www.ijecs.

in
International Journal of Engineering and Computer Science
Volume12 Issue 05, May2023, PageNo.25717-25721
ISSN:2319-7242DOI: 10.18535/ijecs/v12i01.4671

Computer Network: An Implementation of MAC Spoofing

Mr. Lalit Jain
Senior Lab Assistant, Computer Science and Engineering, IIT Indore
lalit@iiti.a.cin

Abstract:
An exponential growth has observed of network or internet users due to diverse resource and information
sharing services. Contrary, network uses also increased in different kinds of attacks. Means network is vul-
nerable for many types of attacks. Computer network may exploit in different contexts such as denial of ser-
vice, ping death, malfunction routing, flooding, man in the middle and spoofing attack. Among of these mac
spoofing is kind of attack spoofing attack that target to mac or physical address of the network host or router.
It tampers original address to any other random or user defined address. The aim of the study is to present
mac address and its types. With this, mac spoofing attack also presented. Implementation environment and
method for the mac spoofing also presented. Mac spoofing is implemented in the kali linux operating system
with the help of macchanger tool.

Key Words : Computer Network, Mac Address, Mac Address Types, Mac Spoofing, Kali Linux, Macchang-
er Tool.

1- INTRODUCTION

The motive of the network is to data exchange and logical address as well as MAC or physical ad-
resource sharing [1]. Today, resource sharing has dress [2]. Each type of address has some signifi-
significant market demand in term of cloud ser- cance during the communication. On the other side
vices. Inversely, use computer network or exploi- the address also targets for the attackers. Attackers
tation of network also growing. In network, com- use these address to exploits network host or net-
munication accomplish through implementation of work router or firewall. In this work, we address
layered architecture or model. TCP/IP is popular significance of MAC address and how MAC ad-
for the communication of network entities [1]. dress may be spoofed or changed by the attackers.
TCP/IP is comprising of five layers such as appli- Further, section presents MAC address, MAC
cation, transport, network, data link layer and spoofing, related study, attack environment and
physical layer which works for the different pur- discussions.
pose. TCP/IP model is depicted in the fig-1.
Medium Access Control (Mac) Address
In the computer network, medium access control
(MAC) address is physical address of network
Application Layer
adapter or NIC that denoted with the help of hexa-
Transport Layer decimal numbers [3]. MAC addresses also known
as Ethernet or LAN address. It is 48 bits long that
Network Layer written in 6 octets. Eight (8) bits used in each oc-
Data Link Layer tet. First three octet of MAC address represents
organization universal identifier (OUI) and last
Physical Layer three octets represents device address identifier.
Fig-1: TCP/IP model The representation of MAC address is depicted in
A computer or host in network environment has the fig-2.
several addresses such port address, IP address or
Mr. Lalit Jain IJECS Volume 12 Issue 05May2023 25706
 Octet-1 Octet-2 Octet-3 Octet-4 Octet-5 Octet-6

Address Identifier
Fig-2: MAC Address Notation

Oui
An example of mac address is shown below. Ab: 10: 2a: 2f:11: 1c
An example of mac address is shown below.
A1: bc: 2f:31:b1:ca
Further mac address is classified in the following A1: bc: 2f:31:b1:ca
types [3]: Further mac address is classified in the following
types [3]:
A. Unicast mac address
A mac address is said to be unicast, if least sig- C. Unicast mac address
nificant bit of first octet of mac address is 0. A mac address is said to be unicast, if least sig-
nificant bit of first octet of mac address is 0.
Aa: 1c: 5d: 20:11: ba
Aa: 1c: 5d: 20:11: ba
As an example, above mac address is unicast ad-
dress be As an example, above mac address is unicast ad-
dress because fist octet is aa in hexadecimal that
Cause fist octet is aa in hexadecimal that binary binary representation is 10101010. In the binary
representation is 10101010. In the binary represen- representation, least significant bit of aa is 0. For
tation, least significant bit of aa is 0. For this rea- this reason, we can say given address is unicast
son, we can say given address is unicast mac ad- mac address.
dress.
D. Multicast mac address
B. Multicast mac address A mac address is said to be multicast, if least
A mac address is said to be multicast, if least significant bit of first octet of mac address is 1.
significant bit of first octet of mac address is 1.

A mac address is said to be broadcast, if all bit of

Ab: 10: 2a: 2f:11: 1c all octets of mac address is 1.

As an example, above mac address is multicast Ff: ff: ff: ff: ff:ff
address because fist octet is ab in hexadecimal that
binary representation is 10101011. In the binary As an example, above mac address is broadcast
representation, least significant bit of ab is 1. For address because each octet is ff in hexadecimal
this reason, we can say given address is multicast that binary representation is 11111111. In the bina-
mac address. ry representation, all bits of each octet is 1. For
this reason, we can say given address is broadcast
E. Broadcast mac address: mac address.

Mac address or physical address of network host of machine then it is referred as mac spoofing.
may be exploits by the attacker. When attackers Further section addressed mac spoofing.
able to change the actual or original mac address
I. Mac spoofing Mac spoofing is an art of changing mac address of
Mr. Lalit Jain IJECS Volume 12 Issue 05May2023 25707
 host in network environment. It is committed by the There are following motives for them MAC spoof-
attackers to prevent physical attacking machine in ing committed.
the network environment. In other way, attacker  Un-authorized access of network or its resources
also can change MAC address of victim and redi- is motive to commits MAC spoofing.
rect sending data from the victim to another host.
 To bypass network security policies based on  MAC Spoofing may also lead other kinds of at-
MAC address like bypass MAC filtering for ac- tacks such as session hijacking, ARP Spoofing,
cessing WIFI or its services. Network eavesdropping and many more.
MAC spoofing commits in the following ways: Next section presents, some research on MAC
 An attacker finds or identify victim or target MAC spoofing and its detection and preventions.
address that want to change. It can be happened by rather it should have compared with the MAC Ad-
the scanning of network. dress from NIC. If it doesn’t match it should delete
 Once target MAC address have identified, attacker the entry from OS or from registry.
may change their device address with target MAC The MAC addresses may be freezed by the router
address. It can be change either in random number that introduces this for the supporting MAC filter-
or manually. ing [6] and IP Reservation.

There are some works have presented that ad- II. Literature Survey:-
dressed
There are some works have presented that ad- from the operating system [5].
dressed countermeasures and prevention procedure
against MAC Spoofing. The MAC Address contained in the arriving ARP
Alok Pandey et. al [4] have presented countermeas- packets should not be checked against the MAC
ures for the MAC spoofing such as the MAC Ad- Address stored / recorded in the Operating System,
dress should be fetched directly from NIC instead

Fig.3Virtual Box window

Mr. Lalit Jain IJECS Volume 12 Issue 05May202 Page 25708

Countermeasures and prevention procedure against
MAC Spoofing. Fig.4KALI LINUX

The MAC addresses may be freezed by the router

that introduces this for the supporting MAC filter-
ing [6] and IP Reservation.

An Encryption is an alternative for the communica-

tion between the wireless PC and access point to
prevent MAC spoofing.

Attack Environment
MAC spoofing is commits using set of steps. To Fig.5kali Linux Desktop
demonstrate MAC Spoofing, an attack environ-
ment is created. To do this following steps and re-
quirements are performed. Step-4: Once KALI LINUX has started, then open
terminal.
Step-1: Download and install oracle virtual box to
configure attacker machine i.e. KALI LINUX.

Step-2: Download and install KALI LINUX oper-

ating system on virtual box.

Step-3: Open virtual box and start KALI LINUX.

Fig.6Terminal Window

Step-5: Now, attack environment is ready. After

this, attacker search target MAC address using
network scanning or see its MAC address using
ifconfig commands.

Fig.3Virtual Box window

Fig.7Terminal Window

Mr. Lalit Jain IJECS Volume 12 Issue 05May2023 Page 25709

Step-6: When MAC address are found then use [1] Tanenbaum, “Computer Networks” -PHI
MACCHANGER command to change host MAC Learning
address to new address. [2] Forouzan, “TCP/IP-Protocol suite”, TMH 3rd
edition
[3]David C. Plummer, “An Ethernet Address Reso-
lution Protocol”, RFC-826, Network Working
Group, November 1982.
[4] Alok Pandey, Dr. Jatinderkumar R. Sain-
iCounter Measures to Combat Misuses of MAC
Address Spoofing Techniques, Int. J. Advanced
Networking and Applications 1358 Volume: 03,
Issue: 05, Pages: 1358-1361 (2012).
[5] Min-kyu Choi, Rosslin John Robles, Chang-
Fig.8MACCHANGER Command
hwa Hong, Tai-hoon Kim, “Wireless Network Se-
curity: Vulnerabilities, Threats and Countermeas-
ures”, International Journal of Multimedia and
Ubiquitous Engineering, 3(3), July 2008, 516-520
[6] Arbaugh, William A., Shankar, Narendar, and
Wan, Y.C. Justin, “Your 802.11 Wireless Net-
works have no clothes”, 2001

Fig.9macchanger Command

Conclusion:
Now-days, network users are continuously increas-
es. With the same rate network attackers are also
growing. Network and their resources are vulnera-
ble to exploit by different kind of attacks such IP
spoofing, MAC spoofing, E-mail spoofing, ping
death etc. Here, MAC spoofing attack is studied.
With this, implementation of MAC spoofing in
KALI LINUX operating system also demonstrated.

References:

Mr. Lalit Jain IJECS Volume 12 Issue 05May2023 Page 25710