What is a computer MAC address?


Any hardware with a communications network interface card (NIC) will have been assigned by the manufacturer of the card a unique Media Access Control (MAC) address embedded on the network card, this address includes the manufacturer identification number, the make and model of the device could be embedded too. A MAC address takes the viewable form of six groups grouped in blocks of two hexadecimal digits (composed of numbers from 0 through 9 and letters from A up to F) separated by hyphens or colons.
Example MAC addresses: 00-B0-D0-86-BB-F7, 09:00:07:A9:B2:EB, D1-AD-04-EF-C1-02
A network interface card MAC address does not contain user information and it is not visible on the Internet, it remains behind the router, a router will use a device MAC address to identify a local computer, the router will be able to see and log the device MAC address when connected to, if you are using a public wireless access point for example, the access point will log your network card MAC address, time and date.
A network administrator could use this information to link your machine, i.e. laptop, mobile device, etc, with a particular Internet session, in order to do that you would have to lose control of the device and allow someone to examine it, using a VPN on a Wi-fi connection will not hide your MAC address.
Note: A computer MAC address is not related to Apple Macintosh computers, it is related to network cards.



How to find out a computer MAC address


Windows MAC address: Go to the command line (Run>cmd) and type ipconfig /all you will see a line that says “Physical address”, that is your network card burned-in address, aka MAC address, if you have a wireless router you will see more than one physical address, one belongs to the ethernet wired connection and the other to the wireless connection.
Apple Macintosh MAC address: Go to System Preferences>Network Icon>Show (select Built-in Ethernet)>Ethernet Card, the MAC address is listed next to Ethernet ID:, to determine the MAC address of a Wi-fi card select Show: Airport>Airport the address is listed next to Airport ID:
Linux MAC address: Become root at the command line (typing su or root) and type ifconfig -a the MAC address will be listed next to HWaddr on the first line, or type /sbin/ifconfig | grep HWaddr
FreeBSD MAC address: Type dmefg to see display MAC address or grep eth0 /var/log/dmesg or type ifconfig and look for the ether line, the MAC address will be written next to that.
Note: A hard coded MAC address is meant to be unique in the world, there can only be one NIC card with that number, if you spoof a network MAC address and it coincides with that of another device in the same local network there could be serious networking problems, or data could be forwarded to both devices, the consequences will depend on how the switch handles it.



How do I change my MAC address?


To physically change a network card MAC address it is necessary to remove the NIC card flash chip, re-programming it with new MAC address and putting it back on the card, changing your device network card will also change the hard coded MAC address, the easiest and quickest way to change a MAC address is by using special MAC address changing software:
DynaMAC (http://sourceforge.net/projects/dynamac/): Open source freeware application to view and change any computer MAC address, including wireless cards, the user can specify the MAC address that should be used, the old address can easily be reset to the original one with a single click.
After downloading DynaMac choose custom installation to stop your homepage and default search engine from being changed (Ad-aware).
http://t2.imgchili.com/1563/1563024_dynmac-mac-address-c.jpg (http://imgchili.com/show/1563/1563024_dynmac-mac-address-c.jpg)
Technitium Tmac (http://www.technitium.com/tmac): Highly configurable MAC address changer, it provides complete information on all of your network cards MAC addresses, you can select a random MAC address from the list of manufacturers that Tmac includes, it makes for a perfect MAC spoofing if you match it with your network card manufacturer brand






Change computer MAC address manually


Change a MAC address in Windows: Go to Start>Network Connections>Network Sharing Center (Vista) (Network and Dial-up on XP)>, choose Adapter Settings, right click and choose Properties>Configure, Network Connection Properties>Advanced tab, review the list for “Physical Address” or “Ethernet Address” (each NIC utilizes a different name), click on Properties once you have found it, click next to Value and input your desired MAC address, the computer will have to be rebooted for the changes to take effect.
Change a MAC address editing the registry: You could change a network card MAC address editing the Windows registry, the address will be found aroundHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Class\ one of the subkeys labeled NetworkAddresscontains it, you could cause serious damage to your operating system and need to reinstall it if you make a mistake editing the registry.
Change MAC address in Linux: Become root and use the ifconfighw command or GNU MAC changer (http://www.alobbs.com/macchanger/)
Change MAC address in FreeBSD: Become root and use the ifconfig command with three steps.


ifconfig {name of the interface} down
ifconfig {name of the interface} hw ether {new MAC address}
ifconfig {name of the interface} up

Tip: Network administrators could be filtering access to the network based on a device MAC address, changing it while being part of a network could lock you out.
Note: MAC address changing software does not modify the embedded network card address physically, it instructs Windows (example OS) to use the MAC address specified in the registry.



Change a router MAC address


A router MAC address can be emulated/changed through the router interface, the process is known as MAC cloning, not all routers have this ability, the cheap ‘free’ router given to you by your ISP is unlikely to allow this.
Each device has its own interface and it is not possible to write instructions for all routers, read the router own instructions or make sure that you have a high end router and search the interface advanced configuration options for “MAC cloning”, in advanced configuration mode you should be able to enter a new MAC address, after which you will be asked to reboot.

RED are you invovled in IT industry?

Sadly not, just an enthusiastic fan who likes to try and keep up to date with things and yes post them here for the crew.

The only reason to change your MAC is if you're trying to hide from some seriously invasive search. MAC addresses are only used point to point and rarely stored. The IP protocol abstracts everything from the MAC. The MAC is a hold-over from a long time ago when other protocols used it as your "address". But that's but superseded by the "IP address" carried in the first 20 bytes of a packet's payload.

The only MAC feature which should've been kept was the fact it's 48 bits versus IP's 32 bits. This deficit is the single greatest reason IPv6 was developed (that and changing payload sizes from IEEE's 1,536 bytes limit to much larger units like 64K).

Thanks for the additional info.

How the FBI used computer MAC addresses against Lulzsec hackers

Five people connected with LulzSec (Lulz Security), a hacking group loosely affiliated with Anonymous responsible for defacing websites and stealing credit card details from numerous companies have been arrested today thanks to one of their leaders turning FBI informant.

Their ringleader, Hector Xavier Monsegur, aka “Sabu“, was raided by the police last year and has been working for them since then. According to Fox news Monsegur was tracked down after he logged into an IRC chat server using his home IP by mistake (he normally used tor), it just happened once, enough for the FBI to track him down get a court order and convince him to work for law enforcement gathering evidence against the other members of his malicious hacking group.

LulzSec had security mechanisms to detect if a member’s identity was being usurped by law enforcement after arrest, they would ask personal questions over Jabber or IRC from past activities only known by them, not of much use when one of your own is voluntarily working for the FBI.

According to the complaint against Jeremy Hammond, aka “sup_g” his physical residence in Chicago (US), was under continuous surveillance after being identified as a LulzSec member, FBI agents measured his wireless router signal strength and determined that it was located towards the rear of his home.They then applied for a court order to monitor all traffic coming in and out of that router with a trap and trace device identifying all unique MAC addresses connected to the router, an FBI expert then linked the suspect’s computer MAC address with an IP connected to the tor network (first node).

Although the FBI was unable to read traffic over tor, e.g. visited sites, thanks to physically surveillance of the suspect home they observed that activity in between the MAC address belonging to the suspect’s computer and the tor network only occurred while Jeremy Hammond was inside the house. The FBI used connection times to link him with IRC online chats conducted behind a tor proxy with their informant, “Sabu“, on IRC channels at that very same time.

Combined with personal information the suspect willingly gave away on the chat, the FBI managed to establish that a bunch different aliases like “yohoho”, “credibethreat”, “POW”, “burn”, “tylerknowsthis” or “Anarchaos” all belonged to the same person.


The morals of this story is always change your MAC address from time to time especially each time you connect to a vpn, proxy or ssh etc to avoid any 'pattern' being detected or if can (the router allows it as some don't) do this via the router console panel and enter a new MAC there.

You can't be traced online as such via a MAC address but the connection you make into for example the first port of call like the ISP could trace if it was compromised like in this case, especially if some fucker had the know how to snoop near your home and sniff traffic on your router and see the MAC address to make a pattern analysis of what is going where and when.

Good easy free software to change MAC address is Technitium MAC Address Changer (http://www.technitium.com/tmac/index.html)

It will do a random address for you and just click go. Have to run it in admin otherwise it wont work. To finish this process it has to terminate all connection with the web and restart again for the new address to take effect.