With OSX 10.5. it's no longer possible to spoof MAC addresses of your wired interface (e.g. en0) with "ifconfig en0 laddr/ether XX:YY:...."
a/ why is that?
b/ how is it notwithstanding done by e.g. VMware "vmnet-xxx" deamons?
c/ does anyone know wether the Apple Developer package contains detailed and useful information regarding the mach kernel device interfaces? e.g. device driver example code, and the like?
Thank you very much
Grusz
A: This may be a change for security reasons in the work place (this is just pure speculation, and may or may not be true), as it seems to be a driver issue (this was possible in Tiger, I know from experience). It is still possible to this on the wireless interface en1. Even if the physical interface did not support it, the device could be put into "monitor" mode and have the MAC address matching take place higher up in the IP chain. We shall have to wait and see what Apple does about this.
B: Those daemons put your wired network into "monitor" mode, basically what this does is tell your network card that you want everything that is being sent to you to be handled by the OS, so it turns off filtering that is done on the network card (if it supports it) which would normally discard things that were not destined for itself (its MAC address), and then it does it all in software, using the standard filtering hooks provided by the OS it can listen to any incoming packets and grab those off the wire that are destined to the fake MAC address that VMWare has set.
Explained in laymen terms: Lets say you are sitting at an airport and are waiting for an announcement that you can board your plane, you passively listen but ignore everything that does not contain your flight number. Now someone else comes along and asks you to also listen for their flight number, now you have to actively listen since you can't just filter on one flight number.
C: Yes, amongst other things you will find code examples and reference manuals. They are also all available online and you may find the code for most device drivers online as well if they were developed by Apple. The documentation is fairly good however I have noticed that in certain areas it has been lacking and made it fairly difficult for me to figure out what I needed to do to get something done. Developer.apple.com's Conceptual Network Device Driver. The source code for Darwin is also available at http://www.opensource.apple.com/darwinsource/, there you can find most device drivers for Mac OS X as long as Apple is allowed to release them as Open Source (Yukon2 driver is not included)
what worked for me was this, boot into a linux distro, change mac address there so that you have a working internet connection, reboot into mac os x(tried with 10.5.5), the mac stays spoofed from linux - with my pc, it worked even over system restarts/shutdowns
to be more specific, i tried this with ubuntu 8.04(i believe), to change mac address there:
sudo ifconfig eth0 down
sudo ifconfig eth0 hw ether 000102020405
sudo ifconfig eth0 up
of course you need to replace the 000102020405 with the real MAC you want to use, beware, with other distros, even different versions of ubuntu, the MAC spoofing procedure might differ slightly(you need to restart the connection etc..) - the magic of this trick is in the fact it actually might work off a live distro, so you don't need to install anything, but i never tried this
good luck