a MAC address is called a hardware address, however since it is possible to spoof MAC addresses, then it must only mean that the MAC address on my network card doesn't have to be used when sending information. I would like to know how this can be done as well.
Also when randomizing my MAC address this ought to work with all other programs such as my web-browser and whatever else that I use, which shouldn't be a problem since thats really an application layer ... not link layer
Thanks
The MAC address is usually stored in some kind of EEPROM on the network card. This address is read during initialization by the network adapter driver and used by the MAC layer when assembling/sending netowrk packets.
The MAC address used can be changed on the command line using "ifconfig" via the "hw" option:
hw class address
Set the hardware address of this interface, if the device driver
supports this operation. The keyword must be followed by the
name of the hardware class and the printable ASCII equivalent of
the hardware address. Hardware classes currently supported
include ether (Ethernet), ax25 (AMPR AX.25), ARCnet and netrom
(AMPR NET/ROM).
ifconfig essentially uses the SIOCSIFHWADDR ioctl (see http://linux.die.net/man/7/netdevice) to set the MAC address.
In some cases it might even be possible to change the MAC address stored on the network adapter itself, see http://linux.die.net/man/8/ethtool - but I wouldn't recommend doing that.
The only thing that cares about your MAC address is the NIC itself. There should be no programs that use the MAC address (including browsers). Since MAC addresses are used on the physical layer -- that's the only thing that will read your MAC (such as routers, switches, etc).
To set the MAC address of your NIC you can use the ifconfig command: ifconfig eth0 hw ether ##:##:##:##:##:## (you might have to take your network down first, set it, and then bring it up. IE: ifconfig eth0 down; ifconfig eth0 hw ether ##:##:##:##:##:#; ifconfig eth0 up)
Related
ip link add link eth2 dev col0000000000a7 type macvlan mode bridge
I can't find this usage in the manual.
Is it a combination of two commands?
See this link for details
The ip command is used to assign an address to a network interface and/or configure network interface parameters on Linux operating systems. This command replaces old good and now deprecated ifconfig command on modern Linux distributions.
Looks like it is adding a bridging device to interface eth2.
Run $ ip a show eth2 would give you more info on that particular interface.
I have multiple devices with the same hardware mac address (in factory reset mode) that all call a tftp server in order to get a proper mac.
On the same nic, there would obviously be no way to differentiate the devices, however, i have one device per nic. I evaluated these options to use that fact:
SO_BINDTODEVICE
Binding the tftp server on each nic separately would probably still not give me a way to respond with a package to the sender, since linux' arp table would be confused about which nic to send that package out from.
net namespaces
Linux does not allow bringing physical interfaces into a net namespace. only veths, which again would need to be bridged on the 'host' side, which will probably not work with the same mac appearing on multiple physical nics.
Am i missing an option here?
I have an embedded system that requires me to pull a MAC address out of flash and pass it to the Ethernet interface at the time it is brought up. Traditionally I have modified the call to ifconfig in an init script to just pass the MAC pulled out of flash as the hw ether parameter.
The system I am working on uses connman to handle the network connection. The embedded system will always have a single Ethernet connection with a single matching MAC address in a custom format in flash. connman is used as when the interface is available changes, so having a dynamic system for handling bringing the interface up and down and configuring it is helpful.
Is it possible to pass the MAC to connman to use in a similar way to what I have done before with ifconfig and, if so, how?
Alternatively is it possible to pass the MAC as a boot parameter to the kernel so that connman never has to know about this? I can pull the MAC out of flash in U-Boot but the Ethernet device is not available to U-Boot.
Alternatively is it possible to pass the MAC as a boot parameter to the kernel so that connman never has to know about this?
Yes, you can use U-Boot's ethaddr environment variable to do exactly that.
Check out U-Boot Environment Variables for documentation on the variable.
Relevant documentation snippet:
ethaddr: Ethernet MAC address for first/only ethernet interface (= eth0 in Linux).
This variable can be set only once (usually during manufacturing of the board). U-Boot refuses to delete or overwrite this variable once it has been set.
It may be as simple as running the following commands to set the environment variable and save it (substituting your MAC address of course):
setenv ethaddr 11:22:33:44:55:66
saveenv
If ethaddr isn't already used in your U-Boot boot line then you'll need to do more than just the above. For an example of how to configure this on a system, check out How to set a fixed MAC address in a LeopardBoard DM36x.
Here's the boot command utilizing ethaddr that the above site ends up with:
setenv bootcmd 'setenv bootargs \${bootargs} davinci_emac.ethaddr=\${ethaddr}; nboot 0x82000000 0 \${kerneloffset}'
Business case:
This is year 2015, and I am using Linux kernel 3.17. My ARM Linux has two NIC, eth0 and eth1. eth0 is for configuration purpose locally for a person next to it, and eth1 is for configuration purpose from remote. So they are basically same function, except eth0 has a person to plug in the cable in the field.
Local PC ------ [eth0 My ARM Linux Computer eth1] ------ Remote PC
Using eth0, the PC software can configure eth1 IP address and port for configuration. To do that, my eth0 has a preset IP address (192.168.1.2) so the PC software can easily find it. The ARM Linux (3.17) application needs to listen on eth0 port A, and eth1 Port B (if configured), and once connected, will respond, but never initiate any activity (not even ping).
There is no connection between local PC and remote PC. They are not supposed to be bridged, or networked.
Question 1:
If eth1 is configured with same IP as eth0, will my application still able to listen on both NIC ports, and correctly respond? I will have two independent threads (maybe same function, but different parameters) to listen on the two NIC ports.
This is why I ask whether I can specify the NIC when connect, and respond, because now you can see they could have same IP address. Ideally, the OS knows where is the connect request is from, so it should know which way to reply to, even if the two NIC have same IP as long as they have different Ethernet address. But, does C++11 or Berkeley model allow me to specify eth0 or eth1 when I listen and reply?
Now, the local PC and remote PC could have same IP address as well (but different from the ARM Linux). But imagine I have two ARM Linux computers, then this configuration is completely ok. But unfortunately I only have one embedded system and one OS with eth0 and eth1.
Question 2:
If answer to question 1 is no, then can they have same subnet mask? Also, can the local PC and remote PC have same IP address?
Assumption
Setting routing table, is a solution, if works. I wanted to know whether it is feasible and also whether it is recommended not to do it.
Also, this is Linux. Similar questions were asked long time ago for Windows, and Windows XP says (no) and I am using Linux 3.17 and I have same IP address so things are different from similar questions.
At the system level, you can configure a bridge on the mediating box. This can have the same IP address on both sides of the bridge and can be locked down using iptables to only respond to particular TCP/UDP ports.
You can't have systems on both sides of the bridge with the same IP address (i.e. the local pc and remote pc can't have the same IP address). You can use ebtables to limit the access on either side of the bridge to the IP address of the bridge itself, which means that the local pc can only talk to the mediating box and the remote pc can only talk to the mediating box.
This is based on never expecting the local and remote pcs to talk to each other.
It's mostly a sys-adminny solution, though, there's not really an API that you could use as a developer to accomplish the same thing.
How does changing a network interface's MAC address (ifconfig eth2 hw ether BB:BB:BB:BB:BB:BB) affect a NIC that isn't in promiscuous mode?
When I use ifconfig to change my network card's MAC, it is reverted to the original MAC after a reboot.
As far as I understand, it means that the network card has its original MAC saved in its own nonvolatile memory and Linux reads this original MAC every time it boots.
It must mean that ifconfig does not change the MAC's value saved in NIC's own nonvolatile memory. This value is left untouched.
Nevertheless, when I change the MAC with ifconfig, Linux starts sending Ethernet frames with this new MAC as source-MAC.
From what I have learnt, a NIC that is not in so called "promiscuous mode" rejects all Ethernet frames whose destination MAC addresses differ from the NIC's MAC address (unless it's broadcast or multicast).
It means that Linux will not even see those frames. They will be dropped before reaching the CPU.
I suppose the NIC does this job by checking the Ethernet frame's destination MAC address against the NIC's MAC address saved in NIC's own nonvolatile memory.
Now there comes an issue that I don't understand.
Since NIC uses its internally saved original MAC to decide whether to drop a frame before passing it to the CPU, and Linux may use a totally different MAC as source MAC for outgoing frames, then how does a response to such frames reach Linux?
What do I misunderstand in this topic?
I will present an example to better describe what I mean.
NIC has AA:AA:AA:AA:AA:AA stored in its own internal nonvolatile memory as its original MAC.
It is not in promiscuous mode, so it prevents all frames not containing AA:AA:AA:AA:AA:AA as the destination MAC from reaching the CPU (and Linux).
Now someone types: ifconfig eth2 hw ether BB:BB:BB:BB:BB:BB.
From now on, outgoing frames sent by Linux from this interface will have BB:BB:BB:BB:BB:BB as source MAC.
Eventually another host will reply to this frame by sending a frame with BB:BB:BB:BB:BB:BB as destination MAC.
Such a frame will arrive to the first host's NIC. What will the NIC do now? It will compare BB:BB:BB:BB:BB:BB with AA:AA:AA:AA:AA:AA (stored internally in NIC's ROM) and decide not to pass it to the CPU?!? So the frame will never reach Linux?
Where's the catch?
The MAC address in modern network interfaces is a volatile value held in a configuration register of the chip. That's the only value that is used in chip's operation outside of initialization. This value is initialized on start up from non-volatile memory - either by the chip hardware itself, or by the driver, depending on the particular chip's design.
The non-volatile value is not used for anything but the initialization. It is certainly not used to filter out the incoming packets - the nonvolatile memory is much too slow for that. During network interface's operation, the nonvolatile memory is idle and is not used.
The promiscuity of the NIC had nothing to do with your question. As soon as you assign a new MAC, it takes effect, no matter what the nonvolatile memory contents might be, and no matter whether the interface is promiscuous or not.
Finally, the non-volatile memory in a NIC interface is optional. On many mobile systems (say laptops) there's no nonvolatile memory dedicated to the NIC. The MAC address of the NIC is held in the nonvolatile memory that stores other system-specific nonvolatile configuration data. This saves power and money.