How to change MAC address on NIC and start capture the network traffic

As a cybersecurity learner, you may want to play around with your NIC (Network Interface Card) and nearby wireless network. I listed below the step by step to change the MAC address of your NIC to stay anonymous and start to capture the on-air traffic of every nearby wireless networking devices (the range of scanning capability will depend on the model of your built-in NIC/external NIC).

DISCLAIMER: This article only serve the learning purpose. I am not responsible for any activity that is done without the legal permission.

Note:

• Everything is done inside the Kali Linux OS.
• Please, open up your Terminal window and run this command in advance:

sudo apt-get update && apt-get upgrade

How to change Mac add

Step 1: Run ifconfig wlan0 down — turn off the NIC by running, wlan0 is your NIC device, it will vary on different devices.

Step 2: Using macchanger to change Mac add, macchanger have several options (wlan0 is my NIC card, you have to edit that to your own interface name, which can be get by running iwconfig in the terminal)

macchanger -r wlan0 — for random Mac address

macchanger -m wlan0 — for setting your own created Mac address

macchanger -s wlan0 — show your NIC’s Mac address.

Step 3: Run ifconfig wlan0 up — turn on the NIC interface again. Enjoy ^^

You can check your NIC’s MAC address by running:

ip a

You’re gonna have a surprise smile on your face ^^. It’s so cool, isn’t it?

Ok, so now we’re done with changing MAC address. In the next step, we will enable the monitor mode on the wireless NIC and start sniffing the traffic.

Enabling monitor mode on the wireless NIC to capture all of the data in LAN

Method 1: Using “iwconfig” (iwconfig is used for configuring wireless card).

Step 1: Run ifconfig wlan0 down — to turn off the NIC by running, wlan0 is your NIC device, it will vary on different devices

Step 2: Run iwconfig wlan0 mode monitor — change wlan0 to monitor mode to be able to capture the data

Step 3: Run ifconfig wlan0 up — turn on the wlan0 interface again

Method 2: Using “airmon-ng” — this is my favourite method because it always helps me do what I want.

Step 1: Run ifconfig wlan0 down

Step 2: Run airmon-ng check kill — kill all the process that can interfere in converting wireless card to monitor mode.

Step 3: Run airmon-ng start wlan0 — change wlan0 to monitor/promiscuous mode

Step 4: Run ifconfig wlan0 up

Run this command to check if you’ve already been successful?

iwconfig

If it shows you as “Managed” mode, it means that you’ve done it successfully. Congrats~

Packet sniffing using airodump-ng

Step 1: Run airodump-ng wlan0mon (wlan0mon is my Wifi adapter in monitored mode) — see the whole nearby networks.

Step 2: Run airodump-ng — bssid 00:11:22:33:44:55:66 — channel 2 — write test wlan0mon — to sniff packet in a specific network, 00:11:22:33:44:55 is Mac address of monitoring card which is wlan0mon; then, output all the results to a folder named test.

There will be several files named in the following format “testxx.zzz” but the most interesting one is “testxx.cap” which can be used to perform Network Analysis later.

Conclusion

This is just the first step to perform some cool later ethical hacking on wireless network. I hope that you’ve learned something new today. Stay tune, guys!!