A Media Access Control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. Logically, MAC addresses are used in the Media Access Control protocol sub-layer of the OSI reference model.
MAC addresses are most often assigned by the manufacturer of a network interface card (NIC) and are stored in its hardware, the card’s read-only memory, or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer’s registered identification number. It may also be known as an Ethernet hardware address (EHA), hardware address, adapter address, or physical address.
There are many reasons one person would want to change their MAC address and it could be for good reasons or for bad reasons. A good reason someone might change their MAC address would be for security reasons. If you change your MAC address and you connect to a public network your actual MAC address will never be stored.
A couple of bad reasons would be to extend your length of time on a specific public wireless network or to “spoof” a MAC address and gain access to a wireless or wired network that is using MAC address filtering. Spoofing your MAC address to gain unauthorized access to a network is beyond the scope of this article. We will just show you how to change your MAC on a Linux computer.
First task: find the MAC address of your network devices.
we will use the iproute2 package, which we have already discussed in previous articles
ip link show
Example of output:
1: lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:0d:60:12:78:bc brd ff:ff:ff:ff:ff:ff
3: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:02:8a:9f:21:34 brd ff:ff:ff:ff:ff:ff
4: wifi0: mtu 2312 qdisc noop state DOWN qlen 100
link/ieee802.11 00:02:8a:9f:21:34 brd ff:ff:ff:ff:ff:ff
The ip utility will sequentially number the network cards in the output. These numbers are dynamically calcualted, so should not be used to refer to the interfaces. It is far better (and more intuitive) to refer to the interfaces by name.
For each device, two lines will summarize the link state and characteristics. If you are familiar with ifconfig output, you should notice that these two lines are a terse summary of lines 1 and 3 of each ifconfig device entry.
The flags here are the same flags reported by ifconfig, although by contrast to ifconfig, ip link show seems to report the state of the device flags accurately.
Line one summarizes the current name of the device, the flags set on the device, the maximum transmission unit (MTU) the active queueing mechanism (if any), and the queue size if there is a queue present.
The second line will always indicate the type of link layer in use on the device, and link layer specific information. For Ethernet, the common case, the current hardware address (MAC Address) and Ethernet broadcast address will be displayed.
Second task: change the MAC address of your network devices.
ip link set dev eth0 address 00:80:c8:f8:be:ef
The command does not provides any output, giving the command ip link show eth0
we have now:
2: eth0: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:80:c8:f8:be:ef brd ff:ff:ff:ff:ff:ff
So we successfully change the MAC address of our eth0 network device.
ARP
The Address Resolution Protocol (ARP) is a computer networking protocol for determining a network host’s Link Layer or hardware address when only its Internet Layer (IP) or Network Layer address is known. This function is critical in local area networking as well as for routing internetworking traffic across gateways (routers) based on IP addresses when the next-hop router must be determined
Third task: change the flag of eth0 to remove the ARP answering ability.
ip link set arp off dev eth0
The command does not provides any output, giving the command ip link show eth0
we have now:
2: eth0: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:80:c8:f8:be:ef brd ff:ff:ff:ff:ff:ff
So we see now the flag NOARP and the interface will not answer anymore to ARP request.
For more information check: http://linux-ip.net/html/tools-ip-link.html
Popular Posts:
- None Found
i’m sorry for a stupid question. But why do you need turn arp off on the interface, what is the benefit of this action ?
Hello Sergei,
In general you should not need to turn off your ARP, but this can be useful for paranoic admin that want to do a static map of MAC IP and so turn off Arping in all their network (never saw someone doing it in real world), or in some project that use load balancing technique it’s a requisite, i’ve saw this used in a LVS environment.
Perhaps in a new article i’ll do a brief introduction to Linux Virtual Server, a nice implementation of kernel to do load balancing.
Thanks for the feedbacks !
Excellent article mate, just one question, when I press enter to the command to change the Mac, it says “Device or resource busy”. How do I stop it first?
oops sorry, did not realize this article was from 2010, the RSS I follow just posted, no harm meant.