| Author |
Message |
Affan
Guest
|
 Posted:
Sat Jan 22, 2005 10:36 pm Post subject:
Duplicate MAC on same LAN |
|
|
Can some one tell me exactly what happens if we have duplicate MAC
address on the same LAN (no switch in between). Also assume that they
have statily different IP's assigned. My gues is that both NIC's should
get the packet and if the s/w stack is correctly implemented, the
incorrect destination should then drop it.
Also I am guessing that if we have DHCP on this LAN, would we have two
hosts with same IP or some sort of IP ringing?
Thanks
Affan |
|
| Back to top |
|
 |
James Knott
Guest
|
| Posted:
Sat Jan 22, 2005 11:08 pm Post subject:
Re: Duplicate MAC on same LAN |
|
|
Affan wrote:
| Quote: | Can some one tell me exactly what happens if we have duplicate MAC
address on the same LAN (no switch in between). Also assume that they
have statily different IP's assigned. My gues is that both NIC's should
get the packet and if the s/w stack is correctly implemented, the
incorrect destination should then drop it.
|
If I recall correctly, if a NIC detects a duplicate MAC, it's supposed to
shut down. Also, a switch will have no effect, as it's supposed to be
transparent.
| Quote: |
Also I am guessing that if we have DHCP on this LAN, would we have two
hosts with same IP or some sort of IP ringing?
Thanks
Affan |
|
|
| Back to top |
|
|
Walter Roberson
Guest
|
| Posted:
Sat Jan 22, 2005 11:27 pm Post subject:
Re: Duplicate MAC on same LAN |
|
|
In article <x7SdnSehJbYCC2_cRVn-3w@rogers.com>,
James Knott <james.knott@rogers.com> wrote:
:Affan wrote:
:> Can some one tell me exactly what happens if we have duplicate MAC
:> address on the same LAN (no switch in between). Also assume that they
:> have statily different IP's assigned.
:If I recall correctly, if a NIC detects a duplicate MAC, it's supposed to
:shut down. Also, a switch will have no effect, as it's supposed to be
:transparent.
No, a switch is a form of learning bridge, which means that it has
to watch the source MAC addresses on the packets going through and
record the MAC against that port. Then when a packet comes in destined
for that MAC, the switch sends it only to the appropriate port. In
the case where you have two devices on the same VLAN with the same MAC,
the switch would send the packet to whichever of the ports that
had last received a packet with that MAC -- each received packet
re-learns the location, so you can end up with "port-flapping"
[which can be a serious problem if you have multiple VLANs but your
switch does not do per-VLAN MAC learning.]
--
Studies show that the average reader ignores 106% of all statistics
they see in .signatures. |
|
| Back to top |
|
|
News Me
Guest
|
| Posted:
Sat Jan 22, 2005 11:36 pm Post subject:
Re: Duplicate MAC on same LAN |
|
|
James Knott wrote:
[snip]
| Quote: | If I recall correctly, if a NIC detects a duplicate MAC, it's supposed to
shut down. Also, a switch will have no effect, as it's supposed to be
transparent.
[snip] |
Huh? A switch would most certainly have an effect, at least if it's
switching at layer 2. In this case the switch's forwarding table(s) are
based on the MAC address of the hosts. With two hosts sharing a MAC
address, the switch's forwarding table will be changed as the two hosts
alternate speaking on the LAN. Only the host that last spoke will
receive unicast traffic to the MAC address in question.
NM
--
convert uppercase WORDS to single keystrokes to reply |
|
| Back to top |
|
|
News Me
Guest
|
| Posted:
Sat Jan 22, 2005 11:43 pm Post subject:
Re: Duplicate MAC on same LAN |
|
|
Affan wrote:
| Quote: | Can some one tell me exactly what happens if we have duplicate MAC
address on the same LAN (no switch in between). Also assume that they
have statily different IP's assigned. My gues is that both NIC's should
get the packet and if the s/w stack is correctly implemented, the
incorrect destination should then drop it.
|
I can't tell you *exactly* what happens, but it appears that it should
work as long as you are not using other protocols that rely on the MAC
address. ARP will work. Anything requiring RARP would fail.
| Quote: | Also I am guessing that if we have DHCP on this LAN, would we have two
hosts with same IP or some sort of IP ringing?
|
Most likely, the first host to be issued an IP would work and the other
wouldn't. Many IP stacks validate an IP issued to them by a DHCP server
by pinging they address. If there's an answer, they don't use the
address. Many DHCP servers can be configured to do the same thing
before issuing an address to a client.
I'm curious, do you have some requirement for hosts to use the same MAC?
Or did you just find yourself with two NICs with the same MAC? In the
latter case, most modern NICs allow you to change the MAC.
NM
--
convert uppercase WORDS to single keystrokes to reply |
|
| Back to top |
|
|
Walter Roberson
Guest
|
| Posted:
Sat Jan 22, 2005 11:45 pm Post subject:
Re: Duplicate MAC on same LAN |
|
|
In article <x7SdnSehJbYCC2_cRVn-3w@rogers.com>,
James Knott <james.knott@rogers.com> wrote:
:Affan wrote:
:> Can some one tell me exactly what happens if we have duplicate MAC
:> address on the same LAN (no switch in between). Also assume that they
:> have statily different IP's assigned. My gues is that both NIC's should
:> get the packet and if the s/w stack is correctly implemented, the
:> incorrect destination should then drop it.
:If I recall correctly, if a NIC detects a duplicate MAC, it's supposed to
:shut down.
That is if the NIC -detects- that something else is using it's MAC.
Which would require that the other device transmits packets.
There is a form of stateful failover that is sometimes implimented which is
handled by having two devices both assuming the same MAC, so that
the standby device receives a copy of all the packets destined to
the master device, and follows along in its song-book. When the master
device dies, the standby device assumes control without having to
kill the connections. The same thing could, of course, also be done
with the secondary device snooping for those packets and changing it's
MAC address when the master fails.
:> and if the s/w stack is correctly implemented, the
:> incorrect destination should then drop it.
If the s/w stack is correctly implimented, the "incorrect" destination
will offer a way of capturing all packets, such as for tcpdump /
ethereal. When such a mode is activated, the exact details of what
happens for mismatched IPs with the correct MAC varies. For example for
some OS's, an icmp unreachable will be generated for protocols -other-
than TCP or UDP, but the TCP and UDP stacks filter at a different point
and know enough not to act on the packets. These differences in
operation are exploited by "anti-sniffer" software designed to
locate equipment that is snooping on the net.
--
Ceci, ce n'est pas une idée. |
|
| Back to top |
|
|
James Knott
Guest
|
| Posted:
Sun Jan 23, 2005 1:26 am Post subject:
Re: Duplicate MAC on same LAN |
|
|
Walter Roberson wrote:
| Quote: | :> Can some one tell me exactly what happens if we have duplicate MAC
:> address on the same LAN (no switch in between). Also assume that they
:> have statily different IP's assigned.
:If I recall correctly, if a NIC detects a duplicate MAC, it's supposed to
:shut down. Also, a switch will have no effect, as it's supposed to be
:transparent.
No, a switch is a form of learning bridge, which means that it has
to watch the source MAC addresses on the packets going through and
record the MAC against that port. Then when a packet comes in destined
for that MAC, the switch sends it only to the appropriate port. In
the case where you have two devices on the same VLAN with the same MAC,
the switch would send the packet to whichever of the ports that
had last received a packet with that MAC -- each received packet
re-learns the location, so you can end up with "port-flapping"
[which can be a serious problem if you have multiple VLANs but your
switch does not do per-VLAN MAC learning.]
|
Quite so. I wasn't thinking straight. Not enough coffee... Or is it too
much?? ;-) |
|
| Back to top |
|
|
stephen
Guest
|
| Posted:
Sun Jan 23, 2005 1:44 am Post subject:
Re: Duplicate MAC on same LAN |
|
|
"Affan" <affanahmed@gmail.com> wrote in message
news:1106415398.729518.154750@c13g2000cwb.googlegroups.com...
| Quote: | Can some one tell me exactly what happens if we have duplicate MAC
address on the same LAN (no switch in between). Also assume that they
have statily different IP's assigned. My gues is that both NIC's should
get the packet and if the s/w stack is correctly implemented, the
incorrect destination should then drop it.
|
yes - assuming they connect to a shared segment (i.e. a co-ax link or a
repeater), then they both get a copy.
in fact it doesnt matter whether they have the same or different IP
addresses.... or at least the Ethernet doesnt care.
some forms of multi server load balancing used to exploit this - microsoft
server load balancing for 1 could be set with a common MAC across 2 or more
servers so that each incoming request arrived at each server.
the servers then co-operated to decide which server should reply. this
became much less common once switches became the standard building blocks
for LANs.
| Quote: |
Also I am guessing that if we have DHCP on this LAN, would we have two
hosts with same IP or some sort of IP ringing?
|
Regards
Stephen Hope - return address needs fewer xxs |
|
| Back to top |
|
|
Affan Syed
Guest
|
| Posted:
Sun Jan 23, 2005 8:00 am Post subject:
Re: Duplicate MAC on same LAN |
|
|
| Quote: | :> and if the s/w stack is correctly implemented, the
:> incorrect destination should then drop it.
If the s/w stack is correctly implimented, the "incorrect" destination
will offer a way of capturing all packets, such as for tcpdump /
ethereal. When such a mode is activated, the exact details of what
happens for mismatched IPs with the correct MAC varies. For example for
some OS's, an icmp unreachable will be generated for protocols -other-
than TCP or UDP, but the TCP and UDP stacks filter at a different point
and know enough not to act on the packets. These differences in
operation are exploited by "anti-sniffer" software designed to
locate equipment that is snooping on the net.
|
Could you explain a little bit more on this? My question is based more on
curiosity of how deterimental the effect of having duplicate MAC's on the
same LAN would be. As far as I can see, if they are on the same LAN (again
with switches we would have the port ringin => delays), the effect shouldt
be that significant, esp for say and TCP/UDP traffic.
Thanks everyone for satisfying the curisosity of a student.
Regards
Affan |
|
| Back to top |
|
|
stephen
Guest
|
| Posted:
Sun Jan 23, 2005 3:57 pm Post subject:
Re: Duplicate MAC on same LAN |
|
|
"Affan Syed" <asyed@usc.edu> wrote in message
news:csv7l8$9oa$1@gist.usc.edu...
| Quote: | :> and if the s/w stack is correctly implemented, the
:> incorrect destination should then drop it.
If the s/w stack is correctly implimented, the "incorrect" destination
will offer a way of capturing all packets, such as for tcpdump /
ethereal. When such a mode is activated, the exact details of what
happens for mismatched IPs with the correct MAC varies. For example for
some OS's, an icmp unreachable will be generated for protocols -other-
than TCP or UDP, but the TCP and UDP stacks filter at a different point
and know enough not to act on the packets. These differences in
operation are exploited by "anti-sniffer" software designed to
locate equipment that is snooping on the net.
Could you explain a little bit more on this? My question is based more on
curiosity of how deterimental the effect of having duplicate MAC's on the
same LAN would be. As far as I can see, if they are on the same LAN (again
with switches we would have the port ringin => delays), the effect shouldt
be that significant, esp for say and TCP/UDP traffic.
|
i will Walter answer your direct Q - but there is an invalid assumption
here.
my previous answer was about what happens if there are duplicate MACs on a
hub - which doesnt seem to be a problem in practice.
if you use switches and have duplicate active MAC addresses at 2 different
points, then you may have major problems with a duplicate MAC causing side
effects.
The problem is that noticing that the MAC "appears" at 2 different points
and altering the switch tables and setup within the network is a processor
driven activity.
So - high traffic levels on 2 or more ports from duplicate MACs is likely to
generate lots of processor load - and severely overloading a switch
processor tends to cause lots of problems
in the worst case i have seen loss of management, then loss of control
protocols such as spanning tree, or layer 3 control - and in turn that can
cause instability across a campus
| Quote: |
Thanks everyone for satisfying the curisosity of a student.
Regards
Affan
-- |
Regards
Stephen Hope - return address needs fewer xxs |
|
| Back to top |
|
|
Walter Roberson
Guest
|
| Posted:
Mon Jan 24, 2005 4:08 am Post subject:
Re: Duplicate MAC on same LAN |
|
|
In article <csv7l8$9oa$1@gist.usc.edu>, Affan Syed <asyed@usc.edu> wrote:
:> When such a mode is activated, the exact details of what
:> happens for mismatched IPs with the correct MAC varies.
:> These differences in
:> operation are exploited by "anti-sniffer" software designed to
:> locate equipment that is snooping on the net.
:Could you explain a little bit more on this?
The particular software I was thinking of was L0pht's anti-sniffer
released in 1999. packetstormsecurity appears to have similar software,
http://packetstormsecurity.nl/sniffers/antisniff/as-101.exe
--
Warhol's Law: every Usenet user is entitled to his or her very own
fifteen minutes of flame -- The Squoire |
|
| Back to top |
|
|
glen herrmannsfeldt
Guest
|
| Posted:
Tue Jan 25, 2005 8:01 am Post subject:
Re: Duplicate MAC on same LAN |
|
|
News Me wrote:
| Quote: | James Knott wrote:
[snip]
If I recall correctly, if a NIC detects a duplicate MAC, it's supposed to
shut down. Also, a switch will have no effect, as it's supposed to be
transparent.
[snip]
Huh? A switch would most certainly have an effect, at least if it's
switching at layer 2. In this case the switch's forwarding table(s) are
based on the MAC address of the hosts. With two hosts sharing a MAC
address, the switch's forwarding table will be changed as the two hosts
alternate speaking on the LAN. Only the host that last spoke will
receive unicast traffic to the MAC address in question.
|
That is what normally happens, but I don't know about this
case. A switch that doesn't know the destination should send
it on all ports. It it is getting the same MAC from more than
one port, it could decide that it doesn't know the port. Consider
that it might be sending to one port when a frame comes in with
the same MAC address on a different port.
-- glen |
|
| Back to top |
|
|
Walter Roberson
Guest
|
| Posted:
Tue Jan 25, 2005 1:37 pm Post subject:
Re: Duplicate MAC on same LAN |
|
|
In article <mPydnbS6-6LXf2jcRVn-3g@comcast.com>,
glen herrmannsfeldt <gah@ugcs.caltech.edu> wrote:
:News Me wrote:
:> Huh? A switch would most certainly have an effect, at least if it's
:> switching at layer 2.
:That is what normally happens, but I don't know about this
:case. A switch that doesn't know the destination should send
:it on all ports.
All ports within the same VLAN, yes.
:It it is getting the same MAC from more than
:one port, it could decide that it doesn't know the port.
It -could-, but it is unlikely. Switches are built to take into
account the possibility that a device will move before their
table time out, and update their tables almost immediately
when that happens. If the MAC shows up on two different ports,
then port-flapping is the usual result.
I believe I have heard of some switches with port-flapping
protection. If I recall correctly, those switches usually effectively
shut down transmissions to that MAC for a time -- dropping
the relevant packets rather than flooding them. Switches I
haven't encountered yet might handle things differently.
--
WW{Backus,Church,Dijkstra,Knuth,Hollerith,Turing,vonNeumann}D ? |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in