Lab 3 2: MAC OUI and MAC Spoofing Lab - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

Objective: Understand the Organization Unit Identifier in a MAC address and observe the potential of MAC address spoofing.

Goals:

• Identify and decode the MAC address OUI

• Use a MAC changing tool to spoof a MAC address

Part 1. The Organization Unit Identifier (OUI)

THE OUI consists of the first 24 bits of a MAC address for a network-connected device. These bits indicate the specific vendor of that device.

Here is an OUI lookup tool --> https://www.wireshark.org/tools/oui-lookup.html

The second 24 bits of the MAC address are the unique serial number assigned to the device by the manufacture.

Lab Steps

• Default Gateway ---> 192.168.3.250

• Ping the Default Gateway and Capture in Wireshark

• Use the OUI lookup tool and submit the OUI number and vendor info for the Default Gateway.

OUI Number: d081c5 (first half of the MAC address) Vendor Info: D0:81:C5 Juniper Networks

Part 2. MAC Spoofing

MAC addresses are often called the “burned in address”. NIC manufactures will assign MAC address to the device and is traditionally stored in a ROM chip and preloaded into non-volatile memory.

However, NICs such as some using USB or created by Virtual Machines, do not have the MAC address preloaded in firmware and rely on software drivers to assign the MAC. Therefore, it is possible on many systems to "change" the MAC address as used by the O.S.

This can be demonstrated through a tool like MACChanger for Kali.

• Type in macchanger --help in terminal

• Type in macchanger -s eth0

This will show the current and permanent MAC address of the VM

• Use the OUI lookup tool and find the OUI of an older gaming console

OUI number: 00:09:BF Vendor Info: 00:09:BF Nintendo Co., Ltd.

• Change the Kali MAC address to --->

OUI --> 00:09:BF Serial # --> de:fa:ce

• Use the command sudo macchanger -m xx:xx:xx:de:fa:ce eth0 to change the MAC address

• Ping 8.8.8.8 and capture a ping packet with the new spoofed MAC address