If in the local network suddenly one network card assigns itself the address of another, then how will the network behave on each of the computers?

K

krll-k2015-07-20 02:28:24

Computer networks

krll-k, 2015-07-20 02:28:24

Let's put the situation, there are computers A and B with unique mac-addresses. Suddenly, computer B runs out of funds in the account and is disconnected from external access. Computer B takes and whistles to itself the mac-address of computer A, uses the network, and sometimes its network is junk. Does this mean that computer A is also using the network at this point in time?
WinDump.exe -n -q host 10.8.105.222 and arp
The question is different.

spoiler

Допустим у компьютера в распоряжение есть tcpdump с помощью которой можно смотреть весь трафик проходящий широковещательно, то есть arp. Как узнать компьютер A или B посылает этот сигнал в сеть:

C:\Users\Администратор\Downloads>WinDump.exe -n -q host 10.8.105.222 and arp
WinDump.exe: listening on \Device\NPF_{68FE7044-D11B-4497-A6CF-4B0159E18B51}
02:12:50.961717 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:12:50.963670 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:13:29.961164 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:13:29.963096 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:13:50.959887 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:13:50.962074 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:14:21.460047 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:14:21.462393 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:15:19.458173 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:15:19.460389 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:15:51.458341 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:15:51.460761 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:16:14.457164 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:16:14.459125 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:16:35.456910 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:16:35.458674 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:18:04.955198 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:18:04.957094 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:18:26.955032 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:18:26.957011 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:19:09.453554 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:19:09.455405 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:19:45.952923 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:19:45.954727 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:19:55.882889 arp who-has 10.8.96.1 tell 10.8.105.222
02:20:07.952701 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:20:07.954450 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:20:28.952476 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:20:28.954433 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:20:49.951269 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:20:49.953108 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:20:58.451577 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:20:58.453373 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:21:10.535953 arp who-has 10.8.105.222 tell 10.8.99.102
02:21:10.535978 arp reply 10.8.105.222 is-at 00:1f:ce:86:48:ab
02:21:10.540809 arp who-has 10.8.105.222 tell 10.8.105.152
02:21:10.540833 arp reply 10.8.105.222 is-at 00:1f:ce:86:48:ab
02:21:10.552504 arp who-has 10.8.105.222 tell 10.8.107.249
02:21:10.552527 arp reply 10.8.105.222 is-at 00:1f:ce:86:48:ab
02:21:10.556296 arp who-has 10.8.105.222 tell 10.8.97.151
02:21:10.556319 arp reply 10.8.105.222 is-at 00:1f:ce:86:48:ab
02:21:10.564312 arp who-has 10.8.107.249 tell 10.8.105.222
02:21:10.575938 arp reply 10.8.107.249 is-at 9c:d6:43:78:0e:63
02:21:37.951026 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:21:37.952789 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:21:55.450667 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:21:55.452608 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:22:23.449666 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:22:23.451369 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:23:23.448884 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:23:23.450641 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:23:49.947840 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:23:49.950480 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00
02:24:38.946639 arp who-has 10.8.96.1 (00:1d:71:9b:70:00) tell 10.8.105.222
02:24:38.948420 arp reply 10.8.96.1 is-at 00:1d:71:9b:70:00

Регистрирует трафик из сети, или же он сам генерирует не-пресловутые arp-запросы? Как доказать или опровергнуть то что неполадки в сети из-за того что ей одновременно пользуются два участника с идентичными IP и MAC?

It turns out that this is an analogy with a fart. If you farted, anyway you know that you farted and not someone else. Help me my tcpdump ala'windows to distinguish my fart from someone else's ;)

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

S

Sergey, 2015-07-20
@edinorog

my friend. can you read about how plows dhcp and arp? otherwise the question pulls on "it's a shame not to know and ask 2015"

F

FloorZ, 2015-07-20
@FloorZ

Let's put the situation, there are computers A and B with unique mac-addresses. Suddenly, computer B runs out of funds in the account and is disconnected from external access. Computer B takes and whistles to itself the mac-address of computer A, uses the network, and sometimes its network is junk. Does this mean that computer A is also using the network at this point in time?

Don't distribute arp tables to clients. Issue IP using DHCP. In switches, build ACLs by mac address with binding to physical interfaces, or all sorts of arp-guard and other stray things.
Our provider in the house did just that, when we had so much traffic in the entrance of our neighbors, punching through arp addresses in our segment and replacing our poppy with theirs :D. Freebie is over =(

M

Max, 2015-07-20
@MaxDukov

Computer B takes and whistles to itself the mac-address of computer A, uses the network, and sometimes its network is junk. Does this mean that computer A is also using the network at this point in time?

It all depends on what is meant by the word "junk". Kamrad Vitaliy Pukhov rightly noted that Windows swears at the IP conflict. However, if the provider's IP is not tied to MAC, then both computers will receive IP, errors will be at the stp level, the protocol that builds routes between switches. The table will be constantly updated, and the network on each of the computers will either work or not work. google "mac address collision".
Whether it is possible to distinguish a frame with your MAC Yours from someone else's - no. only by the fact that it is "wrapped"
PS I do not advise you to do such things. Formally - 272 of the Criminal Code of the Russian Federation, from 200 minimum wages to two years. Caught in 5 sec.

V

Vitaly Pukhov, 2015-07-20
@Neuroware

As far as I remember, Windows itself determines this and obviously swears about it somewhere in the area of \u200b\u200bnetwork connections