Date: Wed, 14 Mar 2012 15:57:19 -0700 From: Chuck Swiger <cswiger@mac.com> To: Adarsh Joshi <adarsh.joshi@qlogic.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: Zero MAC address Message-ID: <1AB6F524-B4F4-4718-96C5-DB2951A02D59@mac.com> In-Reply-To: <5E4F49720D0BAD499EE1F01232234BA87438162F95@AVEXMB1.qlogic.org> References: <5E4F49720D0BAD499EE1F01232234BA87438162F95@AVEXMB1.qlogic.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 14, 2012, at 3:32 PM, Adarsh Joshi wrote: > I assigned a 00:00:00:00:00:00 MAC address to one of my interfaces on a machine and tried to ping the peer machine. The ping did go through fine. > > I can the see the request and reply packets on the packet capture. I am wondering if that is legitimate and if not, who is supposed to check that. I mean, the stack or the driver on the sending machine or the receiving machine. > > Basically, I am trying to test a statistics utility which keeps track of packets with invalid MAC addresses. Are the packets with zero MAC addresses be classified as invalid? In theory, no-- 00:00:00 OUI belongs to Xerox, and there is nothing special about an all-zeros MAC. If you see an OUI with the second bit of the first octet set, that would indicate locally managed addresses rather than global or "universally administered" numbering, otherwise you can lookup against OUI data from the IEEE: http://standards.ieee.org/develop/regauth/oui/oui.txt ...and that will let you identify the vendor of the ethernet NIC, SAS/fibre channel controller, etc...or conclude that someone is likely spoofing MAC addresses if you don't find the OUI listed. Maybe that's what you mean by "invalid"? Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1AB6F524-B4F4-4718-96C5-DB2951A02D59>