Welkom Blog Gegevens

NetworkManager - disable sending hostname

Published: 30 Jun 2022 | Last edited: 16 Oct 2022

Don’t care about the introduction? Click here!

By default, NetworkManager leaks identifying information like the MAC address and the hostname of your computer. This is useful in networks where you want to uniquely identify computers, but if you’re out and about, you can be tracked using this information. We don’t want this of course.

If you’ve found this article by searching online, you might be aware of NetworkManager’s ability to globally spoof MAC addresses. Sadly, at the time of writing this post, NetworkManager doesn’t have the ability to stop sending your hostname globally even though it is possible for individual profiles. I’ve tried many solutions which didn’t work, until I found a great workaround which I will share here. The relevant issues are as follows:

Old issue (Solution found here)

New issue

Enable MAC address spoofing

Enabling MAC address spoofing is very simple, just make the file /etc/NetworkManager/conf.d/00-macrandomize.conf and add the following text:

[device]
wifi.scan-rand-mac-address=yes

[connection]
wifi.cloned-mac-address=stable
ethernet.cloned-mac-address=stable
connection.stable-id=${CONNECTION}/${BOOT}
ipv6.ip6-privacy=2

This enables MAC address spoofing for wifi scanning and for wifi connections and ethernet connections. stable generates a MAC address that stays until reboot. This can be changed to random if you want to generate a MAC address every time a link gets established. Lastly, the ipv6.ip6-privacy option means that a temporary address will be generated for IPv6, because the IPv6 address could be generated using the real MAC address by default, which can be used for identification.

Disable sending hostname

I’ve only tested both solutions on Artix Linux, but they will probably work on other distributions.

By default, your hostname is leaked via DHCP requests to the router. This behaviour is governed by the installed DHCP client on your system. If using NetworkManager, this is generally done using its own built-in DHCP client. This built-in client doesn’t have the option to disable sending the hostname, but luckily NetworkManager can use other DHCP clients that do support this behaviour. The other DHCP clients are dhcpd and dhclient. At the time of writing, NetworkManager has some trouble using dhcpd, so we will use dhclient.

Make sure dhclient is installed on your computer, and add the following content to the file /etc/NetworkManager/conf.d/dhclient.conf:

[main]
dhcp=dhclient

I’ve seen some people managing to disable sending hostnames by editing the dhclient configuration file and commenting out send host-name but for me the entire configuration file was missing. I think this is because dhclient is initialized by NetworkManager, but I’m not sure. If this is also the case for you, the following instructions to stop dhclient from sending the hostname should work:

Distributions with pacman as the package manager

Edit the file /etc/pacman.d/hooks/disable-send-hostname.hook and add the following content:

[Trigger]
Operation = Upgrade
Operation = Install
Type = Package
Target = dhclient

[Action]
Description = patching dhclient
When = PostTransaction
Exec = /bin/sh -c 'dhbin='/usr/sbin/dhclient'; /usr/bin/cp "$dhbin" "$dhbin".orig; /usr/bin/sed -i 's/host-name/xxxx-name/g' "$dhbin"'

This creates a pacman hook that runs every time dhclient is installed or upgraded. If not running a distribution with pacman as the package manager, the following instructions should work on every Linux system, albeit less efficient because it is ran on every boot instead of only after a package install/upgrade.

Other distributions

Edit the file /etc/rc.local and add the following content:

dhbin='/usr/sbin/dhclient'

/usr/bin/grep -q 'host-name' "$dhbin" &&
        /usr/bin/cp "$dhbin" "$dhbin".orig &&
        /usr/bin/sed -i 's/host-name/xxxx-name/g' "$dhbin"

Everything inserted into /etc/rc.local will run at boot before other services are started.

These configurations check for any references to host-name in the dhclient binary, used for the send host-name option, and replaces occurences of host-name with xxxx-name so the hostname isn’t sent anymore. It also makes a backup of the binary at /usr/sbin/dhclient.orig. It’s a very crude workaround, but for me it was the only way to make it work. At least until the issue itself is fixed.