MAC/IP spoofing.

I was at a friend's house that was using an everyday Linksys wireless router and I was bored; so we decided to experiement with our computers. We had two laptops and we spoofed the MAC address and IP address so both computers had the same information. I have some questions about the results.

I used Wireshark to capture some of the traffic. I found that if I sent a ping from a different computer, both computer would receive the ping and respond.

I also found that web sites would not load and I would get error packets.

Here are my thoughts:

1) The wireless interface is basically treated as a giant hub with any of the laptops connected. Is this correct?
2) Both laptops would receive all information.
3) The reason accessing webpages fails is due to TCP and sequence numbers (or something).

Can someone shine some light? How would this work if these were wired into a switch?

What problems could having the same MAC address cause?

(1) Correct. The WLAN acts the same as a HUB.

(3) The web site traffic probably dies during the initial TCP handshake. The web requestor will send a TCP SYN to the web server. The web server will respond with a TCP SYN,ACK, but your router will forward that TCP SYN,ACK to both the requestor and your other computer. The requestor will attempt to complete the handshake with a TCP ACK, but the other computer will attempt to kill this unknown attempt for a connection with a TCP RST.

It would probably work if you were wired into a switch as long as the web page requesting computer was the only computer to try communicating over the switch during the data transfer.

If the other computer tried to communicate over the switch during the data transfer then the switch would remap the MAC-to-switch port table entry for that MAC address and would temporarily cause packet loss for the web requestor until the web requestor sent another frame onto the network which would remap the switch again.

The problem that would be caused: very intermittent network connectivity.

Thank you for the reply.

So, if two computers have the same MAC and IP on the same switch, the two computer will "battle" over the entry in the MAC address table? And, whichever computer is communicating at a specific time would win?

What about other data exchanges, like AIM? Would both computers receive the packets? Or would this fail as well?

There would be no "winner" until one computer stops sending out ethernet frames entirely to the switch.

Every protocol that uses ethernet and this switch to communicate would effectively fail... or at least intermittently fail.

If your AIM computer attempted to communicate with the AIM network while your other computer was, for example, flooding ICMP echoes to your linksys router once every 1ms then you would have a very difficult time communicating through AIM.

If two computers have the same mac and IP, wouldn't there be two entries in the mac-address-table with identical information? This would cause the problems. If one computer stops sending data, wouldn't the mac-address-table entry stay in there for a certian amount of time still causing problems?

A switch only maps a MAC address to one physical port on the switch.

That one entry would consistently be overwritten as both machines send frames across the switch.