I'm sniffing my current connection, but I have a second computer linked to mine with ICS. And my application makes no difference between the two. How can I detect the second one and filter it?
You could filter by source/destination IP if either one is your PC's IP.
The way to do that is ignoring the packets that are from Mac to Mac from the same machine, that means they are looping to the second one.
Related
Chromebooks at a certain facility will not work with static IPs, and they have reserved IP addresses, but for some odd reason they will not grab those from the DCHP server. By toggling Configure IP address automatically off for a few seconds and back on, the Chromebook gets its reserved IP and works fine. In about 6-8 months we will be changing the entire network and resolving this issue, but in the meantime if I could create a shortcut method for the end users to be able to do this easily it would be a big stone out of my shoe...
I had forgotten I posted this. In order to resolve the issue, I did use "code" and "programming" to create a script that would do what I described above. So, it wasn't a networking question, it was a programming question.
I'm looking for a solution to find out about the MAC number of a user using asp.net website. I know you can get an IP address (don't know why but it can't be complicated) but can i find out the MAC address having the IP?
Edit: I mean programmatically (not manually) in .NET
The IP address is necessary for routing the communication between the client system requesting the information and the server. You can get it, because the IP address is pulled from a lower level in the TCP/IP stack (level 3 I believe). The MAC Address isn't necessary for any of this and hence it isn't included in the communication between the client and the server.
If your site is trusted, you can do this in IE:
http://www.devarticles.com/c/a/JavaScript/Advanced-JavaScript-with-Internet-Explorer-Retrieving-Networking-Configuration-Information/1/
I wouldn't expect it to work for any typical visitors, just users who's systems you already control, like on your local network. There may be a second way in IE if you can find a common activex that generates a guid using CoCreateGuid. It returns the mac address in part of the guid. I wouldn't bet on finding one that's commonly installed though.
no chance to get this sorry.
Even if you could it would not make sense to attempt to get this, when I access a website on the internet my MAC address never leaves my home network.
Ok if the user was on the same LAN say in a company intranet for example this could be determined by having the ip address and using command line tools like arp.
ARP stands for Address Resolution Protocol and it can be used for finding a host's link layer (hardware) address when only its Internet Layer (IP) or some other Network Layer address is known.
Java 6 has a NetworkInterface#getHardwareAddress() method which usually returns the MAC address of the computer in question. You could create a small Java applet to communicate with your web server to obtain the MAC address, though there are ways and means of spoofing a MAC address.
The MAC address you get might not be practical to use. If someone has multiple network adapters then they also have multiple MAC addresses. And it's not uncommon anymore that someone has two networks. (For example, bluetooth, regular cabled and WiFi would already be three.)
A MAC address is just for identification and it can be requested. The Address Resolution Protocol is created for this purpose. By arping you can get a MAC address. Unfortunately, this only works on local networks, not on the Internet. I think that by using IPv6, you might also have a few options. Although I think it would still be limited to just a local system.
Getting the MAC address of your visitor might be considered inappropriate and perhaps even criminal since a MAC address is generally used as an unique identifier. This information could be misused by hackers, especially when the hacker manages to gain physical access to the users network. It would allow him to impersonate the user. Your site might make some security specialists very unhappy...
At http://www.ipaddresslocation.org/find-mac-address.php there's a Java applet which they claim will work. It doesn't on my system with Google Chrome, though.
I have a similar problem (I'm using the client device MAC address as a key to target different content at different devices). This thread has been useful. Given that there seems to be no way to do this implicitly I have instead included the MAC address as one of the parameters passed by the client to the web service.
(N.B. This is not a generic answer, it only makes sense where the client and server are tightly integrated and where there is scope for passing data with the call.)
I don't think this is possible on any platform.
I mean how can a mere website tell my I.P. address and the ports that are available to forward? For example what do I have to do in order to incorporate this kind of facility on my website?
A website must know what your IP address is, otherwise how else would it know where to send the data packets back to?
Also it does not know which ports "are available to forward". It only knows which port your request originates from (this port is random).
Your computer may be making many requests simultaneously from various programs, so knowing the correct IP address makes sure the data gets back to the right computer, and knowing the correct port makes sure it goes to the correct program (or more specifically, the correct process).
I have a network of computers connected in form of a graph.
I want to ping from one computer(A) to another computer(B). A and B are connected to each other through many different ways, but I want to PING via only a particular edges only. I have the information of the edges to be followed during pinging available at both A and B.
How should I do this?
You could source route the ping but the return would choose its own path.
Furthermore, source-routed packets are often filtered due to security concerns. (Not always, they are useful and sometimes even required at edge routers.)
If the machines are under your local administrative control, then you could ensure that source-routed packets are permitted. As long as you are able to start a daemon on machine B, you could also easily enough design your own ping protocol that generates source-routed echo returns.
Well, this is actually done by routing protocols that are configured on the media in between the computers (routers I expect). I think there isn't a way where you can say "use that specific route". The routers have different protocols (OSPF, EIGRP, RIPv2) and they do the load balancing. The only way you would be sure of one specific route is to use static routing, but this isn't dynamically done where your computer decides the route.
This is normal because :
if you would be able to chose a route, DoS would be quite easy to do to kill one route.
How can I detect if another host is using the same MAC address as the current host, e.g. because the other host is spoofing?
I'm working in an embedded environment, so looking for answers on a protocol level, rather than “use such and such a tool”.
Edit: RARP does not solve this problem. For RARP to get any reply at all, there has to be at least one host on the segment which supports RARP. Since RARP is obsolete, modern operating systems don't support it. Furthermore, all RARP can do is tell you your own IP address - the response won't be any different if there’s another host on the segment with the same MAC, unless that host has itself used a different IP address.
This question is too interesting to put down! After several false starts I started thinking about the essential components of the problem and scoured the RFCs for advice. I haven't found a definitive answer, but here's my thought process, in the hope that it helps:
The original question asks how to detect another device with your MAC address. Assuming you're on an IP network, what's required to accomplish this?
The passive method would be simply to listen to traffic and look for any packets that you didn't transmit but have your MAC address. This may or may not occur, so although it can tell you definitively if a duplicate exists, it cannot tell you definitively that it doesn't.
Any active method requires you to transmit a packet that forces an impostor to respond. This immediately eliminates any methods that depend on optional protocols.
If another device is spoofing you, it must (by definition) respond to packets with your MAC address as the destination. Otherwise it's snooping but not spoofing.
The solution should be independent of IP address and involve only the MAC address.
So the answer, it seems, would be to transmit either a broadcast (ethernet) packet or a packet with your MAC address as its destination, that requires a response. The monkeywrench is that an IP address is usually involved, and you don't know it.
What sort of protocol fits this description?
Easy Answer:
If your network supports BOOTP or DHCP, you're done, because this authoritatively binds a MAC address to an IP address. Send a BOOTP request, get an IP address, and try to talk to it. You may need to be creative to force the packet onto the wire and prevent yourself from responding (I'm thinking judicious use of iptables and NAT).
Not-so-easy Answers:
A protocol that's independent of IP: either one that doesn't use the IP layer, or one that allows broadcasts. None comes to mind.
Send any packet that would normally generate a response from you, prevent yourself from responding, and look for a response from another device. It would seem sensible to use your IP address as the destination, but I'm not convinced of that. Unfortunately, the details (and, therefore the answer) are left as an exercise for the OP ... but I hope the discussion was helpful.
I suspect the final solution will involve a combination of techniques, as no single approach seems to guarantee a dependable determination.
Some information is available at http://en.wikipedia.org/wiki/ARP_spoofing#Defenses
If all else fails, you may enjoy this: http://www.rfc-editor.org/rfc/rfc2321.txt
Please post a follow-up with your solution, as I'm sure it will be helpful to others. Good luck!
You could send an ARP request for each possible ip in the subnet.
Of course the source address of the ARP request must be ff:ff:ff:ff:ff:ff, otherwise you might not see the response.
I forged a packet like this with bittwiste and replayed it with PReplay and all the hosts on the network got the response. (I don't know if these forged ARP packets are legal or not... some OSes might ignore them)
Here is what the forged package looked like:
Here is what the reply looked like:
If you watch the responses and see your MAC address in one of the packets (in the red rectangle) , than someone has the same MAC address as you do...
Unfortuantely I couldn't test the theory fully because none of my (Windows) machines care about me trying to set the nic's MAC address...
Two hosts using same MAC address on a single network segment would probably make switches go nuts and you could probably detect it by having an extremely unreliable network connection (as the switches would send some portion of packets that belong to your host to the second one, depending on which one of you sent the last packet in their direction).
This is very late, and a non-answer, but I wanted to follow up with exactly what I did in case anyone else is interested.
I was working with some very weird embedded hardware that doesn’t have a MAC address assigned at manufacture. That means we needed to assign one in software.
The obvious solution is to have the user pick a MAC address that they know is available on their network, preferably from the locally-administered range, and that’s what I did. However, I wanted to pick a reasonably safe default, and also attempt to warn the user if a conflict occurred.
In the end I resorted to picking a random-ish default in the locally-administered range, chosen by making some hardware readings that have moderate entropy. I deliberately excluded the beginning and end of the range on the assumption that those are moderately more likely to be chosen manually. The chances are that there will only be one of these devices on any given network, and certainly less than 20, so the chances of a conflict are very low, albeit not as low as they could be due to the somewhat predictable random numbers.
Given the low chances of there being a problem, and despite the excellent answers above, I decided to dispense with the conflict detection and make do with a warning to the user to look out for MAC conflict problems.
If I did decide to implement conflict detection, then given that I control the whole network stack, I would probably look out for excessive unknown or missing packets, and then trigger a change of MAC address or warn the user when that happens.
Hopefully that will help someone else somewhere – but probably not!