GoToMeetingĭell® SonicWALL® provides intelligent network security and data protection solutions that enable customers and partners to dynamically secure, control, and scale their global networks. Compare Recruitment: SmartRecruiters vs.Compare Construction: BuilderTREND vs.
Dell sonicwall mac address mac#
The only way a bridge would place it's own mac address in a packet would be A) management traffic or B) if the remote network didn't have a MAC address, ie it was a different network technology (token ring for example). If they see a mac address on the wire that needs to go to the remote side, they grab it and return it. Bridges relay the mac addresses that need to go to the remote networks by keeping a bridge address table inside them. Bridges don't replace mac addresses in the packets, routers do. switch conversation, yes, a switch is just a multi-port bridge. In a flat network, you could see many IPs for one mac address in an arp table, but you shouldn't see more than one mac address for any one IP. Why you'd have VLANs in a flat network is beyond could you maybe start over from the beginning and describe what is happening with actual IP addresses and MAC addresses? I'm assuming this is all RFC1918 address space, so there is no security risk in posting it.Īlso, don't say things like "broken server" or "the client" but specify actual host names, even if they are all made up. OP has stated that this is "flat" network but then mentioned something about VLANs. We have an OP who hasn't fully described the problem in a coherent way and a bunch of people who are trying to help arguing about why each other's guesses aren't valid. I would suggest setting up ARPwatch on a computer and see how the reports look over a few days.
We won't know shit until Hypoluxa shows up again, though. But unless they bought something like this, it won't magically show up. That is the only device I have ever seen that could do something like this. In reality, half the time it responded before the real device on the network, which made it a real expensive piece of crap. If there was a device, it should respond first and populate the requestor's ARP table, otherwise this device would do it. It did this by responding to all ARP requests 5 seconds after it saw them. I cannot remember the name, but there was a product a few years ago that was supposed to be a captive portal for hotel wifi that would ensure that whatever the customer's local settings, it would work. I think this must be something broken or misconfigured at Layer 3, or the machine is hacked.īasically, everyone seems to be focused on layers 1 and 2, and I'm just having a hard time imagining how those layers would be generating spurious IP addresses. If it were garbled ARP replies, you'd think the IPs would be random crap, but he hasn't mentioned seeing IPs that look weird. Doing that, it would be invisible from the control panel, and from light-duty snoop tools.īasically, everyone seems to be focused on layers 1 and 2, and I'm just having a hard time imagining how those layers would be generating spurious IP addresses. Hell, it could be sending raw packets out the interface, in effect creating those phantom IPs itself, using a custom TCP/IP stack. But if that machine is the one that's actually hacked, it could be talking with the mothership, or scanning/attacking the local network.
for one of those, I'd expect the wrong MAC for the good IP address, not a flood of spurious IPs with that MAC. And ARP entries should time out after, what, ten minutes on most machines? So that means that MAC has been ARPed as having those IP addresses very recently, so it's an ongoing network problem of some kind. From what the OP is saying, it's supposed to have just one, and he's seeing a bunch. It's okay to have multiple IPs on a MAC, but only if it's been deliberately configured that way.
How would that cause multiple IPs for the same MAC, though?