How to change MAC address on NIC and start capture the network traffic
As a cybersecurity learner, you may want to play around with your NIC (Network Interface Card) and nearby wireless network. I listed below the step by step to change the MAC address of your NIC to stay anonymous and start to capture the on-air traffic of every nearby wireless networking devices (the range of scanning capability will depend on the model of your built-in NIC/external NIC).
DISCLAIMER: This article only serve the learning purpose. I am not responsible for any activity that is done without the legal permission.
Note:
- Everything is done inside the Kali Linux OS.
- Please, open up your Terminal window and run this command in advance:
sudo apt-get update && apt-get upgrade
How to change Mac add
Step 1: Run ifconfig wlan0 down — turn off the NIC by running, wlan0 is your NIC device, it will vary on different devices.
Step 2: Using macchanger to change Mac add, macchanger have several options (wlan0 is my NIC card, you have to edit that to your own interface name, which can be get by running iwconfig in the terminal)
macchanger -r wlan0 — for random Mac address
macchanger -m wlan0 — for setting your own created Mac address
macchanger -s wlan0 — show your NIC’s Mac address.
Step 3: Run ifconfig wlan0 up — turn on the NIC interface again. Enjoy ^^
You can check your NIC’s MAC address by running:
ip a
You’re gonna have a surprise smile on your face ^^. It’s so cool, isn’t it?
Ok, so now we’re done with changing MAC address. In the next step, we will enable the monitor mode on the wireless NIC and start sniffing the traffic.
Enabling monitor mode on the wireless NIC to capture all of the data in LAN
Method 1: Using “iwconfig” (iwconfig is used for configuring wireless card).
Step 1: Run ifconfig wlan0 down — to turn off the NIC by running, wlan0 is your NIC device, it will vary on different devices
Step 2: Run iwconfig wlan0 mode monitor — change wlan0 to monitor mode to be able to capture the data
Step 3: Run ifconfig wlan0 up — turn on the wlan0 interface again
Method 2: Using “airmon-ng” — this is my favourite method because it always helps me do what I want.
Step 1: Run ifconfig wlan0 down
Step 2: Run airmon-ng check kill — kill all the process that can interfere in converting wireless card to monitor mode.
Step 3: Run airmon-ng start wlan0 — change wlan0 to monitor/promiscuous mode
Step 4: Run ifconfig wlan0 up
Run this command to check if you’ve already been successful?
iwconfig
If it shows you as “Managed” mode, it means that you’ve done it successfully. Congrats~
Packet sniffing using airodump-ng
Step 1: Run airodump-ng wlan0mon (wlan0mon is my Wifi adapter in monitored mode) — see the whole nearby networks.
Step 2: Run airodump-ng — bssid 00:11:22:33:44:55:66 — channel 2 — write test wlan0mon — to sniff packet in a specific network, 00:11:22:33:44:55 is Mac address of monitoring card which is wlan0mon; then, output all the results to a folder named test.
There will be several files named in the following format “testxx.zzz” but the most interesting one is “testxx.cap” which can be used to perform Network Analysis later.
Conclusion
This is just the first step to perform some cool later ethical hacking on wireless network. I hope that you’ve learned something new today. Stay tune, guys!!