|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: mac duplication
From: Miles Stevenson (miles
mstevenson.org)
Date: Fri Dec 12 2003 - 14:02:04 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Devrat,
I'm pretty sure that each switch will handle such a situation in it's
own way. Not sure what kind of OS that D-Link switches run, but if you
dig around enough, I'm sure you will be able to find out how Cisco IOS
reacts to seeing 2 ports sharing the same MAC. Of course that doesn't
mean that a D-Link switch will react the same way.
Just a thought.
-Miles
On Fri, 2003-12-12 at 05:17, Dev wrote:
> hi ppl, please redirect me to a different mailing list if this is not the appropriate list to post to.
>
> I did the following experiment:
>
> I have a switched ethernet network in my university.
> I wanted to capture packets meant for a certain machine on a different port of a Dlink switch. I thought that arp poisoning would be too noisy - arpwatch can catch it, & its too bulky for the MITM machine (in case we are poisoning a heavily loaded server machine.)
> & So i duplicated the mac of the victim machine on my own machine.
>
> What i saw was this:
>
> ping packet drop rate for any of the two machines from a third machine varied from 40 to almost 80 %. Also say telnet sessions to any of the two machines (which had now the same mac addresses) worked with notable 4-5 second lockups.
>
> Further i could not ping the other machine from one of the duplicated machines. (the last one is okay - it makes a lot of sense)
>
> My premise is that the problem in connectivity is coming becoz the OS does not fall back to half duplex mode when two machines take up the same mac address??
>
> can anyone plz tell me about the behaviour. How do i set up mac duplication in that case so that i can sniff data.
>
> I dont want to hurt network performance. & so dont want to do mac flooding. Anyways i m not even sure the switches we have here would resort to broadcast mode in case of mac flooding.
>
> Last but not the least its my second message to the list, & people were really helpful in discussing about my queries in my first message.
>
> Mailing lists rock..
>
> Devrat
--
Miles Stevenson
milesmstevenson.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQA/2h67Mp+InXZ9L2MRAjDjAKCLsl9I1MLNxVbNYa6Rz9RQAUuDRQCgh8Et
qq2mUEULtwCQFT/inaAMALk=
=lQSQ
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]