[TriLUG] spoofing mac addresses
Aaron S. Joyner
aaron at joyner.ws
Tue Aug 3 12:11:27 EDT 2004
paul wrote:
>Hi all,
>
>I have 2 nics in a machine, one of which serves a backend private
>address, and the other of which is on the front end with 13 addresses
>aliased to it (ie: eth1:1, eth1:2, etc...). I think what I am finding is
>that I can only spoof the mac address on one of the physical interfaces
>(eth0 or eth1), and not individual mac addresses for each ip address (on
>the aliases eth1:1..). Is that the case or does someone know of a way to
>make this work?
>
>thx,
>
>-paul
>
>
>
I believe you're confusing concepts here. A physical Ethernet card
*should* only have one MAC address. Now I stress the *should* because
that's the way things were originally intended to be - ARP (Address
Resolution Protocol) can map as many addresses as you'd like with that
single MAC address, but a MAC is supposed to correspond to a physical
piece of hardware (your Media Access Controller). You can of course
bend the rules, put the card into promiscuous mode, and respond to
traffic for more than one MAC address, but that's not something most
Ethernet hardware will do on it's own, it requires a healthy dose of
software magic. I do not know off-hand what readily-available tools
there are to do this w/ Linux, but perhaps someone else will respond
with more insight, or confirming what it appears you have started to
discover, will be helpful.
Best of luck,
Aaron S. Joyner
More information about the TriLUG
mailing list