virtual MAC OUI list. Or reverse: hardware nic manufacturer OUIs.

Hello.

Is there a good list of all virtual NIC's OUI out there?
I need to make sure that MAC addresses that i receive belongs to unique hardware.

The most i could find is vmware, virtual iron, xensource and microsoft virtual server, but i don't want to take chances that these are the only ones out there.

I don't mind the reverse either: to have a list of real hardware NIC manufacturers OUIs.

Thank you.
LVL 11
AlexanderREnterprise Web DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Don JohnstonInstructorCommented:
0
AlexanderREnterprise Web DeveloperAuthor Commented:
I've already seen that list but it cannot tell me which one of them produce virtual or real hardware interfaces.
0
AlexanderREnterprise Web DeveloperAuthor Commented:
OK, i've collected the following:

VMware          00-50-56, 00-0C-29, 00-05-69
Microsoft  Virtual PC       00-03-FF
Parallells Desktop      00-1C-42
Virtual Iron 4       00-0F-4B
Red Hat Xen       00-16-3E
Oracle VM       00-16-3E
XenSource       00-16-3E
Novell Xen       00-16-3E
VirtualBox       08-00-27


Can anyone say if that's a complete, at least in terms of common user, list?
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

MysidiaCommented:
How sure do you want to be? The list of OUIs changes periodically.
Hardware manufacturers register new OUIs from time to time.
Also, there is no guarantee that VMware doesn't ever make appliances or PCs with NIC cards and assign them ranges within their OUI.

Plus users of the virtualization software can generally set the MAC address to whatever they want,  they can  even change it to be within a real hardware manufacturer's OUI or in a reserved OUI.

Essentially,  you can use this as a check to tell you something _might_ be virtual.

But there is absolutely no way to guarantee if a host is virtual or not by looking at its reported MAC address.


0
AlexanderREnterprise Web DeveloperAuthor Commented:
Thanks for the insight.
I appreciate the problems and am aware of them.

My situation is not as complex (although can get slightly problematic with your quote "can  even change it to be within a real hardware manufacturer's OUI or in a reserved OUI"). This is for an online survey.  I have a java applet that gets users's mac address and passes it to a PHP page for further processing.  Idea is to make the survey as fear as possible.
The problem is that some computers have multiple MAC addresses, some of which are from virtual environments.  Since virtual environments have a risk of having the same MAC on multiple stations (as opposted to hardware which are unique unless mendled with) i need to ignore them and register "real" MACs only.  Otherwise if 2 users have VMware installed and have the same mac, the script will think that its the same computer and will reject the request.
0
MysidiaCommented:
Ok, the only way someone accessing it will have both Virtual and Real MACs are if they are running the applet from the host machine.  If they load the applet from inside say their desktop virtual machine in Parallels,  the only NIC the applet sees will be virtual.   An ideal thing to do may be to use the Windows WMI  to check what driver is being used for the network card.   But Java's security restrictions are unlikely to permit an applet to do this...


A minor issue to keep in mind is that some manufacturers of network cards have been known to ship multiple cards with the same MAC address; i.e. They should be  globally unique, but in practice MAC addresses are not globally unique.

In fact, on even rarer occasion, it has been necessary to manually set the MAC address of a PC,  because the address burned into its Ethernet card's PROM was the same as the MAC address of another computer.   Having two NICs on your LAN with the same MAC address can cause many problems, and it is difficult to troubleshoot,  because it rarely happens.

Although you are ok if the duplicates are on different subnets and different switching infrastructure;  it is dangerous to have two computer systems with the same MAC address in the same organization's network.


The probability of your applet running into these is small, but not zero.


The probability of two stations having exactly the same randomly generated virtual NIC MAC address is small,  even if they were all 24-bits randomly generated in the same OUI.

It should be ~580 virtual NICs, before there is a 1% chance of collission.
And  ~1500 virtual NICs before  there is a 10% chance of any two having the same MAC  within the same vendor's OUI.


I would suggest that the best thing to do would be to store all MACs  and filter later.

If there are duplicates,  you can resolve the duplication by using info about other MAC addresses the system has.

Two randomly generated MAC addresses (even if they are both virtual NICs)  further reduces the probability of an exact duplciate of that machine, even just its virtual NICs.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MysidiaCommented:
Small addendum:  on Windows systems,  Virtual machines aren't the only type of virtual adapters. An example would be a Virtual Adapter  created by bridging two interfaces "Miniport MAC Bridge"

This uses a Microsoft OUI,  I have one on my PC, it's my primary network interface (the one I assign an IP and default gateway to) and its MAC address starts with 02-01-80-*

There is also a Virtual network interface created when you install software like the Cisco VPN client.

This is not a real network interface and will use one of Cisco's OUIs.
Again, I have one...   its MAC address starts with 00-05-9A-*
This interface is only enabled when the VPN client is actually in use.


Keep in mind,  Cisco also makes network hardware, and there are some Cisco-branded network cards and servers  that will possibly have one of the Cisco OUIs burned into PROM.


0
AlexanderREnterprise Web DeveloperAuthor Commented:
This is some very good information.  I'll see what i can do with it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.