> In addition, since the routers typically change the mac address to the
> router, there is no real way to figure out where the packet originated.
>
> How far off am I on this?
>
> Mike B.
This is correct. The MAC address is only valid for a local broadcast domain (subnet). A network interface in that broadcast domain, or a switch keeps track of the MAC addresses in a domain in order to match up a physical device with a network address.
A router sits between broadcast domains, and must attach it's MAC address to traffic that it is routing from one broadcast domain to another (or from a non-broadcast network type to a broadcast domain, etc.) so that replies to that traffic get sent to it's network interface.
So for example traffic from www.aklug.org would appear to my firewall to have the MAC address of GCI's router since that is the entry point for the traffic on the 24.237.16.0/21 subnet. That same traffic from www.aklug.org would appear to my workstation to have the MAC address of my firewall's internal interface since that is the entry point for the traffic on my internal subnet.
Cheers,
James
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Sep 18 20:49:53 2004
This archive was generated by hypermail 2.1.8 : Sat Sep 18 2004 - 20:49:53 AKDT