Change the MAC address of your Linux system

Apr 13, 2021 by Thibault Debatty | 686 views

Offensive Security Sysadmin

Still today, some network monitoring tools and security systems rely on the MAC address of the host. However, a MAC address is not an authentication mechanism! It can be easily changed. More precisely, by default most operating systems will use the MAC address burnt into the network interface as the source MAC address for all emitted Ethernet frames. But you can easily reconfigure your system to change this behavior. Here is how to do that on a Linux computer.

Command line

From the command line, let's list the network interfaces and current MAC addresses:

ip link

To change the MAC address, we must actually turn the network interface down, then set the MAC address, and finally turn it up again:

sudo ip link set dev <interface> down
sudo ip link set dev <interface> address <XX:XX:XX:XX:XX:XX>
sudo ip link set dev <interface> up

But pay attention, this modification will be discarded after reboot...


macchanger is a small tool that makes it even easier to change your MAC address from the command line.

Installation is as simple as:

sudo apt install macchanger

macchanger can change your MAC address each time you plug a network cable or connect to a wifi, but I would not use this feature, so better answer "No":

macchanger has 3 main commands:

  1. assign a random MAC address to an interface;
  2. assign a provided MAC address;
  3. restore to the default MAC address.

To assign a random MAC address:

sudo macchanger -r <interface>

To assign a provided MAC address:

sudo macchanger -m <XX:XX:XX:XX:XX:XX> <interface>

Finally, to reset the default MAC address:

sudo macchanger -p <interface>
Orchestration script to simulate user activity on multiple machines thanks to the GHOSTS framework
The GHOSTS Framework is an open-source project created by Dustin Updyke, a cybersecurity researcher from the Carnegie Mellon University. It's a framework which offers a way to simulate user activity, usually for cyber awareness trainings or research in the field of cyber defense.
MITRE ATT&CK and the ATT&CK Matrix
Defining cyber attacks is a difficult task. They vary in origins, goals and, at first glance, the techniques used might seem very different. Luckily a popular model was defined by Lockheed Martin, still used to this day, which illustrates very well the lifecycle of a typical cyber attack. The Cyber Kill Chain, popular but controversial, defines the 7 principal steps of an attack. There have been many advances, since its original conception, one of which is the wildly acclaimed ATT&CK Matrix for Enterprise.
Kali Linux and Parrot Sec OS, Penetration Environment Comparison
For years, hackers have been the main characters of movies, books and generally have captured the imagination of regular folks. When we see these hackers use the tools of their trade, we usually see a black screen with green text flashing as fast as possible on the screen, lost in commands and bright flashing lights. This can't be any further from reality, as most hackers will spend hours and days on end to accomplish their tasks, usually staring at a screen, using their programs of choice.