:> Can some one tell me exactly what happens if we have duplicate MAC :> address on the same LAN (no switch in between). Also assume that they :> have statily different IP's assigned. My gues is that both NIC's should :> get the packet and if the s/w stack is correctly implemented, the :> incorrect destination should then drop it.
:If I recall correctly, if a NIC detects a duplicate MAC, it's supposed to :shut down.
That is if the NIC -detects- that something else is using it's MAC. Which would require that the other device transmits packets.
There is a form of stateful failover that is sometimes implimented which is handled by having two devices both assuming the same MAC, so that the standby device receives a copy of all the packets destined to the master device, and follows along in its song-book. When the master device dies, the standby device assumes control without having to kill the connections. The same thing could, of course, also be done with the secondary device snooping for those packets and changing it's MAC address when the master fails.
:> and if the s/w stack is correctly implemented, the :> incorrect destination should then drop it.
If the s/w stack is correctly implimented, the "incorrect" destination will offer a way of capturing all packets, such as for tcpdump / ethereal. When such a mode is activated, the exact details of what happens for mismatched IPs with the correct MAC varies. For example for some OS's, an icmp unreachable will be generated for protocols -other- than TCP or UDP, but the TCP and UDP stacks filter at a different point and know enough not to act on the packets. These differences in operation are exploited by "anti-sniffer" software designed to locate equipment that is snooping on the net.