[TriLUG] spoofing mac addresses

[paul]

On Tue, 2004-08-03 at 12:11, Aaron S. Joyner wrote:
> paul wrote:
> 
> >Hi all, 
> >
> >I have 2 nics in a machine, one of which serves a backend private
> >address, and the other of which is on the front end with 13 addresses
> >aliased to it (ie: eth1:1, eth1:2, etc...). I think what I am finding is
> >that I can only spoof the mac address on one of the physical interfaces
> >(eth0 or eth1), and not individual mac addresses for each ip address (on
> >the aliases eth1:1..). Is that the case or does someone know of a way to
> >make this work?
> >
> >thx,
> >
> >-paul
> >
> >  
> >
> I believe you're confusing concepts here.  A physical Ethernet card 
> *should* only have one MAC address.  Now I stress the *should* because 
> that's the way things were originally intended to be - ARP (Address 
> Resolution Protocol) can map as many addresses as you'd like with that 
> single MAC address, but a MAC is supposed to correspond to a physical 
> piece of hardware (your Media Access Controller).  You can of course 
> bend the rules, put the card into promiscuous mode, and respond to 
> traffic for more than one MAC address, but that's not something most 
> Ethernet hardware will do on it's own, it requires a healthy dose of 
> software magic.  I do not know off-hand what readily-available tools 
> there are to do this w/ Linux, but perhaps someone else will respond 
> with more insight, or confirming what it appears you have started to 
> discover, will be helpful.
> 
> Best of luck,
> Aaron S. Joyner

Thanks for the insight! I understood the part about the nic
having/*needing* one mac address, but I hadn't thought of trying to put
the nic into promiscuous mode and trying to add hardware addresses that
way. Theoretically, with a card that supports monitor mode (these are
Intel e100 and e1000), -promisc with ifconfig would set the card into
promisc mode, though how to tell it to answer to multiple hw addresses
is still a mystery. But not for long methinks.

Thanks.

Paul