On Tue, Nov 10, 2009 at 8:28 AM, Eric Covener <cove...@gmail.com> wrote: > On Tue, Nov 10, 2009 at 8:19 AM, Stephen Love <stephenl...@juno.com> wrote: >> I have set up a routine in my server that logs all incoming IP addresses and >> parses for duplicates in the same list. HOWEVER...a person posting almost >> NEVER has the same address. I believe I am not using the actual IP Address >> at all. What I WANT is the actual SERIAL NUMBER (If you could call it that!) >> of the HARDWARE (Network Adapter) actually sending the message, or its REPLY >> TO address... the address it is COMMUNICATING FROM in order to actually send >> the message. I am SURE if it is to establish a 2-way link to send and >> confirm the message, the receiving end HAS that info, buried deep within >> what it receives. HOW can I get that, so that the route steps inbetween do >> not matter? > > You don't have access to their MAC address or any other universal > identifier, no matter how much you use the shift key. > > -- > Eric Covener > cove...@gmail.com > [clip]
As Eric says, what you're looking for is a MAC address which is a universally unique identifier that every network device has (though I think even here, "universally unique" might have some qualifying conditions). MAC addresses are used in very low level protocols (link layer protocols, I believe) to send packets to specific devices. MAC addresses are for point-to-point communications, not end-to-end. You could set up a packet sniffer, like Wireshark, and capture the source MAC addresses of incoming packets, but that would probably just give you the MAC address of your router or modem. As you've discovered, IP addresses are not valid ways to identify end users. Most residential internet access is done through a dynamic IP address, meaning their ISP can change their IP address whenever it wants. Further, a lot of people access the web through proxy servers, so that a large number of end users are seen as the same IP address, and others access through proxy pools or networks like Tor so that the same person may have a different IP address for every request they make. It sounds like what you're looking for is a way to track your visitors. Google Analytics is a pretty good free service for doing exactly that, or you can set up your own similar system. The way these things work is by using cookies to track individual browsers. But of course, a lot of people don't use cookies. Further, if you're worried about active menace, cookies are terribly insecure unless you're using secure connections (and even then through various types of attack), so a malicious user could snoop other people's cookies and submit it with their own request, making it look like the request came from the other user. If you want to do more strict tracking, something along the lines of "sorry, you already voted, and you can only vote once.", you'll need to get much more sophisticated. Some sort of user-authentication (i.e., "log in") is a must for this, and you'll need to be very careful about people snooping cookies and log-in date (like, only use secure HTTPS connections). -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
