Change your Mac

01-11-2002

Ok having a little issue with my utill so for now you guys will have to change the Mac Address manually. Run regedit and look for the following key which is where all your netwok adapters will be located......

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E972-E325-11CE-BFC1-08002bE10318}]

you will have to look for the subkey that is for your card, the first subkey will be \000. My wildPacket's driver were located at \002 and my Orinoco was at \009. Look for a string value called NetworkAddress, Win 2K will have it and on Win XP you will have to add it yourself. Just double click on NetworkAddress and set the value to what you want your new Mac to be.

I tried to uses Tron's suggestion of 002cdeadbeef and my card would not function properly. I did change it to 022cdeadbeef and it worked great. After you change the Mac just exit regedit, eject your card, reinsert, run ipconfig /all from a command prompt and you will see your new mac address.

I used ethereal and it did register my new mac address with my machine.....

Next project will be to run some testing on my AP with Mac filtering enabled and spoof my card so I can hit the network........

01-11-2002

thx a lot, again :-)

ok i don´t have XP, NT or 2K, i just have ME.
arter reading your text i found it in my reg, too.

so here is where you can find it in ME (may be in other 9x versions, too)

HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Class/Net/
there you have to look for your card (my card is 0012).
and now you have your NetworkAddress just click on it and change it or you change it in the Config directorys. after one reboot you are able to select diffrent MAC adresses by selecting another profile in your client manager ejecting your card and reinsert.

that would be a niche function in one of the next versions of netstumler ;-)

CU AssetBurned

01-12-2002

OKay, I have 2 NetworkAddress keys. One at 0000 and one at 0011. Which one of these is the one I'm looking for as I cannot tell the difference in the values.

Also, where in said key to I modify the MAC? in the default?

Thanks,

Jagg

Chrsit, I feel like a newbie...

01-12-2002

the key in win 9x ist the same like in XP (NetworkAddress).

if you enter a MAC there, the card will use this MAC and if it is empty it will use the default MAC.

you have to try it... i cant tell you wich one is the right. the number does only say in wich sequence you had installed network devices.
in my case there wars some strings with the name of the producer and the card type.

01-12-2002

There's a much simpler way to do this. Open your NIC's properties/configuration page found in Network Neighborhood/My Network Places (depending on OS), or through Device Manager. Click on the Advanced tab and you will see an option to put in an Administrative Address, in WinXP it's called "Locally Administered Address", it may be different in other OS's. No need to hack the registry!

01-12-2002

Ok I have XP on a Dell Lattitude LS. I went to the advance tab for my 3com NIC and the option to enter a "Locally Administered Address" is there but on my Orinoco card that option is not there and I had to use the reg hack that Tiguy suggested.

Thanks for the help TiGuy

01-13-2002

I've tried the last method (directly editing NIC props) and it works great. Run it against various sniffers, local and remote, and the new MAC is in effect.

So, an easy way to spoof a net using MAC filtering would be to sniff it with AiroPeek, clone a MAC address, then program it as your own. I wonder what kind of collisions you'd get with two identical MACs on the same subnet....

bGood,

Mother

01-13-2002

netbones thats may be working with NT/XP but not with 9x/ME :-( there are no function like that.

01-13-2002

yup, i also tried it on a 98 machine w/no luck. sorry for the mixup.

01-14-2002

Well, I guess that having a HAL there must be useful sometimes :-))

Isn't there a way to permanently flash a new MAC into the card?

Mother

01-22-2002

Yes it works, but you can´t change the manufactor-id from the MAC.

(the first two chars)

02 elsa
00 cisco

greetz AleX-ZerO

01-28-2002

I have tried this with my Lucent Silver PC card on a Windows XP Pro laptop... no luck.

I had to add a new string as follows:
NetworkAddress REG_SZ 00022D393xxx

Am I suppose to use quotes or dashes or nothing?

TIA, Jerry

01-29-2002

I found the answer....

I have two cards, so I had to look under ControlSet002 in the registry.. all is fixed.

JerryG

01-29-2002

I am not trying to do this for a wireless card, but my 3Com doesn't have NetworkAddress as a registry key. Anybody else using Win2k and seeing anything like this?

Just curious.

01-29-2002

Just a point that may be of interest.

The OUI (Organizationally Unique Identifier) is actually a 24 bit long unique number. Therefore one of cisco's would be 00-03-9F rather than simply 00.

Further details along with a db query tool can be found on the IEEE site :-

http://standards.ieee.org/regauth/oui/index.shtml

bj

01-11-2002	#1 (permalink)
Posts: n/a	Change your Mac Ok having a little issue with my utill so for now you guys will have to change the Mac Address manually. Run regedit and look for the following key which is where all your netwok adapters will be located...... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E972-E325-11CE-BFC1-08002bE10318}] you will have to look for the subkey that is for your card, the first subkey will be \000. My wildPacket's driver were located at \002 and my Orinoco was at \009. Look for a string value called NetworkAddress, Win 2K will have it and on Win XP you will have to add it yourself. Just double click on NetworkAddress and set the value to what you want your new Mac to be. I tried to uses Tron's suggestion of 002cdeadbeef and my card would not function properly. I did change it to 022cdeadbeef and it worked great. After you change the Mac just exit regedit, eject your card, reinsert, run ipconfig /all from a command prompt and you will see your new mac address. I used ethereal and it did register my new mac address with my machine..... Next project will be to run some testing on my AP with Mac filtering enabled and spoof my card so I can hit the network........

01-11-2002	#2 (permalink)
Posts: n/a	Thx a lot!! thx a lot, again :-) ok i don´t have XP, NT or 2K, i just have ME. arter reading your text i found it in my reg, too. so here is where you can find it in ME (may be in other 9x versions, too) HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Class/Net/ there you have to look for your card (my card is 0012). and now you have your NetworkAddress just click on it and change it or you change it in the Config directorys. after one reboot you are able to select diffrent MAC adresses by selecting another profile in your client manager ejecting your card and reinsert. that would be a niche function in one of the next versions of netstumler ;-) CU AssetBurned

01-12-2002	#3 (permalink)
Posts: n/a	Problem OKay, I have 2 NetworkAddress keys. One at 0000 and one at 0011. Which one of these is the one I'm looking for as I cannot tell the difference in the values. Also, where in said key to I modify the MAC? in the default? Thanks, Jagg Chrsit, I feel like a newbie...

01-12-2002	#6 (permalink)
Posts: n/a	Netbones your half right Ok I have XP on a Dell Lattitude LS. I went to the advance tab for my 3com NIC and the option to enter a "Locally Administered Address" is there but on my Orinoco card that option is not there and I had to use the reg hack that Tiguy suggested. Thanks for the help TiGuy

01-13-2002	#7 (permalink)
Posts: n/a	It works! I've tried the last method (directly editing NIC props) and it works great. Run it against various sniffers, local and remote, and the new MAC is in effect. So, an easy way to spoof a net using MAC filtering would be to sniff it with AiroPeek, clone a MAC address, then program it as your own. I wonder what kind of collisions you'd get with two identical MACs on the same subnet.... bGood, Mother

01-12-2002	#4 (permalink)
Posts: n/a	the key in win 9x ist the same like in XP (NetworkAddress). if you enter a MAC there, the card will use this MAC and if it is empty it will use the default MAC. you have to try it... i cant tell you wich one is the right. the number does only say in wich sequence you had installed network devices. in my case there wars some strings with the name of the producer and the card type.

01-12-2002	#5 (permalink)
Posts: n/a	There's a much simpler way to do this. Open your NIC's properties/configuration page found in Network Neighborhood/My Network Places (depending on OS), or through Device Manager. Click on the Advanced tab and you will see an option to put in an Administrative Address, in WinXP it's called "Locally Administered Address", it may be different in other OS's. No need to hack the registry!

01-13-2002	#8 (permalink)
Posts: n/a	netbones thats may be working with NT/XP but not with 9x/ME :-( there are no function like that.

01-13-2002	#9 (permalink)
Posts: n/a	yup, i also tried it on a 98 machine w/no luck. sorry for the mixup.

01-14-2002	#10 (permalink)
Posts: n/a	Makes you wonder..... Well, I guess that having a HAL there must be useful sometimes :-)) Isn't there a way to permanently flash a new MAC into the card? Mother

01-22-2002	#11 (permalink)
Posts: n/a	Yes it works, but you can´t change the manufactor-id from the MAC. (the first two chars) 02 elsa 00 cisco greetz AleX-ZerO

01-28-2002	#12 (permalink)
Posts: n/a	I have tried this with my Lucent Silver PC card on a Windows XP Pro laptop... no luck. I had to add a new string as follows: NetworkAddress REG_SZ 00022D393xxx Am I suppose to use quotes or dashes or nothing? TIA, Jerry

01-29-2002	#13 (permalink)
Posts: n/a	Sorry I found the answer.... I have two cards, so I had to look under ControlSet002 in the registry.. all is fixed. JerryG

01-29-2002	#14 (permalink)
Posts: n/a	My Win2k doesn't have NetworkAddress I am not trying to do this for a wireless card, but my 3Com doesn't have NetworkAddress as a registry key. Anybody else using Win2k and seeing anything like this? Just curious.

01-29-2002	#15 (permalink)
Posts: n/a	AleX-ZerO - Mac Addrs OUI. Just a point that may be of interest. The OUI (Organizationally Unique Identifier) is actually a 24 bit long unique number. Therefore one of cisco's would be 00-03-9F rather than simply 00. Further details along with a db query tool can be found on the IEEE site :- http://standards.ieee.org/regauth/oui/index.shtml bj

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode