- Posts: 783
- Thank you received: 0
MAC/IP spoofing.
- skepticals
- Topic Author
- Offline
- Elite Member
Less
More
17 years 3 weeks ago #24136
by skepticals
MAC/IP spoofing. was created by skepticals
I was at a friend's house that was using an everyday Linksys wireless router and I was bored; so we decided to experiement with our computers. We had two laptops and we spoofed the MAC address and IP address so both computers had the same information. I have some questions about the results.
I used Wireshark to capture some of the traffic. I found that if I sent a ping from a different computer, both computer would receive the ping and respond.
I also found that web sites would not load and I would get error packets.
Here are my thoughts:
1) The wireless interface is basically treated as a giant hub with any of the laptops connected. Is this correct?
2) Both laptops would receive all information.
3) The reason accessing webpages fails is due to TCP and sequence numbers (or something).
Can someone shine some light? How would this work if these were wired into a switch?
What problems could having the same MAC address cause?
I used Wireshark to capture some of the traffic. I found that if I sent a ping from a different computer, both computer would receive the ping and respond.
I also found that web sites would not load and I would get error packets.
Here are my thoughts:
1) The wireless interface is basically treated as a giant hub with any of the laptops connected. Is this correct?
2) Both laptops would receive all information.
3) The reason accessing webpages fails is due to TCP and sequence numbers (or something).
Can someone shine some light? How would this work if these were wired into a switch?
What problems could having the same MAC address cause?
- Bionicthumb
- Offline
- Junior Member
Less
More
- Posts: 21
- Thank you received: 0
17 years 3 weeks ago #24150
by Bionicthumb
Replied by Bionicthumb on topic Re: MAC/IP spoofing.
(1) Correct. The WLAN acts the same as a HUB.
(3) The web site traffic probably dies during the initial TCP handshake. The web requestor will send a TCP SYN to the web server. The web server will respond with a TCP SYN,ACK, but your router will forward that TCP SYN,ACK to both the requestor and your other computer. The requestor will attempt to complete the handshake with a TCP ACK, but the other computer will attempt to kill this unknown attempt for a connection with a TCP RST.
It would probably work if you were wired into a switch as long as the web page requesting computer was the only computer to try communicating over the switch during the data transfer.
If the other computer tried to communicate over the switch during the data transfer then the switch would remap the MAC-to-switch port table entry for that MAC address and would temporarily cause packet loss for the web requestor until the web requestor sent another frame onto the network which would remap the switch again.
The problem that would be caused: very intermittent network connectivity.
(3) The web site traffic probably dies during the initial TCP handshake. The web requestor will send a TCP SYN to the web server. The web server will respond with a TCP SYN,ACK, but your router will forward that TCP SYN,ACK to both the requestor and your other computer. The requestor will attempt to complete the handshake with a TCP ACK, but the other computer will attempt to kill this unknown attempt for a connection with a TCP RST.
It would probably work if you were wired into a switch as long as the web page requesting computer was the only computer to try communicating over the switch during the data transfer.
If the other computer tried to communicate over the switch during the data transfer then the switch would remap the MAC-to-switch port table entry for that MAC address and would temporarily cause packet loss for the web requestor until the web requestor sent another frame onto the network which would remap the switch again.
The problem that would be caused: very intermittent network connectivity.
- skepticals
- Topic Author
- Offline
- Elite Member
Less
More
- Posts: 783
- Thank you received: 0
17 years 3 weeks ago #24151
by skepticals
Replied by skepticals on topic Re: MAC/IP spoofing.
Thank you for the reply.
So, if two computers have the same MAC and IP on the same switch, the two computer will "battle" over the entry in the MAC address table? And, whichever computer is communicating at a specific time would win?
What about other data exchanges, like AIM? Would both computers receive the packets? Or would this fail as well?
So, if two computers have the same MAC and IP on the same switch, the two computer will "battle" over the entry in the MAC address table? And, whichever computer is communicating at a specific time would win?
What about other data exchanges, like AIM? Would both computers receive the packets? Or would this fail as well?
- Bionicthumb
- Offline
- Junior Member
Less
More
- Posts: 21
- Thank you received: 0
17 years 3 weeks ago #24152
by Bionicthumb
Replied by Bionicthumb on topic Re: MAC/IP spoofing.
There would be no "winner" until one computer stops sending out ethernet frames entirely to the switch.
Every protocol that uses ethernet and this switch to communicate would effectively fail... or at least intermittently fail.
If your AIM computer attempted to communicate with the AIM network while your other computer was, for example, flooding ICMP echoes to your linksys router once every 1ms then you would have a very difficult time communicating through AIM.
Every protocol that uses ethernet and this switch to communicate would effectively fail... or at least intermittently fail.
If your AIM computer attempted to communicate with the AIM network while your other computer was, for example, flooding ICMP echoes to your linksys router once every 1ms then you would have a very difficult time communicating through AIM.
- skepticals
- Topic Author
- Offline
- Elite Member
Less
More
- Posts: 783
- Thank you received: 0
17 years 3 weeks ago #24153
by skepticals
Replied by skepticals on topic Re: MAC/IP spoofing.
If two computers have the same mac and IP, wouldn't there be two entries in the mac-address-table with identical information? This would cause the problems. If one computer stops sending data, wouldn't the mac-address-table entry stay in there for a certian amount of time still causing problems?
- Bionicthumb
- Offline
- Junior Member
Less
More
- Posts: 21
- Thank you received: 0
17 years 3 weeks ago #24154
by Bionicthumb
Replied by Bionicthumb on topic Re: MAC/IP spoofing.
A switch only maps a MAC address to one physical port on the switch.
That one entry would consistently be overwritten as both machines send frames across the switch.
That one entry would consistently be overwritten as both machines send frames across the switch.
Time to create page: 0.137 seconds