Promiscuous Mode and MAC Spoofing

Tcpdump, ethereal, etc, no problems, both wired and wireless. MAC address i haven't tried but I see no reason why not, I will try and post a followup.

In regards to wireless, I've become a fan of kismac in my efforts to troubleshoot wireless networks. However, kismac does not work with the airport extreme built-in to the MacBook. This has been a disappointment.

all the MAC spoofing I know relies on airport extreme (so not macbook) or PCMCIA (Prism2/orinoco/prismGT). You can use a prism2 USB dongle for kismac promiscuous mode/reinjection though

The answer is yes, I just tried it and it works just fine.

Redwoodtree,

I got this to work for en0 but not en1. Are you able to share any more details that I may have missed. I am trying it with airport inactive... although, this isn't making a difference - even en0 is active and it changes with sudo ifconfig en0 ether [MAC ADDRESS]

thanks

sudo ifconfig en1 ether 00:01:02:03:04:05

does not work, and has never worked.. the myth that it did, came from linux/unix-land... (remember this is darwin people, do your homework.. lolz)

...but u CAN edit the en1 MAC ID **ON PPC MACHINES ONLY - so far *

using the "static method" from http://suspekt.org

however, this does NOT work on INTEL machines anymore..!!


basically it comes down to en1 needing a .kext (kernel extension) edit..

also u can use kismac, its a great app and in certain ways to put your card into Promiscuous Mode (aka RFMon mode)

http://kismac.de/

and READ THE FAQ : http://kismac.de/faq.php



www.suspekt.org has had a way to edit the AppleAirPort2.kext since, Tue 19 Apr 2005. The "Dynamic Method"

Then on Mon 1 Aug 2005 was posted the newer, easier, more permanant "Static method"

(it took a bit of learning to RTFM properly get it working.. butnow.. very EZ to do)

There was also an actual .app called "MacSpoof"

read here : http://www.versiontracker.com/dyn/moreinfo/macosx/28064





::HOWEVER::

the AppleAirPort2.kext HAS BEEN CHANGED FOR INTEL

meaning... no mac spoofing until the legend who cracked it in the first place can do it again





:: the original APX spoofing concept/method was discovered by © 2005 by Stefan Esser -

**************************************************************

Email: sesser @suspekt.org or stefan @suspekt.org..

(they were distrorted so he didnt get spammed, they could also be) :

Email: sesser@suspekt.org or stefan@suspekt.org....

vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv

*BUT PLEASE PEOPLE EMAIL HIM TO MAKE THIS WORK FOR ALL US INTEL USERS *

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

....so many useles apps now for intel users :'(

hopefully he still answers and is intesrted in finding out how .. and has an intel to test on .. !! LOL

**************************************************************************



so the trick is finding which part of the .kext to edit .. (HEX DATA strings etc)

but your MAC ID must be stored in the .kext somewhere.. as it needs the info form the appleairport2.kext to give it its MAC ID afaik.

SO PLEASE SOME ONE work this out

the kext is in

/System/Library/Extensions/

its called

AppleAirPort2.kext (yes "2" - dont get confused there are two there)

PS. i thawt i was dreaming BUT I SWEAR I HAVE SEEN MULTIPLE TIMES ... i saw an AppleAirPort3.kext - a few times.. LOL - reminds me of sabbath "fairies wear boots" (man ya gotta beleive me, i saw with my own two eyes.. lol)

but it dissappears and re appears, i grabbed it once just for proof : but had a reformat issue and lost it.. am i goin mad ?.. lol

*GURUS OF THE DARWIN/BSD BROTHERHOOD PLEASE HEAR MY n00bie CALL ????

mucho TIA to all teh big brains out there who spend their valuable time sharing it with nothers not so fortunate .. or intelligent LOL 😉

PEACE
-haynebrain

macbookpro 17" 2.16GHZ Dual CPU - 2GB RAM Mac OS X (10.4.7) 1337 but not 1337 enuf !! lol