Difference between revisions of "MAC Spoofing with Netgraph"

Prerequisites

• Kernel in static or modular configuration that has the following enabled: ng_ether, ng_eiface, and ng_bridge.
• A fair amount of knowledge.
• A machine that you can break the crap out of.

Background

• We will be taking a machine with a physical network interface, adding a virtual interface, bridging them, and using the virtual interface in a live environment.
• There is an awful lot to netgraph(4). Read the manual pages often.

Assumptions

• We have a machine with (1) NIC, labelled 'fxp0'; its IP is "192.168.2.5/24".
• We can remove it from the network for testing. It will not piss off the boss or coworkers.

Configuration

• First, if you're using the kernel modules, load them:

 # kldload ng_ether
 # kldload ng_eiface
 # kldload ng_bridge

• Next, create the eiface:

 # ngctl mkpeer . eiface hook ether

• Now create and name the bridge:

 # ngctl mkpeer ngeth0: bridge lower link0
 # ngctl name ngeth0:lower bridge0

• Now setup the ngeth0 interface:

 # ifconfig ngeth0 link 00:de:ad:be:ef:00
 # ifconfig ngeth0 inet 192.168.2.5 netmask 0xffffff00 down

• Now connect the ethernet device to the bridge:

 # ngctl connect fxp0: bridge0: upper link1

• Now the virtual interface to the other half of the bridge:

 # ngctl connect ngeth0: bridge0: upper link2

• Now setup the physical interface:

 # ngctl msg fxp0: setpromisc 1
 # ngctl msg fxp0: setautosrc 0
 # ifconfig fxp0 delete

• And finally, connect it to the last piece of the bridge:

 # ngctl connect fxp0: bridge0: lower link3

• Now on your upstream router (if you can access it):

 # arp -a | grep "192\.168\.2\.5"
 machine.domain.com (192.168.2.5) at 00:de:ad:be:ef:00 on em0

• You may need to re-add your default route:

 # route add default .......

• Thats it. For an explanation, we'll have to work on that.