Re: mac addresses OSR5 and Unixware

Bill Vermillion wrote:
In article <b79d2b48-9ca3-41ef-9be4-390780a0b591@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote:
On 17 Jan, 23:01, Nico Kadel-Garcia <nka...@xxxxxxxxx> wrote:
On 17 Jan, 16:12, b...@xxxxxxx (Bill Vermillion) wrote:

In article <fmnpsb$sb...@xxxxxxxx>, Ron Kirschner <r...@xxxxxxxxxx> wrot=
e:
I'm trying to determine mac addresses of users telnet'ing to the server=
.
arp -a identifies local users, but not any remote users connected via V=
PN's
or otherwise. =A0Is there any way to get that info?
No. MAC address stay on the local network. =A0
Why do you want them? The user could, if you ask nicely, send them to
you.
A followup: you can install "lsof" from the Skunkware site, and use it
to see what network ports and services are open to what incoming
clients. Then you can parse that to find the hostnames or IP
addresses, and ping them to get the MAC addresses.

Does that help?

That still won't give you MAC address that are NOT on the local
LAN. MAC's aren't transmitted across the net unless you
have a bridged network.

And there is no quarantee that if you could get the MAC from a far
machine that it would not collide with a local MAC address.

While MAC address in hardware are supposed to be unique, in the
past some cheapo NICs had duplicate MAC addresses.

It's also a potential problem with virtualized OS's that randomly assign MAC's, and with people who carelessly hardcode virtual OS's with simplistic patterns (like setting the last three octets to all 0's by default.)

And there is also the possibility that the MAC address has been
changed on any machine so that it differs from the burned in
address.

Yeah, and some folks re-write MAC addresses to spoof client machines and their logging, or to avoid locked in MAC access to configurable switches.

Just one reason that a MAC address may be re-written is that once
the MAC is resolved by looking for IP all communications are at the
MAC address so that if you run a fail-over machine, if the primary
machine fails, then you re-write the MAC on the backup machine so
that the failover is transparent.

At least that's how I understand it all.

This ties into "pair-bonding" and virtual machine live migration. It's fascinating stuff!
.

Relevant Pages

  • TidBITS#794/29-Aug-05
    ... This week's issue brings a potpourri of Mac news, ... Mark Anbinder looks briefly at Google Talk, ... Adding Tiger's AirPort Preferred Network List ...
    (comp.sys.mac.digest)
  • Apples new software may steal the show
    ... Steve Jobs, Apple Computer's co-founder and performer in chief, rarely shows any reluctance to sell -- or even over-sell -- his company's accomplishments. ... Jobs spent only about five minutes talking about what I see as the big news of the day: Apple's first software for using a home network through a television screen rather than a computer monitor. ... Apple's Mac OS X, the software running all its Macintosh computers, also has built-in features for easily connecting Macs in a network. ...
    (comp.sys.mac.advocacy)
  • Re: About War Driving ..
    ... However, MAC filtering does not qualify as defense in depth, ... because the attacker can spoof a valid IP address. ... broadcasting the SSID doesn't hide a network, but just makes it show up ... machines in your building that you can control and check the MAC ...
    (Security-Basics)
  • Re: Wired security improvements
    ... I have a lot of experience with 802.1x in a wireless environment and it ... option than MAC Authentication via RADIUS as far as security is concerned, ... it can only provide a weak form of network authentication. ...
    (Security-Basics)
  • Re: OK first real Mac Complaint - Network Trouble
    ... changing the channel on my router has cleared up wireless issues on my ... have to reset it when the connection dies. ... to suck up a large amount of network bandwidth to do unnecessary screen ... It should at least help to identify what the Mac ...
    (comp.sys.mac.misc)