Network question
Moderators: Chuck, Mustang380gal, Coordinators, Moderators
- techmike
- OFCC Patron Member
- Posts: 1595
- Joined: Mon Apr 16, 2007 10:42 pm
- Location: Toledo
Network question
I used to think I understood a few things about networking. I have a seven camera surveillance system - old school - coax, just upgraded the DVR, brand name is Zosi, I already had some of their cameras, they worked just fine. DVR is set-up and working, lot more features and resolution than the old one. What i did was to set up a wifi router that is not connected to a WAN, just the DVR, a PC in order to set up the router, and an Android tablet on the Lan. DVR is wired to the router, the tablet wif's to the router/DVR, and has a Zosi app that lets me view the cameras remotely around the house. It was working fine, then every two to 5 days (randomly) the tablet loses connectivity to the DVR. Can power cycle the DVR, then re-connect the tablet/app, all is well until next time. Tried many things, DHCP on, off, reserved IP's, their tech support had me update the firmware, nothing helped.
Then I noticed that the DVR is changing it's MAC address. I did not know that was possible - since I started counting there have been 9 different MAC addresses put out by the DVR. The DVR does not log any error or activity, just squirts a new MAC with the same IP. Seller is sending me a new DVR, not a high confidence level that it will work any different.
My former understanding was that MAC addresses were burned into the firmware and was one of the few constants in the universe. So I have a DVR with a random MAC generator. I plan on looking up the OEM code(s) in the MACs, have not done that yet.
My question: (finally) What benefit could there be (if any) to a piece of network equipment that has this issue?
Then I noticed that the DVR is changing it's MAC address. I did not know that was possible - since I started counting there have been 9 different MAC addresses put out by the DVR. The DVR does not log any error or activity, just squirts a new MAC with the same IP. Seller is sending me a new DVR, not a high confidence level that it will work any different.
My former understanding was that MAC addresses were burned into the firmware and was one of the few constants in the universe. So I have a DVR with a random MAC generator. I plan on looking up the OEM code(s) in the MACs, have not done that yet.
My question: (finally) What benefit could there be (if any) to a piece of network equipment that has this issue?
"The Constitution shall never be construed to prevent the people of the United States who are peaceable citizens from keeping their own arms."
- Samuel Adams, Massachusetts Ratifying Convention, 1788
- Samuel Adams, Massachusetts Ratifying Convention, 1788
- JustaShooter
- OFCC Coordinator
- Posts: 5808
- Joined: Thu Feb 07, 2013 3:08 pm
- Location: Akron/Canton Area
Re: Network question
Right, that's how it is supposed to work.techmike wrote:My former understanding was that MAC addresses were burned into the firmware and was one of the few constants in the universe.
I can't think of any legitimate reason for a network device to behave that way.techmike wrote:My question: (finally) What benefit could there be (if any) to a piece of network equipment that has this issue?
Christian, Husband, Father
NRA Life Member
NRA Certified Range Safety Officer
NRA Certified Pistol & Rifle Instructor
Want to become more active with OFCC and help fight for your rights? Click Here!
NRA Life Member
NRA Certified Range Safety Officer
NRA Certified Pistol & Rifle Instructor
Want to become more active with OFCC and help fight for your rights? Click Here!
- techmike
- OFCC Patron Member
- Posts: 1595
- Joined: Mon Apr 16, 2007 10:42 pm
- Location: Toledo
Re: Network question
Thank you. Allow me to clarify: Given a Chinese manufacturer, what 'nefarious' reason(s) are there for spoofing MAC addresses in a low-end DVR? Would there be some cost savings?JustaShooter wrote:Right, that's how it is supposed to work.techmike wrote:My former understanding was that MAC addresses were burned into the firmware and was one of the few constants in the universe.I can't think of any legitimate reason for a network device to behave that way.techmike wrote:My question: (finally) What benefit could there be (if any) to a piece of network equipment that has this issue?
"The Constitution shall never be construed to prevent the people of the United States who are peaceable citizens from keeping their own arms."
- Samuel Adams, Massachusetts Ratifying Convention, 1788
- Samuel Adams, Massachusetts Ratifying Convention, 1788
- schmieg
- OFCC Coordinator
- Posts: 5757
- Joined: Mon Jul 04, 2005 11:11 pm
- Location: Madeira, Ohio
Re: Network question
I can think of a lot of reasons to do this on a laptop or tablet or phone for nefarious reasons, but none on a DVR.techmike wrote:Thank you. Allow me to clarify: Given a Chinese manufacturer, what 'nefarious' reason(s) are there for spoofing MAC addresses in a low-end DVR? Would there be some cost savings?JustaShooter wrote:Right, that's how it is supposed to work.techmike wrote:My former understanding was that MAC addresses were burned into the firmware and was one of the few constants in the universe.I can't think of any legitimate reason for a network device to behave that way.techmike wrote:My question: (finally) What benefit could there be (if any) to a piece of network equipment that has this issue?
-- Mike
"The smallest minority on earth is the individual. Those who deny individual rights cannot claim to be defenders of minorities." - Ayn Rand
"The smallest minority on earth is the individual. Those who deny individual rights cannot claim to be defenders of minorities." - Ayn Rand
- rickt
- OFCC Member
- Posts: 3164
- Joined: Mon Jul 04, 2005 6:35 am
- Location: Cuyahoga County
Re: Network question
MACs aren't supposed to change. That would make ARP (Address Resolution Protocol) not function. How did you determine the MAC was changing?
- JustaShooter
- OFCC Coordinator
- Posts: 5808
- Joined: Thu Feb 07, 2013 3:08 pm
- Location: Akron/Canton Area
Re: Network question
No cost savings - well, I suppose minimal savings if they were to use someone else's MAC Address range instead of buying their own, but a block of 16 million addresses costs something like 0.01 *cents* per address.techmike wrote:Thank you. Allow me to clarify: Given a Chinese manufacturer, what 'nefarious' reason(s) are there for spoofing MAC addresses in a low-end DVR? Would there be some cost savings?JustaShooter wrote:Right, that's how it is supposed to work.techmike wrote:My former understanding was that MAC addresses were burned into the firmware and was one of the few constants in the universe.I can't think of any legitimate reason for a network device to behave that way.techmike wrote:My question: (finally) What benefit could there be (if any) to a piece of network equipment that has this issue?
I suppose maybe if they were going to use it as part of a botnet or something that perhaps randomly changing MAC addresses might make it harder to identify, but not by enough to matter.
Christian, Husband, Father
NRA Life Member
NRA Certified Range Safety Officer
NRA Certified Pistol & Rifle Instructor
Want to become more active with OFCC and help fight for your rights? Click Here!
NRA Life Member
NRA Certified Range Safety Officer
NRA Certified Pistol & Rifle Instructor
Want to become more active with OFCC and help fight for your rights? Click Here!
- sodbuster95
- OFCC Patron Member
- Posts: 6954
- Joined: Mon Dec 01, 2008 5:14 pm
- Location: Maumee
- Contact:
Re: Network question
A MAC address operates on layer 2 of the TCP/IP stack. In contrast, an IP address operates on layer 3. So - and I'm just spit-balling here - if you lose connectivity when the MAC address changes, then you might have a problem with the router you have everything connected to. I.E., it might be a switch and not an actual layer 3 router.
Now, as far as why a device would randomly reassign itself a new MAC address...that's a mystery to me. I can think of no benefit whatsoever - not even a valid nefarious reason - as most devices are going to translate, even on an intranet, at layer 3 with IP and not at layer 2 with the MAC address. Moreover, reassigning a MAC would mean that someone wrote some code specifically for that purpose. Which just strikes me as a nonsensical added complication for no real purpose.
Now, as far as why a device would randomly reassign itself a new MAC address...that's a mystery to me. I can think of no benefit whatsoever - not even a valid nefarious reason - as most devices are going to translate, even on an intranet, at layer 3 with IP and not at layer 2 with the MAC address. Moreover, reassigning a MAC would mean that someone wrote some code specifically for that purpose. Which just strikes me as a nonsensical added complication for no real purpose.
NRA Benefactor Life Member
Information posted in these forums is my personal opinion only. It is not intended, nor should it be construed, as legal advice.
Information posted in these forums is my personal opinion only. It is not intended, nor should it be construed, as legal advice.
- techmike
- OFCC Patron Member
- Posts: 1595
- Joined: Mon Apr 16, 2007 10:42 pm
- Location: Toledo
Re: Network question
There is an Info page in the DVR firmware, bottom line is the MAC. Also have an app on the tablet called Ping Tools, kinda handy as it displays everything on a LAN. Screenshot of Ping Tools here is just after a new MAC was generated- old entry is labeled Zosi DVR, which is now yellow or not connected. New unknown device is the DVR with the same IP, different MAC and that is now connected to the network, but not the viewing app on the tablet.rickt wrote:MACs aren't supposed to change. That would make ARP (Address Resolution Protocol) not function. How did you determine the MAC was changing?
"The Constitution shall never be construed to prevent the people of the United States who are peaceable citizens from keeping their own arms."
- Samuel Adams, Massachusetts Ratifying Convention, 1788
- Samuel Adams, Massachusetts Ratifying Convention, 1788
- schmieg
- OFCC Coordinator
- Posts: 5757
- Joined: Mon Jul 04, 2005 11:11 pm
- Location: Madeira, Ohio
Re: Network question
Does this DVR have both a WiFi and Ethernet NIC? Is it possible that the same IP address has been assigned to WiFi and Ethernet and it is somehow switching between the two?
-- Mike
"The smallest minority on earth is the individual. Those who deny individual rights cannot claim to be defenders of minorities." - Ayn Rand
"The smallest minority on earth is the individual. Those who deny individual rights cannot claim to be defenders of minorities." - Ayn Rand
- techmike
- OFCC Patron Member
- Posts: 1595
- Joined: Mon Apr 16, 2007 10:42 pm
- Location: Toledo
Re: Network question
It does have wifi capability, and since that would be a second NIC it would have a different MAC. Since I started counting I am up to 10 different MAC's - with one repeat. I do not have the wifi configured on the DVR, nor is it enabled.schmieg wrote:Does this DVR have both a WiFi and Ethernet NIC? Is it possible that the same IP address has been assigned to WiFi and Ethernet and it is somehow switching between the two?
"The Constitution shall never be construed to prevent the people of the United States who are peaceable citizens from keeping their own arms."
- Samuel Adams, Massachusetts Ratifying Convention, 1788
- Samuel Adams, Massachusetts Ratifying Convention, 1788
- schmieg
- OFCC Coordinator
- Posts: 5757
- Joined: Mon Jul 04, 2005 11:11 pm
- Location: Madeira, Ohio
Re: Network question
On my home network, I sometimes get a report of one or more unknown devices with MACs that don't match anything I own. The strange thing is that the router does not show these MAC addresses as ever being on the network. However, I have never had a known device change its MAC. Microsnot does some strange things now and then in Windows networking. Wondering if it's a software problem. Does it ever return to the original MAC or do you just start using the new MAC and then it changes again?
-- Mike
"The smallest minority on earth is the individual. Those who deny individual rights cannot claim to be defenders of minorities." - Ayn Rand
"The smallest minority on earth is the individual. Those who deny individual rights cannot claim to be defenders of minorities." - Ayn Rand
- rickt
- OFCC Member
- Posts: 3164
- Joined: Mon Jul 04, 2005 6:35 am
- Location: Cuyahoga County
Re: Network question
Technically, those are layers of the OSI model. The ARP table holds the correlation between MAC addresses and TCP/IP addresses. If the MAC changes, then the entry holding the DVR's TCP/IP address no longer correlates to the correct MAC address. That is why communication is lost.sodbuster95 wrote:A MAC address operates on layer 2 of the TCP/IP stack. In contrast, an IP address operates on layer 3.
Windows users can see their ARP table by typing arp -a at a command prompt.
- deanimator
- Posts: 7863
- Joined: Fri Mar 24, 2006 7:34 pm
- Location: Rocky River
Re: Network question
I have actually seen a network where there were two devices simultaneously with the same MAC address. I don't know what the canonical response to this is supposed to be.
When you have duplicate IP addresses, one of the devices typically loses connectivity. I don't know with MAC addresses.
When you have duplicate IP addresses, one of the devices typically loses connectivity. I don't know with MAC addresses.
Life comes at you fast. Be prepared to shoot it in the head when it does.
- sodbuster95
- OFCC Patron Member
- Posts: 6954
- Joined: Mon Dec 01, 2008 5:14 pm
- Location: Maumee
- Contact:
Re: Network question
Quite right. I've been away from the IT field for a few years...rickt wrote:Technically, those are layers of the OSI model.sodbuster95 wrote:A MAC address operates on layer 2 of the TCP/IP stack. In contrast, an IP address operates on layer 3.
NRA Benefactor Life Member
Information posted in these forums is my personal opinion only. It is not intended, nor should it be construed, as legal advice.
Information posted in these forums is my personal opinion only. It is not intended, nor should it be construed, as legal advice.
- techmike
- OFCC Patron Member
- Posts: 1595
- Joined: Mon Apr 16, 2007 10:42 pm
- Location: Toledo
Re: Network question
Well, just ran 4 of my DVR's MAC addresses through a vendor look-up service - all were "Not Found". https://macvendors.com/
While my set-up is not connected to the WAN, many people do shoot their camera feed to the internet for remote viewing on their device. What, if any, security issues might this plethora of MAC addresses be susceptible to?
While my set-up is not connected to the WAN, many people do shoot their camera feed to the internet for remote viewing on their device. What, if any, security issues might this plethora of MAC addresses be susceptible to?
"The Constitution shall never be construed to prevent the people of the United States who are peaceable citizens from keeping their own arms."
- Samuel Adams, Massachusetts Ratifying Convention, 1788
- Samuel Adams, Massachusetts Ratifying Convention, 1788