Battle for bandwidth

[Paul]

Hal,
Only layer 2 devices look at MAC addresses, like ATM switches and
switches. IP is layer 3, and routers or IP "anything" do not touch the
MAC. The MAC is only used when a device has a layer 3 address on the
same subnet as the destination. ANDing determines if the destination is
on the same subnet. If it is, then an ARP cache lookup is done, if found
it sends the frames to the destination. If it's not in ARP cache, the
machine does an ARP broadcast. If ANDing determines it's not on the same
subnet, then the frames are packetized and sent to the default gateway.
The MAC address never changes from source machine in normal networking,
including NATing or IPMASQing. Programmers can change it, if it does
change, no frames will ever come back to your machine. No other machines
know how to communicate with it. It's basic networking.

I wish I knew Linux as well as networking...

Paul
-----Original Message-----
From: owner-kclug at marauder.illiana.net
[mailto:owner-kclug at marauder.illiana.net] On Behalf Of Duston, Hal
Sent: Monday, January 21, 2002 11:57 AM
To: 'Kclug'
Subject: Re: Battle for bandwidth

> There are ways to determine if someone is masking layer 3 (IP)
addresses.
> Just snoop the MAC address in the packets, only takes a bit of
processing 
> power. Tony is correct, never ask for it, try it and see what happens.

Only thing is, _all_ packets behind an IP firewall, will go out with the

_same_ MAC address since the MAC address changes on every hop.
Otherwise
the destination device wouldn't know where it came from.  I am pretty 
sure this true anyway.  You can check this by looking at the MAC
addresses
from different remote sites as the come _into_ your network/machine.  I
am
willing to bet that they all have the MAC address of the upstream
device.

Hal