Re: mac duplication

From: Miles Stevenson (miles_at_mstevenson.org)
Date: 12/12/03

  • Next message: Burton M. Strauss III: "RE: mac duplication" 
    To: Dev <u02113@cs.unipune.ernet.in>
Date: Fri, 12 Dec 2003 15:02:04 -0500

    Devrat,

    I'm pretty sure that each switch will handle such a situation in it's
    own way. Not sure what kind of OS that D-Link switches run, but if you
    dig around enough, I'm sure you will be able to find out how Cisco IOS
    reacts to seeing 2 ports sharing the same MAC. Of course that doesn't
    mean that a D-Link switch will react the same way.

    Just a thought.

    -Miles
    On Fri, 2003-12-12 at 05:17, Dev wrote:
    > hi ppl, please redirect me to a different mailing list if this is not the appropriate list to post to.
    >
    > I did the following experiment:
    >
    > I have a switched ethernet network in my university.
    > I wanted to capture packets meant for a certain machine on a different port of a Dlink switch. I thought that arp poisoning would be too noisy - arpwatch can catch it, & its too bulky for the MITM machine (in case we are poisoning a heavily loaded server machine.)
    > & So i duplicated the mac of the victim machine on my own machine.
    >
    > What i saw was this:
    >
    > ping packet drop rate for any of the two machines from a third machine varied from 40 to almost 80 %. Also say telnet sessions to any of the two machines (which had now the same mac addresses) worked with notable 4-5 second lockups.
    >
    > Further i could not ping the other machine from one of the duplicated machines. (the last one is okay - it makes a lot of sense)
    >
    > My premise is that the problem in connectivity is coming becoz the OS does not fall back to half duplex mode when two machines take up the same mac address??
    >
    > can anyone plz tell me about the behaviour. How do i set up mac duplication in that case so that i can sniff data.
    >
    > I dont want to hurt network performance. & so dont want to do mac flooding. Anyways i m not even sure the switches we have here would resort to broadcast mode in case of mac flooding.
    >
    > Last but not the least its my second message to the list, & people were really helpful in discussing about my queries in my first message.
    >
    > Mailing lists rock..
    >
    > Devrat 

    -- 
Miles Stevenson
miles@mstevenson.org

  • Next message: Burton M. Strauss III: "RE: mac duplication"

    Relevant Pages

    • RE: Exploit code for IP Smart Spoofing
      ... If there is a MAC violation, this is logged and the port is ... traffic of one other host on the switch. ... but there is no way to protect against ...
      (Bugtraq)
    • Re: Network scanning
      ... > level before the switch will enable that port... ... > new MAC and disable the port. ... >> informieren Sie bitte sofort den Absender und vernichten ... Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich ...
      (Security-Basics)
    • Re: Leopard market share???
      ... only), MacBook Pro C2Duo connecting wirelessly, Mac Pro directly connected to switch. ... Airport Extreme connected to switch and to cable modem. ... Ethernet configured automatically (If the MP is set to a large MTU it can no longer administer the Airport Extreme!) ... I have been working with networking for over 15 years. ...
      (comp.sys.mac.advocacy)
    • Re: Leopard market share???
      ... GreyCloud wrote: ... another Mac. ... Airport Extreme connected to switch and to ... I've been into networking since the early 80s. ...
      (comp.sys.mac.advocacy)
    • Re: mac duplication
      ... The other gentleman is right that each switch will handle the situation ... > I have a switched ethernet network in my university. ... > & So i duplicated the mac of the victim machine on my own machine. ... > Mailing lists rock.. ...
      (Vuln-Dev)
    • Quantcast