How to spoof the MAC address of a network interface on Linux

A 48-bit MAC address (e.g., 08:4f:b5:05:56:a0) is a globally unique identifier associated with a physical network interface, which is assigned by a manufacturer of the corresponding network interface card. Higher 24 bits in a MAC address (also known as OUI or "Organizationally Unique Identifier") uniquely identify the organization which has issued the MAC address, so that there is no conflict among all existing MAC addresses.

While a MAC address is a manufacturer-assigned hardware address, it can actually be modified by a user. This practice is often called "MAC address spoofing." In this tutorial, I am going to show how to spoof the MAC address of a network interface on Linux.

Why Spoof a MAC Address?

There could be several technical reasons you may want to change a MAC address. Some ISPs authenticate a subscriber's Internet connection via the MAC address of their home router. Suppose your router is just broken in such a scenario. While your ISP re-establishes your Internet access with a new router, you could temporarily restore the Internet access by changing the MAC address of your computer to that of the broken router.

Many DHCP servers lease IP addresses based on MAC addresses. Suppose for any reason you need to get a different IP address via DHCP than the current one you have. Then you could spoof your MAC address to get a new IP address via DHCP, instead of waiting for the current DHCP lease to expire who knows when.

Technical reasons aside, there are also legitimate privacy and security reasons why you wish to hide your real MAC address. Unlike your layer-3 IP address which can change depending on the networks you are connected to, your MAC address can uniquely identify you wherever you go. Call me a paranoid, but you know what this means to your privacy. There is also an exploit known as piggybacking, where a hacker snoops on your MAC address on a public WiFi network, and attempts to impersonate you using your MAC address while you are away.

How to Spoof a MAC Address Temporarily

On Linux, you can switch MAC addresses temporarily at run time. In this case, the changed MAC address will revert to the original when you reboot. Note that you will lose your network connection momentarily during MAC address transition. On Linux, there are several easy ways to change a MAC address at run time.

Method One: iproute2

$ sudo ip link set dev eth0 down
$ sudo ip link set dev eth0 address 00:00:00:00:00:01
$ sudo ip link set dev eth0 up

Method Two: macchanger

A command-line utility called macchanger allows you to change MAC addresses from known vendor list.

To install macchanger on Debian, Ubuntu or Linux Mint:

$ sudo apt-get install macchanger

To install macchanger on Fedora:

$ sudo yum install macchanger

To install macchanger on CentOS or RHEL:

$ wget http://ftp.club.cc.cmu.edu/pub/gnu/macchanger/macchanger-1.6.0.tar.gz
$ tar xvfvz macchanger-1.6.0.tar.gz
$ cd macchanger-1.6.0
$ ./configure
$ make
$ sudo make install

The following examples are some of advanced usages of macchanger. With macchanger, you no longer have to deactivate/reactivate a network interface manually.

To spoof a MAC address to a different value:

$ sudo macchanger --mac=00:00:00:00:00:01 eth0

To spoof a MAC address to a random value while preserving the same OUI:

$ sudo macchanger -e eth0

To spoof a MAC address to a completely random value:

$ sudo macchanger -r eth0

To get all MAC address OUIs associated with a particular vendor (e.g., Juniper):

$ macchanger -l | grep -i juniper

To show the original permanent and spoofed MAC addresses:

$ macchanger -s eth0
Current MAC:   56:95:ac:ee:6e:77 (unknown)
Permanent MAC: 00:0c:29:97:68:02 (Vmware, Inc.)

How to Spoof a MAC Address Permanently

If you want to spoof your MAC address permanently across reboots, you can specify the spoofed MAC address in interface configuration files. For example, if you want to change the MAC address of eth0, do the following.

On Fedora, CentOS or RHEL:

$ sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
MACADDR=00:00:00:00:00:01

Alternatively, you can create a custom startup script in /etc/NetworkManager/dispatcher.d as follows, especially if you are using Network Manager. I assume that you already installed macchanger.

$ sudo vi /etc/NetworkManager/dispatcher.d/000-changemac
#!/bin/bash

case "$2" in
    up)
        macchanger --mac=00:00:00:00:00:01 "$1"
        ;;
esac
$ sudo chmod 755 /etc/NetworkManager/dispatcher.d/000-changemac

On Debian, Ubuntu or Linux Mint:

Create a custom startup script in /etc/network/if-up.d/ as follows.

$ sudo vi /etc/network/if-up.d/changemac
#!/bin/sh

if [ "$IFACE" = eth0 ]; then
  ip link set dev "$IFACE" address 00:00:00:00:00:01
fi
$ sudo chmod 755 /etc/network/if-up.d/changemac

Subscribe to Xmodulo

Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

The following two tabs change content below.
Dan Nanni is the founder and also a regular contributor of Xmodulo.com. He is a Linux/FOSS enthusiast who loves to get his hands dirty with his Linux box. He likes to procrastinate when he is supposed to be busy and productive. When he is otherwise free, he likes to watch movies and shop for the coolest gadgets.

15 thoughts on “How to spoof the MAC address of a network interface on Linux

  1. You are wrong about debian based OSes. You use /etc/network/interfaces for pretty much everything. Including MAC spoofing.

    iface eth0
    hwaddress ether 00:00:00:00:00:01
    etc..

    • I know where you are coming from. What you said is true only if you are using /etc/network/interfaces to manage networking. In desktop environments of Debian or Ubuntu, /etc/network/interfaces is not used, and replaced by NetworkManager by default.

      The advantage of using /etc/network/if-up.d (as described) is it should work whether or not you are using /etc/network/interfaces. Besides, it's more flexible. For example, if you want, you could randomize your MAC address.

  2. Mint 16 KDE (and others, I assume) have a button within the Network Manager to randomize the MAC address. Do you, or anyone, know if there is a way to randomize the MAC address automatically at startup?

    • You can use macchanger to randomize the MAC address. The following setup will do it at startup.

      $ sudo vi /etc/NetworkManager/dispatcher.d/000-changemac
      #!/bin/bash
       
      case "$2" in
          up)
              macchanger -r "$1"
              ;;
      esac
      
      $ sudo chmod 755 /etc/NetworkManager/dispatcher.d/000-changemac
  3. Some very useful information in this post, thanks.

    I have tried to run macchanger with if-up.d first and then with dispatcher.d. In both cases the script runs and changes the mac for other network interfaces but not eth0, whether it's active or down. And when I resume from standby my mac address is always reset to default, even if I put a macchanger script in /etc/pm/sleep.d/

    I'm puzzled: it looks like some other system script is resetting my main network interface's mac address. The distro I'm using is LMDE. Any help would be greatly appreciated!

      • Thanks for your reply. Removing NM is not an option for me because then I'd have to manage the various lan, wifi and vpn connections manually.

        Anyway it turns out NM is the culprit. Every time the network is activated, NM restores the MAC address it stored when network-manager was started at boot time. The NM gui has a new option that lets the user "clone" (spoof) the MAC address for the LAN interface only, but it's pretty much useless for what I had in mind.
        Oh and several people reported that a long standing bug in wpa_supplicant won't let you connect to WPA2 protected wireless networks if you spoofed the wifi MAC.
        So, NSA 1 - privacy 0. Thanks a lot Network Manager.

  4. "With macchanger, you no longer have to deactivate/reactivate a network interface manually."

    I found on lmde (linuxmint debian) that you have to maunually up/down wlan devices while using macchanger. Else you get "ERROR: Can't change MAC: interface up or not permission: Device or resource busy," whether you are currently connected or not.

    Otherwise, thanks for taking the time to explain it. It works well.

  5. I think Inode is right.
    I made several attempts for having a macchanger script working with Network Manager but no success.

    For me the only possible solution for spoofing Mac since boot
    was uninstall Network Manager and install Wicd instead.

    With Wicd, macchanger script works perfectly since the beginning.
    I guess Wicd has other drawbacks, but to me is fine.

  6. It's a bug. Wireless MAC Address spoofing / cloning doesn't work in the latest release of Linux Mint 17...which is based on Ubuntu 14.04, where the same issue exists apparently, I have not tested this myself on Ubuntu, since I am too lazy, but the issue appears to be the same.

    If you revert back to the actual wifi MAC address everything works as it should. If this is an option for you that is...some people require specific MAC addresses for access purposes.

    I'm not sure they are going to fix it any time soon. The bug (and forum posts) concerning the issue were somewhat convoluted in their descriptions, with lots of bizarre extraneous information and theories, so it's likely to be overlooked...

  7. Surely nobody believes this isn't deliberate? I highly doubt it will *ever* be fixed unless they are forced to because of a big stink being raised by a large number of people.

Leave a comment

Your email address will not be published. Required fields are marked *

Current ye@r *