Solved

virtual MAC OUI list.  Or reverse: hardware nic manufacturer OUIs.

Posted on 2008-10-26
8
2,185 Views
Last Modified: 2013-11-09
Hello.

Is there a good list of all virtual NIC's OUI out there?
I need to make sure that MAC addresses that i receive belongs to unique hardware.

The most i could find is vmware, virtual iron, xensource and microsoft virtual server, but i don't want to take chances that these are the only ones out there.

I don't mind the reverse either: to have a list of real hardware NIC manufacturers OUIs.

Thank you.
0
Comment
Question by:AlexanderR
  • 4
  • 3
8 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 22807357
0
 
LVL 11

Author Comment

by:AlexanderR
ID: 22807568
I've already seen that list but it cannot tell me which one of them produce virtual or real hardware interfaces.
0
 
LVL 11

Author Comment

by:AlexanderR
ID: 22807648
OK, i've collected the following:

VMware          00-50-56, 00-0C-29, 00-05-69
Microsoft  Virtual PC       00-03-FF
Parallells Desktop      00-1C-42
Virtual Iron 4       00-0F-4B
Red Hat Xen       00-16-3E
Oracle VM       00-16-3E
XenSource       00-16-3E
Novell Xen       00-16-3E
VirtualBox       08-00-27


Can anyone say if that's a complete, at least in terms of common user, list?
0
 
LVL 23

Expert Comment

by:Mysidia
ID: 22808012
How sure do you want to be? The list of OUIs changes periodically.
Hardware manufacturers register new OUIs from time to time.
Also, there is no guarantee that VMware doesn't ever make appliances or PCs with NIC cards and assign them ranges within their OUI.

Plus users of the virtualization software can generally set the MAC address to whatever they want,  they can  even change it to be within a real hardware manufacturer's OUI or in a reserved OUI.

Essentially,  you can use this as a check to tell you something _might_ be virtual.

But there is absolutely no way to guarantee if a host is virtual or not by looking at its reported MAC address.


0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 11

Author Comment

by:AlexanderR
ID: 22808281
Thanks for the insight.
I appreciate the problems and am aware of them.

My situation is not as complex (although can get slightly problematic with your quote "can  even change it to be within a real hardware manufacturer's OUI or in a reserved OUI"). This is for an online survey.  I have a java applet that gets users's mac address and passes it to a PHP page for further processing.  Idea is to make the survey as fear as possible.
The problem is that some computers have multiple MAC addresses, some of which are from virtual environments.  Since virtual environments have a risk of having the same MAC on multiple stations (as opposted to hardware which are unique unless mendled with) i need to ignore them and register "real" MACs only.  Otherwise if 2 users have VMware installed and have the same mac, the script will think that its the same computer and will reject the request.
0
 
LVL 23

Accepted Solution

by:
Mysidia earned 500 total points
ID: 22808694
Ok, the only way someone accessing it will have both Virtual and Real MACs are if they are running the applet from the host machine.  If they load the applet from inside say their desktop virtual machine in Parallels,  the only NIC the applet sees will be virtual.   An ideal thing to do may be to use the Windows WMI  to check what driver is being used for the network card.   But Java's security restrictions are unlikely to permit an applet to do this...


A minor issue to keep in mind is that some manufacturers of network cards have been known to ship multiple cards with the same MAC address; i.e. They should be  globally unique, but in practice MAC addresses are not globally unique.

In fact, on even rarer occasion, it has been necessary to manually set the MAC address of a PC,  because the address burned into its Ethernet card's PROM was the same as the MAC address of another computer.   Having two NICs on your LAN with the same MAC address can cause many problems, and it is difficult to troubleshoot,  because it rarely happens.

Although you are ok if the duplicates are on different subnets and different switching infrastructure;  it is dangerous to have two computer systems with the same MAC address in the same organization's network.


The probability of your applet running into these is small, but not zero.


The probability of two stations having exactly the same randomly generated virtual NIC MAC address is small,  even if they were all 24-bits randomly generated in the same OUI.

It should be ~580 virtual NICs, before there is a 1% chance of collission.
And  ~1500 virtual NICs before  there is a 10% chance of any two having the same MAC  within the same vendor's OUI.


I would suggest that the best thing to do would be to store all MACs  and filter later.

If there are duplicates,  you can resolve the duplication by using info about other MAC addresses the system has.

Two randomly generated MAC addresses (even if they are both virtual NICs)  further reduces the probability of an exact duplciate of that machine, even just its virtual NICs.
0
 
LVL 23

Expert Comment

by:Mysidia
ID: 22809068
Small addendum:  on Windows systems,  Virtual machines aren't the only type of virtual adapters. An example would be a Virtual Adapter  created by bridging two interfaces "Miniport MAC Bridge"

This uses a Microsoft OUI,  I have one on my PC, it's my primary network interface (the one I assign an IP and default gateway to) and its MAC address starts with 02-01-80-*

There is also a Virtual network interface created when you install software like the Cisco VPN client.

This is not a real network interface and will use one of Cisco's OUIs.
Again, I have one...   its MAC address starts with 00-05-9A-*
This interface is only enabled when the VPN client is actually in use.


Keep in mind,  Cisco also makes network hardware, and there are some Cisco-branded network cards and servers  that will possibly have one of the Cisco OUIs burned into PROM.


0
 
LVL 11

Author Comment

by:AlexanderR
ID: 22809497
This is some very good information.  I'll see what i can do with it.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now