On Sat, 2004-09-18 at 19:22, Barsalou wrote:
> It seems to me that the problem of tracking an IP back to it's source
is
> a bit troublesome if you don't have access to the routers between the
> source mac and the destination mac.
>
> In addition, since the routers typically change the mac address to the
> router, there is no real way to figure out where the packet
originated.
>
> How far off am I on this?
>
> Mike B.
If this has anything to do with your other post on "spoofing" an IP
address then you can for get about the mac. Most of this stuff is out
side my expertise. However, I have some experience with routing.
My understanding is that the Mac address is only there to establish
communication. If computer A needs to communicate with computer B, which
is on the same network segment, then the Mac address is used. A is
directly connecting to B.
It gets tricky when we need to talk to computers on other network
segments. Lets say that computer A is on segment 1. Will call it A1 for
short. A1 wants to talk to C2, which is computer C on segment 2. Because
these computers are on different segments they need to go through a
router. Will call the router B. We now have something that looks like
the following.
A1--->B--->C2
Hope I haven't lost anyone yet.
We all know that A1 can send data to C2, but the real story here is that
A1 doesn't know anything about C2's Mac address. Why? It never makes a
connection to C2. It makes a connection to B (the router). B takes the
data in the packet connects to C2 and gives it the data. The router is
relaying the information.
The other side of the story is that routers don't route by Mac address.
They route by IP. So there is no need to know what the Mac address is.
It's only used to establish connections. On the routers I've used there
was know way to find out any information on Mac addresses. There's know
reason to see or log that information. All you get is a routing table of
IP addresses.
That's it for tonight. Now I need a drink to fix the headache I got just
thinking about all this stuff.
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sun Sep 19 00:29:59 2004
This archive was generated by hypermail 2.1.8 : Sun Sep 19 2004 - 00:30:01 AKDT