Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
On a LAN, if I have one machine with an IP of 192.168.0.1, and then, with ifconfig, if I say ANOTHER machine on that LAN has an IP of 192.168.0.1, and then a third machine broadcasts a packet with that IP, will both these machines get it? If not, why not?
(I was thinking, it'd be really easy to start sniffing that way, right?)
If two machines on the same subnetwork use the same IP, there will be a conflict and probably neither of them will be able to use the network, or will be reachable by another machine.
Also, sniffing has nothing to do with what you describe; this is called spoofing. In order to sniff packets you must put your adapter in promiscuous mode.
One more thing. Ethernet doesn't work in IP level. It works with MAC addresses.
Last edited by segmentation_fault; 08-07-2012 at 01:25 AM.
If you broadcast something, both machines with that IP Address will get it. But it won't help much. If you are on TCP level, the applications rely on established connections, and that will not really work if two machines want to establish a connection at the same time from the same IP Address. There is no way you can sniff anything useful that way - for sniffing you don't even need to have any IP Address, because it is performed on a higher layer. Being on a hub network is enough, you'll get each and every ethernet frame that way.
I might be wrong but if two are on a segment and have the same ip then either the lower of the mac gets locked in or the first in arp gets locked in. Might have to double check that.
Arp is used to map mac to ip so that is part of the issue. That is where I believe it gets locked in. Arp gets lost after some small amount of time so the head arp asker goes out and asks who has 192.168.0.1 and waits for replies. Then it decides which is which to use.
Don't be fooled by the HTML 3.0 look. It's one of the clearest descriptions of how tcp/ip works you will find. (I first stumbled on this on a dot-edu site; my guess is the author retired or moved to another job and put the pages up unchanged on his own domain.)
I might be wrong but if two are on a segment and have the same ip then either the lower of the mac gets locked in or the first in arp gets locked in. Might have to double check that.
Arp is used to map mac to ip so that is part of the issue. That is where I believe it gets locked in. Arp gets lost after some small amount of time so the head arp asker goes out and asks who has 192.168.0.1 and waits for replies. Then it decides which is which to use.
Actually what happens is that the mac address will flip flop between the two ports on the switch effectively shredding any attempted upper layer sessions. A Cisco swich will report this as a mac address that has seen too many "moves".
Two devices can only "share" and IP address via a mediation mechanism like HSRP, VRRP, GLBP etc. Two simple hosts with the same config will not work properly, either of them.
Hi,
On a LAN, if I have one machine with an IP of 192.168.0.1, and then, with ifconfig, if I say ANOTHER machine on that LAN has an IP of 192.168.0.1, and then a third machine broadcasts a packet with that IP, will both these machines get it? If not, why not?
(I was thinking, it'd be really easy to start sniffing that way, right?)
Thanks.
You are in effect correct. You can use something called ARP spoofing to play man in the middle and can effectively sniff that traffic. Its not quite as simple as what you describe but in essence that what happens.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.