Jump to content


Photo
- - - - -

arr.. multiple mac addresses on same network


  • Please log in to reply
10 replies to this topic

#1 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 22 July 2011 - 11:30 PM

so my wifes wow has been getting latency, and you do not want to get between my wife and her playing wow..

her resolution is to rip the router out of the equation and connect directly to the modem.. thats all good and fine, but leaves me with out internet for myself - and i plan on possibly setting up a personal webserver soon..

i thought i isloated the trouble down to the router so i bought a new one... the old one felt like it was getting extra hot, and is probably 5+ years old by now.. so i replaced the router..

since speed tests, pings to google and any other test that i could try to troubleshoot the connection are solid, i have been having problems isolating the trouble.. and have been blaming my wifes stupid game or the server that she connects to, because every test that i tried works fine...

well while her PC was connected directly to the modem and i was playing around with the LAN, i noticed that her PC was "still connected" to the router - i verified the patch cord was not connected to the router, but directly into the modem.. so i pinged the address for her computer, and to my surprise it pinged the address..

my network right now is kind of small - modem -> router 1 (192.168.1.1) -> router 2 (192.168.1.254 DHCP off)->ooma
1 wired PC to router 1 (192.168.1.199 address reserved in DHCP table of router 1) a wii, 2 net books, and my blackberry...

first thing i did was unplug the ooma, and ping the 192.168.1.199 address that is supposed to be reserved for my wifes PC, and i no longer got a ping back.. logging into the ooma i found that somehow it was selected to use the same MAC address as my wifes PC..

strange things.... the ooma worked fine AFAIK (rarely use it - only if i want to call a number that thought phreaker posts up on here) and all tests that i did from my wifes PC seemed to be fine - just that her WOW would get high latency after a while... i guess because the port forwarding/triggering for her PC had to go to 2 different places...

i guess if i would have had the ooma in front of the router it would not have mattered, but being behind the router, there were two devices on the network with the same MAC address that appear to have been also sharing the same IP address.. did not know that this was possible..

#2 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 23 July 2011 - 08:20 AM

That's actually very surprising, most routers should pick up on that, I would expect. Were they both connected via ethernet cable to the router, or was one wireless?

#3 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 23 July 2011 - 08:57 AM

That's actually very surprising, most routers should pick up on that, I would expect. Were they both connected via ethernet cable to the router, or was one wireless?


both wired... one directly to the router..
one connected to the second router that has DHCP off and is only acting as a switch...

you say that the router should have picked it up... but originally i thought it was the router, and i just replaced the router about 2 weeks ago

it was actually a freak accident that i found the problem, because my wife had her PC connected directly to the modem while i was playing around with some settings on the router, and ended up being able to ping the IP address of "her computer"

i know usually when there are multiple devices with the same IP address on a network that there will be an IP address conflict - but i guess because they both had the same MAC address, the router thought that it was the same device?

EDIT - i just emailed customer service @ netgear and advised them of this problem with their firmware, hopefully it gets passed to the proper place for them to see if they can develop a solution to this problem - they have IP address conflicts... why not MAC address conflicts?

Edited by nyphonejacks, 23 July 2011 - 09:17 AM.


#4 johnnymanson

johnnymanson

    SUP3R 31337

  • Members
  • 175 posts
  • Gender:Male
  • Location:Somewhere in NC, USA

Posted 23 July 2011 - 09:32 PM


That's actually very surprising, most routers should pick up on that, I would expect. Were they both connected via ethernet cable to the router, or was one wireless?


both wired... one directly to the router..
one connected to the second router that has DHCP off and is only acting as a switch...

you say that the router should have picked it up... but originally i thought it was the router, and i just replaced the router about 2 weeks ago

it was actually a freak accident that i found the problem, because my wife had her PC connected directly to the modem while i was playing around with some settings on the router, and ended up being able to ping the IP address of "her computer"

i know usually when there are multiple devices with the same IP address on a network that there will be an IP address conflict - but i guess because they both had the same MAC address, the router thought that it was the same device?

EDIT - i just emailed customer service @ netgear and advised them of this problem with their firmware, hopefully it gets passed to the proper place for them to see if they can develop a solution to this problem - they have IP address conflicts... why not MAC address conflicts?


Any chance the MAC address of one of the routers got cloned to match the MAC address of your wife's computer sometime? I know this is possible in many home routers. MAC addresses should be unique for all device as set by the factory. If the MAC of one of your routers is different from what is printed on it then this is probably what happened.

Check out this link and see if it is similar to your situation.

http://support.netge...r:-mac-spoofing

#5 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 23 July 2011 - 09:51 PM



That's actually very surprising, most routers should pick up on that, I would expect. Were they both connected via ethernet cable to the router, or was one wireless?


both wired... one directly to the router..
one connected to the second router that has DHCP off and is only acting as a switch...

you say that the router should have picked it up... but originally i thought it was the router, and i just replaced the router about 2 weeks ago

it was actually a freak accident that i found the problem, because my wife had her PC connected directly to the modem while i was playing around with some settings on the router, and ended up being able to ping the IP address of "her computer"

i know usually when there are multiple devices with the same IP address on a network that there will be an IP address conflict - but i guess because they both had the same MAC address, the router thought that it was the same device?

EDIT - i just emailed customer service @ netgear and advised them of this problem with their firmware, hopefully it gets passed to the proper place for them to see if they can develop a solution to this problem - they have IP address conflicts... why not MAC address conflicts?


Any chance the MAC address of one of the routers got cloned to match the MAC address of your wife's computer sometime? I know this is possible in many home routers. MAC addresses should be unique for all device as set by the factory. If the MAC of one of your routers is different from what is printed on it then this is probably what happened.

Check out this link and see if it is similar to your situation.

http://support.netge...r:-mac-spoofing


no what happened was that the ooma somehow assigned itself the same MAC address as my wifes computer... although you could say that the ooma has a built in "router" since it has a DHCP server built in - although nothing is getting its IP address from the ooma since nothing is connected to the network jack on the ooma only to the modem jack..

i might have accidentally done this although i do not remember doing it.. i know that you can not access the ooma interface with chrome, so perhaps inadvertently when i tried to log into the ooma with chrome things got messed up..

this post was not a call for assistance to a problem, it was more of a rant of something stupid that happened on my network - and perhaps to share what happened to me in case someone else ever stumbles upon this post and has a similar problem..

still have not heard back from netgear about them looking into the issue or fixing their firmware to identify mac address conflicts..

EDIT - that link refers to MAC address cloning for the router if you do not get internet connectivity, which would be needed to change a router on FiOS unless you call verizon to release/renew your connection or with a cable modem if you do not reboot the modem... does not address MAC cloning on the LAN side of the router with multiple devices obtaining local IP addresses off of the routers DHCP table..

Edited by nyphonejacks, 23 July 2011 - 10:05 PM.


#6 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 24 July 2011 - 08:40 PM

Okay, so I definitely wasn't thinking right when I told you the router should pick up on that before. A router wouldn't report MAC address conflicts, but the DHCP should fail to lease one of the addresses. I mean, you're basically accidentally (and very poorly) ARP poisoning, so only one device at a time gets the IP; it should be virtually impossible to establish any kind of TCP stream I'd naively expect.

Edited by serrath, 24 July 2011 - 08:43 PM.


#7 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 24 July 2011 - 10:03 PM

Okay, so I definitely wasn't thinking right when I told you the router should pick up on that before. A router wouldn't report MAC address conflicts, but the DHCP should fail to lease one of the addresses. I mean, you're basically accidentally (and very poorly) ARP poisoning, so only one device at a time gets the IP; it should be virtually impossible to establish any kind of TCP stream I'd naively expect.

AFAIK this problem was on my network for at least 2 weeks.. the ooma device was working from what i know (i rarely use the line but used the line several times during this trouble being on the network) , and my wifes PC was working... the only problem noticeable was latency on WOW on her computer.. other than that, every thing else that i tried to ping would not cause any problems..

#8 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 25 July 2011 - 11:12 PM

That's beyond bizarre. I wonder if you could try a wireshark capture and see what's actually going on behind the scenes here?

#9 nyphonejacks

nyphonejacks

    Dangerous free thinker

  • Members
  • 793 posts
  • Gender:Male
  • Location:718

Posted 26 July 2011 - 08:25 PM

That's beyond bizarre. I wonder if you could try a wireshark capture and see what's actually going on behind the scenes here?


now that i resolved the issue i would prefer not to recreate it - because that would mean that it would fuck with my wifes ability to play wow.. and that is a big no no...

i guess when i get one of the other PCs up and running on the network that I might recreate it just to see what is happening on the network - but its going to be at least a few weeks before i get around to that

#10 serrath

serrath

    SUP3R 31337

  • Members
  • 181 posts
  • Country:
  • Gender:Male

Posted 26 July 2011 - 10:49 PM

Alright, thanks for considering it! I'm interested to know exactly how this happened (and who knows, I might learn something useful).

#11 phaedrus

phaedrus

    Gibson Hacker

  • Members
  • 90 posts
  • Gender:Male

Posted 04 August 2011 - 08:07 AM

MAC addresses aren't unique. They ran out of unique ones sometime back in the 90's and started to recycle them.
While its rare to have a network with the same mac on two devices, its not unknown and I personally have seen it on large corporate ranges, and its a bear to track down and find the issue.
Yes they both work, but routing is a mess and intermittented packet loss like you experienced is the result.
Usually you encounter this when you've been working on networks with kit from the dawn of time (the situation I saw it in, the conflict was between a terminal server that had a AUI to 10bTx network adaptor on, and another much newer device just out the box to give you a idea of its vintage)

While that does neatly fit the situation, its also more likely that you enabled mac spoofing on the ooma (I have no idea what that actually is), and managed to tell it to be the same mac as your wife's pc.




BinRev is hosted by the great people at Lunarpages!