Mac Changing Trouble

[PaulyD]

Copy and paste from UbuntuForums...no action over there:

__________________________________________________________________

MAC Changing Trouble

Ubuntu 11.10 on an Acer TimelineX 11.6" I swapped out the OEM Broadcom card with an Intel 633 Centrino-N 450mbs card. The swap went well, even adding the third antenna, and I have the card working fine. I connect to a Buffalo 450mbs router.

My problem is with changing the MAC. This is about privacy and not anything malicious. I'd just like to decrease my footprint when connecting to AP's that aren't my own, that's all.

Using the Terminal I can do:

ifconfig wlan0 down

ifconfig wlan0 hw ether ad:dr:es:sh:er:ex

ifconfig wlan0 up

...and receive no errors. If I then ifconfig, it shows the new address, so far, so good. I'm very familiar with when it doesn't work, having tried the Broadcom card and getting SOIFFIOC (sp?) errors about too many files open

I can also use macchanger -r or the macchanger-gtk GUI and also change the address with no errors.

The problem comes when I try to re-acquire my Buffalo AP. It will sit there scanning for a long while, eventually pop up the password screen (which I assume means it see's the new MAC) but then never connect. It just keeps popping up the password box again, and again.

Should this just 'work', or do I need to do something in the Network Manager GUI where it lists the wireless networks? Right now there is just my original AP, Auto Connect, DHCP Automatic, and it lists the wlan0 card and the burned in MAC. I've also tried 'Cloning' from here, but again, no connection.

Thanks in advance,

P

Edit: P.S. There is no MAC filtering on the router, and I've even tried clearing out the DHCP reservation for the old MAC/IP.

_______________________________________________________________________________________________________________________________

Thanks, glad to be here. Been watching for years.

PD

[Sparda]

It's possible that new wireless card has it written in to the firmware to prevent using a fake mac address. It's impossible to say for certain, and I'm not familiar with that particular card, but it's a possibility.

Have you tried it with another distro (e.g. Backtrack, yes I know the latest version is based off Ubuntu, but it's worth a shot)?

have you tried it on another machine?

[digip]

You don't have restrictions on your router for MAC filtering, do you?

I don't know that it lets you(program should tell you but I haven't actually tried putting in an invalid mac), but you aren't physically using "ad:dr:es:sh:er:ex" as the mac address by any chance? If you are, then its going to fail.MAC address must be 0-9 and A-F. No s,h, and r's. Look up your cards real mac address, use the same first OID and just change the last bits. You can look up the OEM for your card online too.

http://standards.ieee.org/develop/regauth/oui/oui.txt

[PaulyD]

Thanks guys. Yes, I'm putting in a 'normal' MAC and filtering isn't active on the router. I haven't tried another distro, but I can try BackTrak on a Live CD. I haven't sniffed the packets (brand new to Linux, coming from Win7), can I do this from the terminal or do I need to install WireShark? I also got an Intel 6200 series card at the same time. I'm going to swap that in and try...and maybe drive down to Starbucks to test...could be my router (DD-WRT based Buffalo). I'll keep you posted.

PD

[digip]

Thanks guys. Yes, I'm putting in a 'normal' MAC and filtering isn't active on the router. I haven't tried another distro, but I can try BackTrak on a Live CD. I haven't sniffed the packets (brand new to Linux, coming from Win7), can I do this from the terminal or do I need to install WireShark? I also got an Intel 6200 series card at the same time. I'm going to swap that in and try...and maybe drive down to Starbucks to test...could be my router (DD-WRT based Buffalo). I'll keep you posted.

PD

If you we're you using macchanger in ubuntu originally then try Backtrack. Its already installed in backtrack, give that a go. If it works with backtrack, then maybe the ubuntu install didn't have latest drivers or compatibility with your hardware.

[Malachai]

Or better yet use:

macchanger -A (interface)

Which will give you a mac address that follows those specifications and looks like its from a specific company using their oui...

I always use the macchanger -r (interface) works for me.

just remember to bring down the wlan0/or wlan1

and mon0 if your using it. then change your mac address.

[Malachai]

-r is ok, however it makes it completely random and does not always produce a OUI which is credible. If you change your Mac your good, however I like to use the deception of it possibly being another hardware manufacturer first. Just a tip.

It's true but if you're using it for a little while then it's good. Most Admin or other security people won't check the mac until it's to late. Just a thought....

[n1tr0g3n]

the -r option is nice...Funny I never even heard of that after all these years cracking wireless. damn you learn something every day

Yeah like they said make sure your card is down and type these commands, the last command is to start airodump to scan for AP's but you'll probably want to specify a channel in the end to stop channel hopping and run these three commands

service network-manager stop

service avahi-daemon stop

service upstart-udev-bridge stop

or the sudo airmon-ng check kill command

Assuming your interface is called "wlan1" type this in..

ifconfig wlan1 down

macchanger -r wlan1

ifconfig wlan1 up

airmon-ng start wlan1

airodump-ng mon0

[bobbyb1980]

Here how I do it.

airmon-ng start wlan0 channel x

ifconfig mon0 down

macchanger -m 00:11:22:33:44:55 mon0

iwconfig mon0 channel x

ifconfig mon0 up

Then I get on to cracking and this method works for me.