0

I'm using this method to get the mac address: 

  public static string GetMACAddress()
  {
      NetworkInterface[] nics = NetworkInterface.GetAllNetworkInterfaces();
      //for each j you can get the MAC 
      PhysicalAddress address = nics[0].GetPhysicalAddress();
      byte[] bytes = address.GetAddressBytes();

      string macAddress = "";

      for (int i = 0; i < bytes.Length; i++)
      {
         macAddress += bytes[i].ToString("X2");

         if (i != bytes.Length - 1)
         {
             macAddress += "-";
         }
      }
      return macAddress;
   }

and I'm saving the first result, then I keep on calling this method every amount of time and compare it to the first one to see if its being changed which gives the result that its being spoofed .

but this won't work if the mac address is already being spoofed .

How can I get the original mac address even if its being spoofed?

Cœur
  • 37,241
  • 25
  • 195
  • 267
aurelia Lo bianco
  • 61
  • 2
  • 8
  • 1
    Short answer: You can't. See [this question](https://stackoverflow.com/questions/9546228/how-to-detect-the-original-mac-address-after-it-has-been-spoofed) for alternatives to uniquely identifying devices. – Rob Jun 19 '17 at 03:29

1 Answers1

0

You can't but you can collect data over the long term to help detect a spoofer. If a user in your network uses 20 different MAC addresses, this is a red flag. It's also a red flag if two different logins have the same MAC address (it's a long shot, but still a tell, but could also be a sign of sockpuppeting). You have to work on data analysis and historical data. As for getting the original MAC, no way.

RoundSauce2
  • 11
  • 4