Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>This question is too interesting to put down! After several false starts I started thinking about the essential components of the problem and scoured the RFCs for advice. <strong>I haven't found a definitive answer,</strong> but here's my thought process, in the hope that it helps:</p> <ul> <li><p>The original question asks how to detect another device with your MAC address. Assuming you're on an IP network, what's required to accomplish this?</p></li> <li><p>The <em>passive</em> method would be simply to <em>listen</em> to traffic and look for any packets that you didn't transmit but have your MAC address. This may or may not occur, so although it <em>can</em> tell you definitively if a duplicate exists, it <em>cannot</em> tell you definitively that it doesn't.</p></li> <li><p>Any <em>active</em> method requires you to transmit a packet that <em>forces</em> an impostor to respond. This immediately eliminates any methods that depend on <em>optional</em> protocols.</p></li> <li><p>If another device is spoofing you, it <em>must</em> (by definition) respond to packets with <em>your</em> MAC address as the destination. Otherwise it's <em>snooping</em> but not <em>spoofing</em>.</p></li> <li><p>The solution should be independent of IP address and involve only the MAC address. </p></li> <li><p>So the answer, it seems, would be to transmit either a broadcast (ethernet) packet or a packet with your MAC address as its destination, that requires a response. The monkeywrench is that an IP address is usually involved, and you don't know it.</p></li> </ul> <p><em>What sort of protocol fits this description?</em></p> <p><strong>Easy Answer:</strong></p> <ul> <li>If your network supports BOOTP or DHCP, you're done, because this authoritatively binds a MAC address to an IP address. Send a BOOTP request, get an IP address, and try to talk to it. You may need to be creative to force the packet onto the wire and prevent yourself from responding (I'm thinking judicious use of iptables and NAT).</li> </ul> <p><strong>Not-so-easy Answers:</strong></p> <ul> <li><p>A protocol that's independent of IP: either one that doesn't use the IP layer, or one that allows broadcasts. None comes to mind.</p></li> <li><p>Send <em>any</em> packet that would normally generate a response from you, prevent yourself from responding, and look for a response from another device. It would seem sensible to use your IP address as the destination, but I'm not convinced of that. Unfortunately, the details (and, therefore the answer) are left as an exercise for the OP ... but I hope the discussion was helpful.</p></li> </ul> <p>I suspect the final solution will involve a combination of techniques, as no single approach seems to guarantee a dependable determination.</p> <p>Some information is available at <a href="http://en.wikipedia.org/wiki/ARP_spoofing#Defenses" rel="noreferrer">http://en.wikipedia.org/wiki/ARP_spoofing#Defenses</a></p> <p>If all else fails, you may enjoy this: <a href="http://www.rfc-editor.org/rfc/rfc2321.txt" rel="noreferrer">http://www.rfc-editor.org/rfc/rfc2321.txt</a></p> <p><em>Please</em> post a follow-up with your solution, as I'm sure it will be helpful to others. Good luck!</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload