Looking at this related SO question, I can't help but wonder about the uniqueness of MAC addresses.
How unique are MAC addresses?
I'm using them to semi-uniquely identify users. I have a website that users of virtually any device (PC, Mac, iPhone, Android phone, etc.) and any OS can hit via an HTTP request. I use a combination of IP address and MAC address to identify unique users.
I assume the following cases can exist:
A device has no MAC address (unlikely, sure, but anyway)
A device has a unique MAC address
A device has multiple unique MAC addresses
Two or more devices have the same MAC address
The first three of these cases are unique (the third because I only need a single unique MAC address). For the fourth case, how likely is this?
That is: given 100 random users (perhaps Windows users for any Windows OS), how many of them can I expect to have the same MAC address? Is it just generally because of the limited length of MAC addresses? Or is it dependent on some sort of purposeful configuration change (MAC address spoofing)?
I'm okay with MAC addresses being semi-unique, I just want some clarity on how to interpret the data.
(I'm using the C# code against .NET 2.0 in the linked question against .NET 2.0.)
This is only true on the same network.
MAC addresses are resolved locally using ARP to route local packets at a hardware level. ARP is not a routable protocol and is not resolved across subnets.
If your webserver is behind a router with port mapping and all the incoming traffic to it is coming from that router, then every connection will appear to come from the MAC address of the router, you won't 'see' the MAC address of the original machine, not unless you can pick it up with a web page somehow (i'm not a web genius so don't ask me on that one, but Im guessing you'd need some heavy lifting at the client end with Java, or some other kind of active component to interrogate the local machine, easier to use a cookie)
You can find out the Public IP address of the remote machine where the outgoing NAT took place, but once again, there could be multiple device connecting from behind a router which would limit the usefulness of this method, and it means need to look into IP packets, which I have no idea how you can do that from a web server (probably can't?).
Anyway, this is what cookies are for, a way of leaving an identifier on a remote machine so you can see where traffic came from. If people don't accept cookies, unless you start getting very very creative you aren't going to be able to uniquely identify them.
(BTW Mac address are always unique (ok, you can occasionally find a reused MAC, but its extremely rare, or at least needs to be for networking to work!), thats the purpose of them, it's just not much help in this scenario if you are not on the same network)
100 random users (perhaps Windows users for any Windows OS), how many
of them can I expect to have the same MAC address?
Zero. And when they are in the same network, they could not communicate with the same MAC-Address, since Ethernet uses them to find the Computer. They are pretty unique. Producers of network cards get ranges of addresses they may assign to their products.
But: There are ways to manipulate your MAC Address, and there are scenarios where people do just that! For example when you want to enter a network, which is restricted to certain MAC-Addresses, you can manipulate your own to match one of those (if you find out, which ones are on the whitelist). Since I don't know, what your szenario is, (what you wnat to accomplish), I can not tell you if that is relevant for yout.
You just need to understand the difference between a MAC Address (that can be changed) and the identifier of your hardware [your Network Interface Controler to be precise] (that is forever assigned by its the manufacturer).
MAC address is the name of your device when it connects to the internet (through a rooter or a switch). You can change your MAC Address, but by default, this ID uses the identifier assigned by the manufacturer of the network interface controller (NIC) (e.g. your Wifi antena)
Exemple: I've changed my MAC address for my two computers using the same MAC Address: 00:01:02:03:04:06. My computers seems to be the same when connected to the same router but the identifier of their wifi antena remain unchanged and different.
Related
On a local network I'm sending a WOL (Wake-On-LAN) packet using sendto to the target MAC address. The code for that works without any problems and the target machine is turned on correctly. The problem is, that I don't know if the target machine has a LAN cable attached or not. If it's not attached, then the whole process fails. Unfortunately, sendto is unidirectional, so I don't know if my magic packet arrived.
I'm wondering about the best and fastest way to find out if WOL succeeded or not. Waiting for the device to boot up completely so I find out get and ping its IP address takes way too long.
Is there a way to "ping" a MAC address, i.e. get some sort of Layer-2-reply?
I need this solution for a Delphi application, but if you have a solution for a different language at hand you're welcome to post that as well. Thank you!
I have a Gatling load test that does a huge call to a webservice, and I can get response time information nicely, the problem is that all calls are done as a single user, thus cannot see the amount of concurrent users from Jennifer5 monitoring tool. I've searched but couldn't find a way to make multiple unique IP users to call this webservice, thus showing me the amount of concurrent users in the monitoring tool, however approximate that value would be.
I've found this page but this does not work at all, what should I do? I do not wish to switch to JMeter now, even though I think it does have this capability
As per the forum you are referring to
Note that, of course, you won't be able to do IP spoofing, but only use valid IP aliases.
So given your Scala code is correct you must have all the simulated IP addresses present in your operating system. Theres is a possibility to have more than one IP address on a physical network interface via IP aliasing, refer to your operating system documentation in order to learn how set additional addresses up. You may also find Using IP Spoofing to Simulate Requests from Different IP Addresses with JMeter guide interesting
I've got an old connection log to a website which contains the IP addresses, the user agent string and the timestamp.
I want to know how many of them used 3G to access a website as I suspect there is a latency issue.
Now I know that I can use some code to have this info directly from the user.
But I still want to process this old log using only IP addresses even if it is only for one ISP.
I thought I could do that by finding a list of the subnets used for 3g.
Do you think it can be done?
Otherwise, what do you suggest?
Hope you can help.
Cheers,
One approach could be to lookup every IP using "whois" services, if the ISP listed is a phone carrier only, you can be certain the connection was made by a mobile connection.
This is not a total solution, but it might give you enough information.
Now, to find a service which will allow you to make all the requests required, might be another matter.
How the communication between two pc will be done and how the communication in the network will be done ? How do they bot coneect to the internet??
I m assuming may be one pc has spoofed another pc address.
It depends how the machines' MAC address appear onto mac routing table.
https://superuser.com/questions/17696/what-happens-when-two-pcs-have-the-same-mac-adress
Exactly. What eRIZ said.
Sometimes the machines will refuse to connect due collision OR one computer will connect before the another bouncing the other one of the network.
But yeah, it depends how they are configured.
Here is a wireshark capture of an ARP request PNG image, I contains the sender MAC inside the ARP packet. The receiving station can derive the MAC from the Ethernet frame. It seems to be redundant. Is there any particular use of separately including the sender MAC address in ARP Request too ?.
The "redundancy" was by design (RFC 826), and can be useful in targeting different layers. In RFC 3927 there's what is known as Gratuitous Address Resolution Protocol (GARP), and in certain circumstances the redundancy, or lack of, plays an important role, especially in troubleshooting and monitoring networking stacks.
Actually it's not rendunancy at all, the MAC (physical, layer 2) and IP (logical, layer 3) addresses are not the same thing. They serve different purposes on different network layers.
On large scale networks it's quite common to observe changes in the MAC/ARP/Source/Dest information, and at times can seem almost incorrect. For example, you might see a host send an ARP request with its own address as the target address. Depending on the exact situation, it might be telling us it's a link up/down event, maybe it's trying update other devices ARP tables, or possibly detecting an ip conflict and moving the ip to another NIC.
I could get into clustering, failovers — the list goes on, although I would end up writing a book trying to explain it all. Hopefully this gives you a bit of insight about the "redundancy" you were questioning. ;-)
More Info:
RFC 826 /
RFC 3927
/ Wireshark Gratuitous ARP
Although often used in conjunction with Ethernet, ARP by itself is an independent protocol. Imagine other link layer protocols that do not expose MAC addresses. ARP would not work in such circumstances if the sender field was not provided.
There is no rule that the ARP protocol field sender mac address to be same as ethernet source mac address. Eg: Its possible in few applications where multiple interfaces of same host are on network, but one only interface sends arp responses for all interfaces.