ip link set / ifconfig

Introduction

The ip link set and ifconfig commands are used in Linux environments to manage network interfaces. These tools allow users to configure interface parameters, including the MAC (Media Access Control) address. On Windows systems, similar functionality can be accessed through network adapter settings or PowerShell. Changing a MAC address is commonly performed for testing, research, or evasion purposes.

What is a MAC Address?

A MAC (Media Access Control) address is a unique hardware identifier assigned to a network interface card (NIC). It operates at Layer 2 of the OSI model and facilitates local network communication. MAC addresses consist of 6-byte hexadecimal values (e.g., 00:1A:2B:3C:4D:5E) and are typically assigned by the hardware manufacturer.

Why Change the MAC Address?

Altering a MAC address can serve multiple purposes:

• Gaining access to MAC-filtered networks
• Bypassing device tracking and fingerprinting
• Resetting network authentication sessions
• Simulating other devices for testing or analysis
• Creating anonymity in public network environments
• Performing man-in-the-middle (MITM) attacks by impersonating trusted devices
• Taking over another computer's network identity
• Changing the perceived role of a device (e.g., appearing as a router instead of a client)

Changing MAC Using Linux

Linux systems offer full control over network interfaces through terminal commands. The two most common tools are ip and ifconfig.

Using ip

ip link set dev eth0 down
ip link set dev eth0 address 00:11:22:33:44:55
ip link set dev eth0 up

Using ifconfig

You can change the MAC address manually using `ifconfig`.

• `eth0` = Wired Ethernet interface (commonly used on Linux)
• `wlan0` = Wireless interface (Wi-Fi) (used on Linux)
• `en0` = Wi-Fi interface on macOS (typically the active wireless adapter)

# Change MAC for wired connection (Linux - eth0)
ifconfig eth0 down
ifconfig eth0 hw ether 00:11:22:33:44:55
ifconfig eth0 up

# Change MAC for wireless connection (Linux - wlan0)
ifconfig wlan0 down
ifconfig wlan0 hw ether 66:77:88:99:AA:BB
ifconfig wlan0 up

# Change MAC for wireless connection on macOS (en0)
sudo ifconfig en0 ether 66:77:88:99:AA:BB

On macOS, it is usually not necessary to bring the interface down and up when changing the MAC address using `ifconfig`. The new address takes effect immediately. If connectivity issues occur, the following alternative method can be used:

sudo ifconfig en0 down
sudo ifconfig en0 ether 66:77:88:99:AA:BB
sudo ifconfig en0 up

These commands assign a temporary MAC address. The original MAC will return after reboot unless persistence is configured via network settings or launch scripts.

Changing MAC Using Windows

On Windows, MAC addresses can be modified in two main ways:

• Device Manager → Network Adapter → Properties → Advanced → Network Address
• PowerShell:

Set-NetAdapterAdvancedProperty -Name "Ethernet" -DisplayName "Network Address" -DisplayValue "001122334455"

A system reboot or adapter reset may be required for the change to take effect.

Preventing MAC Spoofing

Network administrators can take the following steps to reduce the effectiveness of MAC spoofing:

• Implement 802.1X authentication
• Use dynamic ARP inspection (DAI)
• Monitor for duplicate MAC addresses or anomalies
• Bind MAC addresses to switch ports (port security)
• Log MAC address activity and trigger alerts on changes

Other Facts

• Virtual machines often allow MAC customization by default
• MAC addresses can reveal hardware vendors through the OUI (Organizationally Unique Identifier)
• MAC changes are local and do not affect router-level or internet-wide identifiers
• Some modern wireless networks track devices based on randomized MACs
• Several Linux distributions include built-in support for MAC randomization at boot