- Posts: 154
- Thank you received: 0
If a pc has 2 NIC cards how do ARP recognises Resolves the N
Oh i see.
Its simple that it will give the MAC address of the NIC that has the IP Address bound to it. If you have two NIC's, you must have two different addresses assigned to each NIC. Depending on which IP Address you are ARP'ing for, will depend on the NIC that the traffic is going to, therefore that NIC will respond
What if you have a pair of NICs acting as one for extra throuput ina server say? 2 cards with 2 MACs bound to a single IP. Which MAC gets it?
Anyone else know the answer to that one ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Basically, it says the following;
A NIC Team is known by a single MAC address to clients in the network. This MAC address is only used as the source MAC address by the Primary adapter in the Team. Secondary adapters in the team use their own MAC address as the source address. This MUST be done by NIC Teaming to be compliant with IEEE standards.
For TLB, when a client ARP's for the Team's MAC address using the Team's IP address, the Team will respond with the Team's MAC address (used by the Primary adapter). So, all traffic is received by the Primary adapter. Traffic transmitted out of the Primary adapter has a source address of the Team. Traffic transmitted out of the Secondary adapters use their own MAC address (not the same as the Team MAC address). Since clients with a proper TCP/IP stack implementation should ONLY update their ARP table based on data received in ARP request or replies, receiving data with a different source MAC from a secondary adapter will not affect clients with a complient TCP/IP stack.
Some implementations of the TCP/IP stack in clients are picky in that they require the source MAC address to match the MAC address in the ARP cache.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Oh i see.
Its simple that it will give the MAC address of the NIC that has the IP Address bound to it. If you have two NIC's, you must have two different addresses assigned to each NIC. Depending on which IP Address you are ARP'ing for, will depend on the NIC that the traffic is going to, therefore that NIC will respond
What if you have a pair of NICs acting as one for extra throuput ina server say? 2 cards with 2 MACs bound to a single IP. Which MAC gets it?
The IP gets bound to a virtual mac in most cases. The nics then act as bridges passing the data to the virtual device (this is very simple description and not entirely accurate- check out intel's ProSet documentation for a detailed explanation)