virtual MAC OUI list. Or reverse: hardware nic manufacturer OUIs.

Hello.

Is there a good list of all virtual NIC's OUI out there?
I need to make sure that MAC addresses that i receive belongs to unique hardware.

The most i could find is vmware, virtual iron, xensource and microsoft virtual server, but i don't want to take chances that these are the only ones out there.

I don't mind the reverse either: to have a list of real hardware NIC manufacturers OUIs.

Thank you.
LVL 11
AlexanderRAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
MysidiaConnect With a Mentor Commented:
Ok, the only way someone accessing it will have both Virtual and Real MACs are if they are running the applet from the host machine.  If they load the applet from inside say their desktop virtual machine in Parallels,  the only NIC the applet sees will be virtual.   An ideal thing to do may be to use the Windows WMI  to check what driver is being used for the network card.   But Java's security restrictions are unlikely to permit an applet to do this...


A minor issue to keep in mind is that some manufacturers of network cards have been known to ship multiple cards with the same MAC address; i.e. They should be  globally unique, but in practice MAC addresses are not globally unique.

In fact, on even rarer occasion, it has been necessary to manually set the MAC address of a PC,  because the address burned into its Ethernet card's PROM was the same as the MAC address of another computer.   Having two NICs on your LAN with the same MAC address can cause many problems, and it is difficult to troubleshoot,  because it rarely happens.

Although you are ok if the duplicates are on different subnets and different switching infrastructure;  it is dangerous to have two computer systems with the same MAC address in the same organization's network.


The probability of your applet running into these is small, but not zero.


The probability of two stations having exactly the same randomly generated virtual NIC MAC address is small,  even if they were all 24-bits randomly generated in the same OUI.

It should be ~580 virtual NICs, before there is a 1% chance of collission.
And  ~1500 virtual NICs before  there is a 10% chance of any two having the same MAC  within the same vendor's OUI.


I would suggest that the best thing to do would be to store all MACs  and filter later.

If there are duplicates,  you can resolve the duplication by using info about other MAC addresses the system has.

Two randomly generated MAC addresses (even if they are both virtual NICs)  further reduces the probability of an exact duplciate of that machine, even just its virtual NICs.
0
 
Don JohnstonInstructorCommented:
0
 
AlexanderRAuthor Commented:
I've already seen that list but it cannot tell me which one of them produce virtual or real hardware interfaces.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
AlexanderRAuthor Commented:
OK, i've collected the following:

VMware          00-50-56, 00-0C-29, 00-05-69
Microsoft  Virtual PC       00-03-FF
Parallells Desktop      00-1C-42
Virtual Iron 4       00-0F-4B
Red Hat Xen       00-16-3E
Oracle VM       00-16-3E
XenSource       00-16-3E
Novell Xen       00-16-3E
VirtualBox       08-00-27


Can anyone say if that's a complete, at least in terms of common user, list?
0
 
MysidiaCommented:
How sure do you want to be? The list of OUIs changes periodically.
Hardware manufacturers register new OUIs from time to time.
Also, there is no guarantee that VMware doesn't ever make appliances or PCs with NIC cards and assign them ranges within their OUI.

Plus users of the virtualization software can generally set the MAC address to whatever they want,  they can  even change it to be within a real hardware manufacturer's OUI or in a reserved OUI.

Essentially,  you can use this as a check to tell you something _might_ be virtual.

But there is absolutely no way to guarantee if a host is virtual or not by looking at its reported MAC address.


0
 
AlexanderRAuthor Commented:
Thanks for the insight.
I appreciate the problems and am aware of them.

My situation is not as complex (although can get slightly problematic with your quote "can  even change it to be within a real hardware manufacturer's OUI or in a reserved OUI"). This is for an online survey.  I have a java applet that gets users's mac address and passes it to a PHP page for further processing.  Idea is to make the survey as fear as possible.
The problem is that some computers have multiple MAC addresses, some of which are from virtual environments.  Since virtual environments have a risk of having the same MAC on multiple stations (as opposted to hardware which are unique unless mendled with) i need to ignore them and register "real" MACs only.  Otherwise if 2 users have VMware installed and have the same mac, the script will think that its the same computer and will reject the request.
0
 
MysidiaCommented:
Small addendum:  on Windows systems,  Virtual machines aren't the only type of virtual adapters. An example would be a Virtual Adapter  created by bridging two interfaces "Miniport MAC Bridge"

This uses a Microsoft OUI,  I have one on my PC, it's my primary network interface (the one I assign an IP and default gateway to) and its MAC address starts with 02-01-80-*

There is also a Virtual network interface created when you install software like the Cisco VPN client.

This is not a real network interface and will use one of Cisco's OUIs.
Again, I have one...   its MAC address starts with 00-05-9A-*
This interface is only enabled when the VPN client is actually in use.


Keep in mind,  Cisco also makes network hardware, and there are some Cisco-branded network cards and servers  that will possibly have one of the Cisco OUIs burned into PROM.


0
 
AlexanderRAuthor Commented:
This is some very good information.  I'll see what i can do with it.
0
All Courses

From novice to tech pro — start learning today.