From Slashdot: Comcast goes after NAT users
Monty J. Harder
lists at kc.rr.com
Sat Jan 26 02:12:28 CST 2002
"Jeremy Fowler, CNA" <jfowler at westrope.com> wrote:
> Finally the Data Link Layer encapsulates the other layers and adds the
last
> header:
> [ Ethernet Header (MAC Address) [IP Header (IP Address) [ TCP HEADER [
> DATA ]]]]
>
>
> So when the packet is received on the other end, the MAC address IS the
address
> of the originating device. Not the last router that encountered the
packet.
The "other end" is only valid for that hop. Each router/bridge/whatever
that handles the IP packet must create an entirely new physical-level packet
for the next hop.
{ New Ethernet Header (New MAC Address) [IP Header (IP Address) [ TCP HEADER
[ DATA ]]] }
The only way that a MAC address gets to the next hop is if it's in an
"inner" packet. Which does happen when you do VPN, PPPoE, or some other
kind of mutant arrangement. Of course, if the data inside the TCP packets
are part of an encrypted stream, you won't be able to sniff out the MACs
anyway.
More information about the Kclug
mailing list