Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 09-21-2004, 11:40 AM   #1
Registered: Jul 2004
Location: Milpitas, California
Distribution: 1/2 Debian 1/2 my own
Posts: 189

Rep: Reputation: 30
duplicate MAC address detection

Hi, someone asked me how hard it would be for a typical university's network people to detect MAC address spoofing. He was getting bandwidth warnings saying that he has used more than five standard deviations of the mean. Since you're required to register your network card before you can access the university's LAN, I guess anytime you plug your computer in, it will know who the computer is registered to based on the MAC address.

So will falsifying the MAC address go unnoticed for the most part, or does the network automatically check for duplicates. If it finds a duplicate, what is the normal course of action?

BTW, nothing illegal is intended, just good old fashion privacy.
Old 09-21-2004, 11:50 AM   #2
Senior Member
Registered: Aug 2003
Location: UK
Distribution: Debian SID / KDE 3.5
Posts: 2,313

Rep: Reputation: 48
This is very easy to do, simply alter the mac of the network card, or if its built in the motherboard. Some network cards/motherboards don't allow this, but most of the better ones do.

I have a MSI K7N2 Delta with on board Networking, and its simply a setting in the BIOS.

Duplicates, are not always detetected, depends on what their using for authentication. I suspect that they would have duplicate detection going on, also they may only authorise MACs to certain locations.

Your probably not the first to think of this. Also they may have had problems in the past with multiple devices having the same MACs ( cheap mass produced stuff, sent out with the same MAC ). Theres a lot to think about with this.
Old 09-21-2004, 01:41 PM   #3
LQ Guru
Registered: Aug 2003
Location: Sydney, Australia
Distribution: Gentoo
Posts: 1,796

Rep: Reputation: 47
This little utility might help

It'll still be quite diffiicult to catch who's being naughty unless you can keep track of who connected to which port using what mac address at what time.

Gerneally speaking what happens when you have 2 duplicate MAC addresses on the network is that everything will still work, with the only exception that these 2 devices with identical mac addresses won't be able to talk to each other.
Duplicate mac addresses with different ips in the arp table is valid to most operating systems, and it goes undetected(because ARP protocol is stateless ie it'll accept any arp broadcasts, even if it didn't request it)
unless you deliberately try to detect them.

These high end Cisco switches(ok I'm not so familiar with them) probably implements some kind of mac address security, but definitely not these $30 no-brand 8 port switches you buy on the street.

Last edited by Demonbane; 09-21-2004 at 01:45 PM.
Old 02-16-2015, 09:06 AM   #4
Registered: Dec 2014
Posts: 34

Rep: Reputation: Disabled
Duplicate MAC Problem in WAN env.:

It gives an university campus WAN with more than 2 buildings but for the moment(building A and building B) that is enough. The server of my faculty is in Building B and have MAC Address x.y.z., and have the website of faculty. Suddenly I can reach the faculty website, ICMP doesn't work (ping, traceroute, tracert, until first hop), normally I call at Dept. of Digital Communications and they says that exist in Building A a duplicate of MAC Addres of my server....???? (wtf?) I ask for location they say that will investigate. So, how can I found the IP of the machine with duplicate MAC? How can I trace it in an WAN ?
Old 02-16-2015, 03:47 PM   #5
Registered: Mar 2008
Posts: 22,041

Rep: Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632
If I were a mod, I'd cut this last post out and create a new one maybe.

S3TH76, You might use tools like arp, wireshark and maybe a few others to watch data. From there you might be able to get an IP address. In actuality you can use arp to make a static ip address with this unknown mac. Then see if you can get any data off it.

From the prior posts, you can see that a single user may be duplicating the mac. In a strange possibility one could in fact at some time be on a lan with a real, duplicate mac. There aren't enough mac addresses.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to find an IP address from the MAC address of a remote machine ? jitz Linux - General 3 01-03-2006 07:55 AM
How to find IP address of a machine if I know their MAC Address dysenteryduke Linux - Networking 13 09-12-2005 10:21 AM
how to get ip address, broadcast address, mac address of a machine sumeshstar Programming 2 03-12-2005 04:33 AM
DHCP Server MAC Address found, IP address not assigned wmburke Linux - Wireless Networking 17 11-17-2004 10:33 AM
can duplicate MAC addresses exist ? mehargags Slackware 3 03-22-2004 01:46 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:06 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration