MAC spoofing on Virtual machines

From Notes_Wiki
Revision as of 11:53, 2 December 2012 by Saurabh (talk | contribs)

<yambe:breadcrumb>Network interface configuration|Interface configuration</yambe:breadcrumb>

MAC spoofing on virtual machines

We can change MAC address of interface using:

ifconfig eth0 down
ifconfig eth0 hw ether <new_MAC>
ifconfig eth0 up

But on Virtual Machines (at least on Linux running on Hyper-V) when we use the above steps the network stops working completely, even if spoofing is enabled in Hyper-V guest OS network card options. The problem is not with Hyper-V but for some reason Linux kernels drop packets for new MAC address even after changing MAC address with ifconfig command.

To work around this problem we can use:

ifconfig eth0 promisc

to put interface in promiscuous mode. Even interface gets put into promiscuous mode because we use tcpdump or wireshark which put interface in promiscuous mode for their working, the network starts working fine. But when we stop using tcpdump/wireshark then network would stop working too. The solution of configuring interface into promiscuous mode works without any problem, without requiring us to run tcpdump or wireshark.

Also the solution of using tcpdump/wireshark to keep interface in promiscuous mode has limitation that when we down the interface for changing MAC address, wireshark/tcpdump stop listening on that interface. Hence, we have to restart wireshark/tcpdump after we make interface up. The 'ifconfig eth0 promisc' solution does not suffers from this problem.

Whether this happens only on VMs or also on OSes installed on physical hosts needs to be tested. Also behavior with other virtualization platforms like Xen, VMware also needs to be tested.


<yambe:breadcrumb>Network interface configuration|Interface configuration</yambe:breadcrumb>