Генерация mac адреса linux

Saved searches

Use saved searches to filter your results more quickly

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

A tool for generating valid random mac addresses for specific organizations.

License

emptymonkey/macgen

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Sign In Required

Please sign in to use Codespaces.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

Git stats

Files

Failed to load latest commit information.

README.md

macgen is a tool for generating valid random MAC addresses for specific organizations.

Mac’s are the best!

Sorry, but this has nothing to do with the Macintosh computer or the computer holy wars. «MAC» in this context means «media access control», and refers to the hardware address of a network device. A MAC address is the host’s network address within the data link layer of the OSI networking model. The MAC address is used in conjunction with ARP to communicate on layer two.

The first three octets of a MAC address make up the OUI. The OUI of the MAC address determines which vendor manufactured that particular network device. The second three octets are used as a unique identifier as determined by the vendor.

The OUI’s themselves are registered by the vendors with the IEEE. The IEEE is a standards organization that maintains the list of all MAC address prefixes in a public file called the oui.txt.

macgen is a Perl script that examines your copy of the oui.txt file, and uses grep to match the string you give it with an organizations name. It then returns the first three octets from your match, and randomly generates the second three octets.

You will need to download your own copy of the oui.txt file for macgen to work.

Ewwww! Perl?! Are you old or something?? Why didn’t you just use (python|ruby|lisp|javascript|emacs) for this?? All the cool kids are doing it!

Listen up, whippersnapper. I learned Perl long ago when it too was fashionable. It meets all of my data munging needs and I haven’t had a compelling reason to switch yet. It’s readily available on most systems and gets the job done, so stop yer fanboi yappin! That, and get off my lawn!

Читайте также:  Свой сервер времени linux

What is the use case for macgen?

macgen is intended to be used in conjunction with MAC address spoofing by legitimate pentesters or red teams as part of a formal risk assessment or wargame.

Modern network analysis tools, such as Kismet and Wireshark can perform a reverse OUI lookup on any MAC addresses seen on the network for the purpose of reporting the device type. An IDS may be configured to make decisions based off of MAC address validity or vendor type. macgen will allow you to generate a MAC address for your BackTrack attack laptop that appears to be a valid iOS mobile device when connecting to the WiFi network.

How do I do MAC address spoofing?

On Linux, this functionality is built into the operating system and is accessible through the ip command:

empty@monkey:~$ ip link show dev eth0 2: eth0: mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 90:e2:ba:a1:95:70 brd ff:ff:ff:ff:ff:ff empty@monkey:~$ sudo ip link set eth0 addr 00:26:c7:60:5f:11 empty@monkey:~$ ip link show dev eth0 2: eth0: mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:26:c7:60:5f:11 brd ff:ff:ff:ff:ff:ff 
empty@monkey:~$ macgen --help usage: ./macgen [-delimiter CHAR][-uppercase][-verbose][-file OUI_FILE][-help] [GREP_STRING] GREP_STRING : Only use organizations which match GREP_STRING. -delimiter CHAR : Use the CHAR character as the delimiter. (Default is ':'.) -uppercase : Use uppercase hex. (Default is lowercase.) -verbose : Print the "Organization" name in addition to the mac. -file OUI_FILE : Use OUI_FILE as the IEEE oui.txt file. (Default is "/etc/oui.txt".) -reverse MAC : Return the organization name for the given MAC address. -help : Print this message. 

Here is an example for spoofing an old DEC networking interface:

empty@monkey:~$ sudo ip link set eth0 addr `macgen "digital electronics corp"` empty@monkey:~$ ip link show dev eth0 2: eth0: mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:01:23:12:fe:cb brd ff:ff:ff:ff:ff:ff 

In this example, we will demonstrate how a MAC address can be made to impersonate an Advanced Persistent Threat, and why you shouldn’t believe everything you read in a log file:

empty@monkey:~$ sudo ip link set eth0 addr `macgen "shanghai.*telecom"` empty@monkey:~$ ip link show dev eth0 2: eth0: mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 78:ec:22:52:29:56 brd ff:ff:ff:ff:ff:ff 

For confirmation, perform a reverse lookup:

empty@monkey:~$ macgen -r 78:ec:22:52:29:56 78-EC-22 (hex) Shanghai Qihui Telecom Technology Co., LTD 

Note the use of a basic regex in that last example. If you are familiar with Perl’s regular expressions, go ahead and use them here:

empty@monkey:~/code/macgen$ ./macgen -v "(beijing|shanghai).*,ltd" Beijing Risbo Network Technology Co.,Ltd ec:98:c1:51:cd:49 empty@monkey:~/code/macgen$ ./macgen -v "(beijing|shanghai).*,ltd" Shanghai WDK Industrial Co.,Ltd. 34:bd:f9:1c:07:a4 
git clone https://github.com/emptymonkey/macgen.git cd macgen wget http://standards.ieee.org/develop/regauth/oui/oui.txt sudo mv oui.txt /etc 

As macgen is a Perl script, you may need to update the first line to point to your copy of Perl. (The default here is «/usr/bin/perl».)

I write and release these tools with the intention of educating the larger IT community and empowering legitimate pentesters. If I can write these tools in my spare time, then rest assured that the dedicated malicious actors have already developed versions of their own.

Читайте также:  Linux file system full no files

About

A tool for generating valid random mac addresses for specific organizations.

Источник

how to generate a random MAC address from the Linux command line

How do I generate a random MAC address from the Linux command line? I search for a solution that only requires standard tools commonly found on the Linux command line. The MAC address will be used for a guest KVM.

13 Answers 13

macaddr=$(echo $FQDN|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/') 

The benefit of this method, over a completely random number, is that it’s possible to reliably reproduce the MAC address based on the FQDN of the machine, which I find useful sometimes. The 02 for the first octet just sets the «locally assigned» bit, which makes it obvious that it’s not a vendor-provided MAC address, and guarantees that you won’t collide with a real NIC’s MAC address.

If you need to generate multiple MAC addresses per host, I used to concatenate the FQDN with the name of the bridge to connect the interface to; this did a good job of spreading things out for different NICs.

As alternative you can use tr -dc A-F0-9 < /dev/urandom | head -c 10 | sed -r 's/(..)/\1:/g;s/:$//;s/^/02:/'

It’s only an «alternative» in the sense that it produces a completely different end result to what my snippet does.

The posted scripts are good, but I want to add a warning: Mind the Birthday (paradoxon)!

It comes from the fact that even if you have just 23 people, the chance is already 50% that 2 of them have birthday on the same day.

It depends on your scenario how you use it, but if you generate the MACS randomly, at approx 1 million your chance for a mac number clash is 40% at 2 million it is already 87%!

If you need just a couple this is ok, but when you maintain a server farm with hundreds of servers, each of them hosting tens of virtual machines, or if you use the macs as index in some db for bookkeeping and you need uniques be careful!

Thanks, for the warning about the Birthday paradox! In my case I will take the risk as I will generate around 20 MAC addresses.

If you’re running hundreds of servers each hosting tens of virtual machines all on the same broadcast domain, you’ve got bigger problems than MAC address collision risk.

«It comes from the fact that even if you have just 23 people, the chance is already 50% that 2 of them have birthday on the same day.» That’s not even remotely true. There is about a 50% chance that two of 23 people have the same birthday anniversary, not the same birthday.

If you choose 40 of the 48 bits randomly, as suggested in womble’s answer, you need 100,000 servers to have a 0.5% chance of any of them conflicting. You can use instacalc.com/28845 to calculate this. So it’s not hundreds of servers, it’s millions of servers.

These variants work as well.

openssl rand -hex 6 | sed 's/\(..\)\(..\)\(..\)\(..\)\(..\)\(..\)/\1:\2:\3:\4:\5:\6/' 
openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/:$//' 

The load consumption of both variants is very similar according to quick measuring with time.

Hi Anthony, I see no other variant combining openssl rand and sed here, so this is unique solution in this topic.

Читайте также:  Daemon in linux example

That’s true. He/she used fold -w2|paste -sd: — instead of sed . The sed solution is probably easier to remember as it uses a more familiar tool – though I learned more from his/her answer.

Hi @JaroslavKucera, Unicast MAC addresses must never set the 1’s place bit in the first byte. That’s the «group» (multicast/broadcast) bit. If you make up your own MAC address, you’re supposed to set the 2’s place bit (the «locally administered» bit) in the first byte, to differentiate it from a guaranteed globally unique MAC address.

On a Linux machine, if the user tries to set their MAC address to 03:00:00:00:00:00 locally, they’ll get RTNETLINK answers: Cannot assign requested address , because the second bit must be set, but not the first. In other words, 00000011 fails, while 00000010 is correct. 03 octet fails; 02 octet is correct. Actually, in a broadcast address, the user would see 11111111 (255), 255.255.255.255 . To make a long story short, the first octet should represent an even number, not an odd.

myserver% perl -e 'for ($i=0;$i <6;$i++)<@m[$i]=int(rand(256));>printf "%X:%X:%X:%X:%X:%X\n",@m;' 55:C2:A5:FA:17:74 

Ah, the ol’ Swiss Army Chainsaw rides again. And by way of version 0.2, I’m unashamedly stealing womble’s excellent point about the first octet being 02:

myserver% perl -e 'for ($i=0;$i <5;$i++)<@m[$i]=int(rand(256));>printf "02:%X:%X:%X:%X:%X\n",@m;' 02:8E:94:A3:47:26 

I know this post is old, but for future visitors, if you want a cryptographically secure pseudorandom MAC address, without being limited to 0x02 as the OUI, here is a fast mostly platform agnostic generator:

$ printf '%02x' $((0x$(od /dev/urandom -N1 -t x1 -An | cut -c 2-) & 0xFE | 0x02)); od /dev/urandom -N5 -t x1 -An | sed 's/ /:/g' 

This is my favorite answer because it gets the local unicast bits right. I modified it slightly to use just tr instead of but cut and sed : printf ‘%02x’ $((0x$(od /dev/urandom -N1 -t x1 -An | tr -d ‘ ‘) & 0xFE | 0x02)); od /dev/urandom -N5 -t x1 -An | tr ‘ ‘ ‘:’

Here are five other options, all of which use random bits for the least significant bit of the most significant byte that indicates if the address is unicast or multicast and for the second-least significant bit of the most significant byte that indicates if the address is universally or locally administered.

jot -w%02X -s: -r 6 1 256 openssl rand -hex 6|fold -w2|paste -sd: - od -N6 -tx1 -An /dev/random|awk '$1=$1'|tr \ : god -N6 -tx1 -An /dev/random|cut -c2-|tr \ : hexdump -n6 -e'/1 ":%02X"' /dev/random|cut -c2- 

jot comes with OS X and BSDs but not with most Linux distributions. In jot -w changes the format, -s changes the separator, and -r generates random numbers.

od is in POSIX but hexdump is not.

OS X’s od ( /usr/bin/od below) uses a different output format than GNU od :

$ /usr/bin/od -N6 -tx1 -An /dev/random|tr ' ' : . d9::b9::d7::da::5f::96. $ god -N6 -tx1 -An /dev/random|tr ' ' : :f5:6d:0a:3b:39:f9 

In OS X’s od options placed after an argument for an input file are treated as the names of input files, so the command in the answer by Aaron Toponce reads from /dev/urandom indefinitely with OS X’s od .

Источник

Оцените статью
Adblock
detector