Solved

virtual MAC OUI list.  Or reverse: hardware nic manufacturer OUIs.

Posted on 2008-10-26
8
2,197 Views
Last Modified: 2013-11-09
Hello.

Is there a good list of all virtual NIC's OUI out there?
I need to make sure that MAC addresses that i receive belongs to unique hardware.

The most i could find is vmware, virtual iron, xensource and microsoft virtual server, but i don't want to take chances that these are the only ones out there.

I don't mind the reverse either: to have a list of real hardware NIC manufacturers OUIs.

Thank you.
0
Comment
Question by:AlexanderR
  • 4
  • 3
8 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 22807357
0
 
LVL 11

Author Comment

by:AlexanderR
ID: 22807568
I've already seen that list but it cannot tell me which one of them produce virtual or real hardware interfaces.
0
 
LVL 11

Author Comment

by:AlexanderR
ID: 22807648
OK, i've collected the following:

VMware          00-50-56, 00-0C-29, 00-05-69
Microsoft  Virtual PC       00-03-FF
Parallells Desktop      00-1C-42
Virtual Iron 4       00-0F-4B
Red Hat Xen       00-16-3E
Oracle VM       00-16-3E
XenSource       00-16-3E
Novell Xen       00-16-3E
VirtualBox       08-00-27


Can anyone say if that's a complete, at least in terms of common user, list?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 23

Expert Comment

by:Mysidia
ID: 22808012
How sure do you want to be? The list of OUIs changes periodically.
Hardware manufacturers register new OUIs from time to time.
Also, there is no guarantee that VMware doesn't ever make appliances or PCs with NIC cards and assign them ranges within their OUI.

Plus users of the virtualization software can generally set the MAC address to whatever they want,  they can  even change it to be within a real hardware manufacturer's OUI or in a reserved OUI.

Essentially,  you can use this as a check to tell you something _might_ be virtual.

But there is absolutely no way to guarantee if a host is virtual or not by looking at its reported MAC address.


0
 
LVL 11

Author Comment

by:AlexanderR
ID: 22808281
Thanks for the insight.
I appreciate the problems and am aware of them.

My situation is not as complex (although can get slightly problematic with your quote "can  even change it to be within a real hardware manufacturer's OUI or in a reserved OUI"). This is for an online survey.  I have a java applet that gets users's mac address and passes it to a PHP page for further processing.  Idea is to make the survey as fear as possible.
The problem is that some computers have multiple MAC addresses, some of which are from virtual environments.  Since virtual environments have a risk of having the same MAC on multiple stations (as opposted to hardware which are unique unless mendled with) i need to ignore them and register "real" MACs only.  Otherwise if 2 users have VMware installed and have the same mac, the script will think that its the same computer and will reject the request.
0
 
LVL 23

Accepted Solution

by:
Mysidia earned 500 total points
ID: 22808694
Ok, the only way someone accessing it will have both Virtual and Real MACs are if they are running the applet from the host machine.  If they load the applet from inside say their desktop virtual machine in Parallels,  the only NIC the applet sees will be virtual.   An ideal thing to do may be to use the Windows WMI  to check what driver is being used for the network card.   But Java's security restrictions are unlikely to permit an applet to do this...


A minor issue to keep in mind is that some manufacturers of network cards have been known to ship multiple cards with the same MAC address; i.e. They should be  globally unique, but in practice MAC addresses are not globally unique.

In fact, on even rarer occasion, it has been necessary to manually set the MAC address of a PC,  because the address burned into its Ethernet card's PROM was the same as the MAC address of another computer.   Having two NICs on your LAN with the same MAC address can cause many problems, and it is difficult to troubleshoot,  because it rarely happens.

Although you are ok if the duplicates are on different subnets and different switching infrastructure;  it is dangerous to have two computer systems with the same MAC address in the same organization's network.


The probability of your applet running into these is small, but not zero.


The probability of two stations having exactly the same randomly generated virtual NIC MAC address is small,  even if they were all 24-bits randomly generated in the same OUI.

It should be ~580 virtual NICs, before there is a 1% chance of collission.
And  ~1500 virtual NICs before  there is a 10% chance of any two having the same MAC  within the same vendor's OUI.


I would suggest that the best thing to do would be to store all MACs  and filter later.

If there are duplicates,  you can resolve the duplication by using info about other MAC addresses the system has.

Two randomly generated MAC addresses (even if they are both virtual NICs)  further reduces the probability of an exact duplciate of that machine, even just its virtual NICs.
0
 
LVL 23

Expert Comment

by:Mysidia
ID: 22809068
Small addendum:  on Windows systems,  Virtual machines aren't the only type of virtual adapters. An example would be a Virtual Adapter  created by bridging two interfaces "Miniport MAC Bridge"

This uses a Microsoft OUI,  I have one on my PC, it's my primary network interface (the one I assign an IP and default gateway to) and its MAC address starts with 02-01-80-*

There is also a Virtual network interface created when you install software like the Cisco VPN client.

This is not a real network interface and will use one of Cisco's OUIs.
Again, I have one...   its MAC address starts with 00-05-9A-*
This interface is only enabled when the VPN client is actually in use.


Keep in mind,  Cisco also makes network hardware, and there are some Cisco-branded network cards and servers  that will possibly have one of the Cisco OUIs burned into PROM.


0
 
LVL 11

Author Comment

by:AlexanderR
ID: 22809497
This is some very good information.  I'll see what i can do with it.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
configuring snmp v2 or v3 on Cisco switches 2 62
Cisco MSRP pricing 5 50
HP 802.11g Wireless Printer Card For Deskjet 460 9 77
Watchguard XTM 2 85
When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question