Duplicate MAC on same LAN

[affan]

Archived from groups: comp.dcom.lans.ethernet (More info?)

Can some one tell me exactly what happens if we have duplicate MAC
address on the same LAN (no switch in between). Also assume that they
have statily different IP's assigned. My gues is that both NIC's should
get the packet and if the s/w stack is correctly implemented, the
incorrect destination should then drop it.

Also I am guessing that if we have DHCP on this LAN, would we have two
hosts with same IP or some sort of IP ringing?

Thanks
Affan

 

[Guest]

Archived from groups: comp.dcom.lans.ethernet (More info?)

Affan wrote:
> Can some one tell me exactly what happens if we have duplicate MAC
> address on the same LAN (no switch in between). Also assume that they
> have statily different IP's assigned. My gues is that both NIC's should
> get the packet and if the s/w stack is correctly implemented, the
> incorrect destination should then drop it.

I can't tell you *exactly* what happens, but it appears that it should
work as long as you are not using other protocols that rely on the MAC
address. ARP will work. Anything requiring RARP would fail.

> Also I am guessing that if we have DHCP on this LAN, would we have two
> hosts with same IP or some sort of IP ringing?

Most likely, the first host to be issued an IP would work and the other
wouldn't. Many IP stacks validate an IP issued to them by a DHCP server
by pinging they address. If there's an answer, they don't use the
address. Many DHCP servers can be configured to do the same thing
before issuing an address to a client.

I'm curious, do you have some requirement for hosts to use the same MAC?
Or did you just find yourself with two NICs with the same MAC? In the
latter case, most modern NICs allow you to change the MAC.

NM

--
convert uppercase WORDS to single keystrokes to reply

 

[Guest]

Archived from groups: comp.dcom.lans.ethernet (More info?)

> :> and if the s/w stack is correctly implemented, the
> :> incorrect destination should then drop it.
>
> If the s/w stack is correctly implimented, the "incorrect" destination
> will offer a way of capturing all packets, such as for tcpdump /
> ethereal. When such a mode is activated, the exact details of what
> happens for mismatched IPs with the correct MAC varies. For example for
> some OS's, an icmp unreachable will be generated for protocols -other-
> than TCP or UDP, but the TCP and UDP stacks filter at a different point
> and know enough not to act on the packets. These differences in
> operation are exploited by "anti-sniffer" software designed to
> locate equipment that is snooping on the net.

Could you explain a little bit more on this? My question is based more on
curiosity of how deterimental the effect of having duplicate MAC's on the
same LAN would be. As far as I can see, if they are on the same LAN (again
with switches we would have the port ringin => delays), the effect shouldt
be that significant, esp for say and TCP/UDP traffic.

Thanks everyone for satisfying the curisosity of a student.

Regards

Affan

 

[Stephen]

Archived from groups: comp.dcom.lans.ethernet (More info?)

"Affan" <affanahmed@gmail.com> wrote in message
news:1106415398.729518.154750@c13g2000cwb.googlegroups.com...
> Can some one tell me exactly what happens if we have duplicate MAC
> address on the same LAN (no switch in between). Also assume that they
> have statily different IP's assigned. My gues is that both NIC's should
> get the packet and if the s/w stack is correctly implemented, the
> incorrect destination should then drop it.

yes - assuming they connect to a shared segment (i.e. a co-ax link or a
repeater), then they both get a copy.

in fact it doesnt matter whether they have the same or different IP
addresses.... or at least the Ethernet doesnt care.

some forms of multi server load balancing used to exploit this - microsoft
server load balancing for 1 could be set with a common MAC across 2 or more
servers so that each incoming request arrived at each server.

the servers then co-operated to decide which server should reply. this
became much less common once switches became the standard building blocks
for LANs.
>
> Also I am guessing that if we have DHCP on this LAN, would we have two
> hosts with same IP or some sort of IP ringing?


>
> Thanks
> Affan
--
Regards

Stephen Hope - return address needs fewer xxs

 

[Stephen]

Archived from groups: comp.dcom.lans.ethernet (More info?)

"Affan Syed" <asyed@usc.edu> wrote in message
news:csv7l8$9oa$1@gist.usc.edu...
> > :> and if the s/w stack is correctly implemented, the
> > :> incorrect destination should then drop it.
> >
> > If the s/w stack is correctly implimented, the "incorrect" destination
> > will offer a way of capturing all packets, such as for tcpdump /
> > ethereal. When such a mode is activated, the exact details of what
> > happens for mismatched IPs with the correct MAC varies. For example for
> > some OS's, an icmp unreachable will be generated for protocols -other-
> > than TCP or UDP, but the TCP and UDP stacks filter at a different point
> > and know enough not to act on the packets. These differences in
> > operation are exploited by "anti-sniffer" software designed to
> > locate equipment that is snooping on the net.
>
> Could you explain a little bit more on this? My question is based more on
> curiosity of how deterimental the effect of having duplicate MAC's on the
> same LAN would be. As far as I can see, if they are on the same LAN (again
> with switches we would have the port ringin => delays), the effect shouldt
> be that significant, esp for say and TCP/UDP traffic.

i will Walter answer your direct Q - but there is an invalid assumption
here.

my previous answer was about what happens if there are duplicate MACs on a
hub - which doesnt seem to be a problem in practice.

if you use switches and have duplicate active MAC addresses at 2 different
points, then you may have major problems with a duplicate MAC causing side
effects.

The problem is that noticing that the MAC "appears" at 2 different points
and altering the switch tables and setup within the network is a processor
driven activity.

So - high traffic levels on 2 or more ports from duplicate MACs is likely to
generate lots of processor load - and severely overloading a switch
processor tends to cause lots of problems

in the worst case i have seen loss of management, then loss of control
protocols such as spanning tree, or layer 3 control - and in turn that can
cause instability across a campus

>
> Thanks everyone for satisfying the curisosity of a student.
>
> Regards
>
> Affan
--
Regards

Stephen Hope - return address needs fewer xxs

 

[Guest]

Archived from groups: comp.dcom.lans.ethernet (More info?)

In article <csv7l8$9oa$1@gist.usc.edu>, Affan Syed <asyed@usc.edu> wrote:
:> When such a mode is activated, the exact details of what
:> happens for mismatched IPs with the correct MAC varies.

:> These differences in
:> operation are exploited by "anti-sniffer" software designed to
:> locate equipment that is snooping on the net.

:Could you explain a little bit more on this?

The particular software I was thinking of was L0pht's anti-sniffer
released in 1999. packetstormsecurity appears to have similar software,
http://packetstormsecurity.nl/sniffers/antisniff/as-101.exe
--
Warhol's Law: every Usenet user is entitled to his or her very own
fifteen minutes of flame -- The Squoire