Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am facing problem on Server regarding MAC address. I dont know how Server bahaves like this. Problem is that server starts to show mac addresses of all connected hosts same. I mean if 30 hosts are connected in LAN then when I give command
$> arp
it shows 30 hosts with different IPs but same MAC. like this
host1 ether B2:CC:BA:E9:CB:AE C eth0
host2 ether B2:CC:BA:E9:CB:AE C eth0
host3 ether B2:CC:BA:E9:CB:AE C eth0
host4 ether B2:CC:BA:E9:CB:AE C eth0
host5 ether B2:CC:BA:E9:CB:AE C eth0
Can anyone tell me where the problem is and how can I resolve it.
is that a real mac address? i can't find the vendor id in any online databases of them: http://standards.ieee.org/regauth/oui/index.shtml sounds like somethign is masquarading the addresses or something, but knowing who commericially owns that mac address would help you out an awful lot.
No there is no MAC like this on our intranet. But it shows specifically this MAC in arp.
I should provide more detail.
It’s an internet gateway. LAN on eth0 and internet on eth1. I have masqueraded some IPs also.
It happens suddenly and when it happens System don’t respond to any query not even ping on that network interface (eth0). But other interface which is connected to internet (eth1) is working fine. One more thing is that other computers on network communicate each other fine that is network is fine.
When it happened I manually remove all the entries from arp table and restart services but nothing. After sometime it starts working itself. I don’t know how.
I think found some solution. I have manually added arp entries and its working. But I think its not a permanent solution. Infact I used 'tcpdump arp' but could not found the packets due to which arp cache was affected. There was no prob in network and someone was perhaps sending arp replies.
What else can I do to avoid such attacks and how further someone can manipulate my arp cache?
I am still anxious to track the person who is doing it. If there is any other solution then please let me know.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.