macchanger命令

目录

macchanger命令

命令描述

用于处理MAC地址相关事项,比如:显示打印、更改

命令技巧

# macchanger命令太长了,先给他定义一个别名,这样方便好多
┌──(root㉿kali)-[/etc/network]
└─# alias mac='macchanger

使用方法

# macchanger的使用格式
┌──(root㉿kali)-[/etc/network]
└─# mac -h           
GNU MAC Changer
Usage: macchanger [options] device

# 具体使用选项
──(zhanghe㉿kali)-[~]
└─$ macchanger --help
GNU MAC Changer
Usage: macchanger [options] device

  -h,  --help                   Print this help
  -V,  --version                Print version and exit
  -s,  --show                   Print the MAC address and exit

  -e,  --ending                 Don't change the vendor(供应商) bytes  # 不要改变供应商的字节,后面三部分可以变化
  -a,  --another                Set random(随机) vendor MAC of the same kind(同类)  # 随机同类厂商的MAC
  -A                            Set random vendor MAC of any kind # 随机生成任意厂商的
  -p,  --permanent              Reset to original(原始的), permanent(永久) hardware MAC   # 恢复到原来的硬件MAC地址
  -r,  --random                 Set fully random MAC # 设置完成随机的MAC地址,瞎编一个MAC地址
  -l,  --list[=keyword]         Print known vendors # 打印已知的厂商
  -b,  --bia                    Pretend to be a burned(烧坏的)-in-address 假装是一个烧毁的地址
  -m,  --mac=XX:XX:XX:XX:XX:XX
       --mac XX:XX:XX:XX:XX:XX  Set the MAC XX:XX:XX:XX:XX:XX

Report bugs to https://github.com/alobbs/macchanger/issues


┌──(root㉿B)-[~]
└─# mac --version
GNU MAC changer 1.7.0
Written by Alvaro Lopez Ortega <alvaro@gnu.org>

Copyright (C) 2003,2013 Alvaro Lopez Ortega <alvaro@gnu.org>.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

# 通过此命令我们可以看出来将MAC地址分成了两层:当前使用和永久的
┌──(root㉿B)-[~]
└─# mac --show eth0
Current MAC:   00:0c:29:d0:04:78 (VMware, Inc.)
Permanent MAC: 00:0c:29:d0:04:78 (VMware, Inc.)


┌──(root㉿B)-[~]
└─# macchanger --show eth0
Current MAC:   00:0c:29:d0:04:78 (VMware, Inc.)
Permanent MAC: 00:0c:29:d0:04:78 (VMware, Inc.)
                                                                                                               
┌──(root㉿B)-[~]
└─# macchanger --ending eth0
Current MAC:   00:0c:29:d0:04:78 (VMware, Inc.)
Permanent MAC: 00:0c:29:d0:04:78 (VMware, Inc.)
New MAC:       00:0c:29:df:b9:72 (VMware, Inc.)
                                                                                                               
┌──(root㉿B)-[~]
└─# macchanger --another eth0
Current MAC:   00:0c:29:df:b9:72 (VMware, Inc.)
Permanent MAC: 00:0c:29:d0:04:78 (VMware, Inc.)
New MAC:       14:8a:70:a7:02:d1 (ADS GmbH)
                                                                                                               
┌──(root㉿B)-[~]
└─# macchanger -A  eth0      
Current MAC:   14:8a:70:a7:02:d1 (ADS GmbH)
Permanent MAC: 00:0c:29:d0:04:78 (VMware, Inc.)
New MAC:       00:05:97:47:72:9e (Eagle Traffic Control Systems)
                                                                                                               
┌──(root㉿B)-[~]
└─# macchanger --random eth0 
Current MAC:   00:05:97:47:72:9e (Eagle Traffic Control Systems)
Permanent MAC: 00:0c:29:d0:04:78 (VMware, Inc.)
New MAC:       22:ce:dd:c4:ed:86 (unknown)

# 列出已知厂商的
┌──(root㉿B)-[~]
└─# macchanger --list | grep -i h3c
4039 - 00:0f:e2 - Hangzhou H3C Technologies Co., Ltd.
9070 - 00:23:89 - HANGZHOU H3C Technologies Co., Ltd.
13143 - 0c:da:41 - Hangzhou H3C Technologies Co., Limited
14135 - 38:22:d6 - H3C Technologies Co., Limited
14297 - 3c:e5:a6 - Hangzhou H3C Technologies Co., Ltd.
14883 - 58:66:ba - Hangzhou H3C Technologies Co., Limited
15011 - 5c:dd:70 - Hangzhou H3C Technologies Co., Limited
15553 - 70:f9:6d - Hangzhou H3C Technologies Co., Limited
15561 - 74:25:8a - Hangzhou H3C Technologies Co., Limited
15975 - 80:f6:2e - Hangzhou H3C Technologies Co., Limited
17620 - c4:ca:d9 - Hangzhou H3C Technologies Co., Limited

┌──(root㉿B)-[~]
└─# macchanger --random --bia eth0 
Current MAC:   22:ce:dd:c4:ed:86 (unknown)
Permanent MAC: 00:0c:29:d0:04:78 (VMware, Inc.)
New MAC:       d8:84:e6:41:fc:12 (unknown)
                                                                                                               
┌──(root㉿B)-[~]
└─# macchanger --permanent eth0   
Current MAC:   d8:84:e6:41:fc:12 (unknown)
Permanent MAC: 00:0c:29:d0:04:78 (VMware, Inc.)
New MAC:       00:0c:29:d0:04:78 (VMware, Inc.)
                                                                                                               
┌──(root㉿B)-[~]
└─# macchanger --permanent eth0
Current MAC:   00:0c:29:d0:04:78 (VMware, Inc.)
Permanent MAC: 00:0c:29:d0:04:78 (VMware, Inc.)
New MAC:       00:0c:29:d0:04:78 (VMware, Inc.)

┌──(root㉿B)-[~]
└─# macchanger --mac='aa:aa:aa:aa:aa:aa' eth0
Current MAC:   00:0c:29:d0:04:78 (VMware, Inc.)
Permanent MAC: 00:0c:29:d0:04:78 (VMware, Inc.)
New MAC:       aa:aa:aa:aa:aa:aa (unknown)

┌──(root㉿B)-[~]
└─# macchanger --permanent eth0              
Current MAC:   aa:aa:aa:aa:aa:aa (unknown)
Permanent MAC: 00:0c:29:d0:04:78 (VMware, Inc.)
New MAC:       00:0c:29:d0:04:78 (VMware, Inc.)
                                                                                                               
┌──(root㉿B)-[~]
└─# macchanger --permanent eth0
Current MAC:   00:0c:29:d0:04:78 (VMware, Inc.)
Permanent MAC: 00:0c:29:d0:04:78 (VMware, Inc.)
New MAC:       00:0c:29:d0:04:78 (VMware, Inc.)
It's the same MAC!!

知识扩展

通过MAC地址的也可以判断出这个数据帧是单播、组播、广播。

  • 如果全是MAC地址全是1,那没有疑问,就是广播
  • 如果第一个字节的最后一个比特是0,那就是一个单播的数据帧
  • 如果第一个字节的最后一个比特是1,那就是一个组播数据帧,比如01005e

NOTE:注意,macchange只允许更改成单播MAC,不能改成组播或是广播MAC。

使用演示

https://www.bilibili.com/video/BV1XG4y1k755?p=4&vd_source=4134b92c3a7468ae0a22c27b16a3440f

posted @ 2023-01-17 10:33  张贺贺呀  阅读(201)  评论(0编辑  收藏  举报