Changing Your MAC Address

First let me explain a few things about MAC addresses. MAC stands for Media Access Control and in a sense the MAC address is a computer’s true name on a LAN. An Ethernet MAC address is a six byte number, usually expressed as a twelve digit hexadecimal number (Example: 1AB4C234AB1F).

IPs are translated to MAC address by a protocol called ARP (Address Resolution Protocol). Let’s say a computer with and IP of wants to send information to another computer on the LAN that has an IP of . First will send out a broadcast to all stations on the LAN asking who has the IP Then the box that has will respond to with it’s MAC address which is cached in’s ARP table for later use.

You can see the ARP table of a box by dropping out to a command prompt and typing “arp –a” in Windows or just “arp” in Linux. ARP can also work the other way by a host on the LAN sending its MAC address to another machine on the LAN for preemptive caching unless the host is configured to not accept un-requested ARP replies.

A person might want to change the MAC address of a NIC for one of many reasons:

1. To get past MAC address filtering on a router. Valid MAC addresses can be found by sniffing them and then the deviant user could assume the MAC of a valid host. This can cause some network stability problem.
2. Sniffing other connections on the network.
3. So as to keep their burned in MAC address out of IDS and security logs, thus keeping deviant behavior from being connected to their hardware.
4. To pull off a denial of service attack, for instance assuming the MAC of the gateway to a sub net might cause traffic problems.


To change your MAC address in Linux (and most *nix system) is easy as pie. All it takes is two easy to script commands:

    ifconfig eth0 down hw ether 00:00:00:00:00:01

    ifconfig eth0 up
These two little commands would set you eth0 interface to use the MAC 00:00:00:00:00:01. Just plug in the NIC you want to set and the MAC address you want to use into the commands above and your done. Changing your MAC address is one of those things that is much easier to do in Linux then under Windows.

Windows: The Hard Way

In XP you can use the regedit to edit the registry from a GUI or the reg command to edit it from the console, I’ll be using regedit. Information on all your NICs can be found the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\ . Under this key you will find a bunch of sub keys labeled as 0000, 00001, 0002 and so forth. We can assume any MAC address we want by finding the key that controls the NIC we want to change, putting in a string value called “NetworkAddress” and setting it to the MAC address we want to use formatted as a twelve digit hex number (example: 000000000001). To find out which key is which we can search through them for the value “DriverDesc” until we find the one that matches the NIC we wish to alter. After you set “NetworkAddress” to the address you want just restart the NIC by disabling it then enabling it (or in the case of PCMCIA cards, just eject and reinsert). You can confirm the MAC address change by using the “getmac” or “ipconfig /all” commands.

Windows: The Easy Way

Use Smac ( ) or Etherchange ( ). Smac has a nice GUI and was free but has since gone commercial. Since GUIs are for wimps and I’m cheap I use Arne Vidstrom Etherchange. Etherchange is completely free and easy to use, just walk though the interactive dialog, restart your NIC and your done.