Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi, someone asked me how hard it would be for a typical university's network people to detect MAC address spoofing. He was getting bandwidth warnings saying that he has used more than five standard deviations of the mean. Since you're required to register your network card before you can access the university's LAN, I guess anytime you plug your computer in, it will know who the computer is registered to based on the MAC address.
So will falsifying the MAC address go unnoticed for the most part, or does the network automatically check for duplicates. If it finds a duplicate, what is the normal course of action?
BTW, nothing illegal is intended, just good old fashion privacy.
This is very easy to do, simply alter the mac of the network card, or if its built in the motherboard. Some network cards/motherboards don't allow this, but most of the better ones do.
I have a MSI K7N2 Delta with on board Networking, and its simply a setting in the BIOS.
Duplicates, are not always detetected, depends on what their using for authentication. I suspect that they would have duplicate detection going on, also they may only authorise MACs to certain locations.
Your probably not the first to think of this. Also they may have had problems in the past with multiple devices having the same MACs ( cheap mass produced stuff, sent out with the same MAC ). Theres a lot to think about with this.
It'll still be quite diffiicult to catch who's being naughty unless you can keep track of who connected to which port using what mac address at what time.
Gerneally speaking what happens when you have 2 duplicate MAC addresses on the network is that everything will still work, with the only exception that these 2 devices with identical mac addresses won't be able to talk to each other.
Duplicate mac addresses with different ips in the arp table is valid to most operating systems, and it goes undetected(because ARP protocol is stateless ie it'll accept any arp broadcasts, even if it didn't request it)
unless you deliberately try to detect them.
These high end Cisco switches(ok I'm not so familiar with them) probably implements some kind of mac address security, but definitely not these $30 no-brand 8 port switches you buy on the street.
It gives an university campus WAN with more than 2 buildings but for the moment(building A and building B) that is enough. The server of my faculty is in Building B and have MAC Address x.y.z., and have the website of faculty. Suddenly I can reach the faculty website, ICMP doesn't work (ping, traceroute, tracert, until first hop), normally I call at Dept. of Digital Communications and they says that exist in Building A a duplicate of MAC Addres of my server....???? (wtf?) I ask for location they say that will investigate. So, how can I found the IP of the machine with duplicate MAC? How can I trace it in an WAN ?
If I were a mod, I'd cut this last post out and create a new one maybe.
S3TH76, You might use tools like arp, wireshark and maybe a few others to watch data. From there you might be able to get an IP address. In actuality you can use arp to make a static ip address with this unknown mac. Then see if you can get any data off it.
From the prior posts, you can see that a single user may be duplicating the mac. In a strange possibility one could in fact at some time be on a lan with a real, duplicate mac. There aren't enough mac addresses.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.