Home » Questions » Computers [ Ask a new question ]

What happens when two computers on the same network have the same MAC address?

What happens when two computers on the same network have the same MAC address?

I was reading an article on WEP cracking, which said that filtering MAC addresses was not enough, since there are tools to change what the computer reports as its MAC address.

Asked by: Guest | Views: 119
Total answers/comments: 2
Guest [Entry]

"It really does depend on how the routers and systems on the network are configured.

At our office, our machines will not connect to the local domain due to the collision in MAC addresses. You'll get a notification message (in Windows) saying there is already a system with the Id on the network.

Sometimes you get into ""races"" where each computer attempts to register itself with the router, and any traffic coming to the machine can get lost since packet A will go to your machine, the other machine will register, so packet B will go there. Things can start bouncing back and forth.

You can start seeing unreachable host errors due to the collisions as well.

The results really do vary depending on when the duplicate machine is coming online and how the current infrastructure is setup to handle such items.

Your network admin will have more detailed answers on this."
Guest [Entry]

"@Dillie-O's answer is the correct generic answer, that is, if all the machines involved have no idea about the duplicate MAC addresses. However, the case you asked about is an exception. If another machine which has the duplicate MAC address knows that it has a duplicate address and crafts packets properly, they can basically use the MAC address carefully and stay under the radar. The other machine typically drops the packets the ""shadow"" machine (one that has picked the duplicate MAC address) is communicating with since it has no prior knowledge about it. Note that in all this, the MAC and TCP/IP stack of the shadow machine are not behaving as usual and are aware of the fact that they are shadowing someone else. Also, the shadow cannot really do exactly what the victim does without being undetected. Note that since WEP maintains the broadcast nature of the LAN - i.e. everyone can potentially see other hosts packets. In a switched environment, the behavior depends on how the switch responds to seeing same MACs at two ports.

To give you a more concrete example, let's have a look at DHCP. If the victim is already active, the shadow will not need a new IP address and will use the IP address assigned to the victim, so no ""registering with the router"" is needed."