Re: Strange MAC address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

----- Original Message ----- 
From: "LI GUOJIE" <p1436630@xxxxxxxxxxxxxxx>
To: <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Sunday, May 18, 2003 3:59 PM
Subject: Strange MAC address


> I am trying to use '-m mac' for match. Client machine mac is:
> 00:00:E4:95:6B:48 . However, i saw the following log on the server:
> (using log-ip-options)
> IPTABLES INPUT ILLEGAL: IN=eth0 OUT=
> MAC=00:a0:cc:28:56:c4:00:09:b6:13:9a:7c:08:00 SRC=155.66.220.73
> DST=173.23.214.22 LEN=88 TOS=0x00 PREC=0x00 TTL=124 ID=4708 DF PROTO=TCP
> SPT=1292 DPT=22 WINDOW=64164 RES=0x00 ACK PSH URGP=0
> The MAC display in log is really strange(the length is much longer), can
any
> one explain?

What is logged is not MAC _address_, but the whole ethernet _header_ (MAC
layer). Thus, you can read it as follows :

    DST MAC : 00:a0:cc:28:56:c4
    SRC MAC : 00:09:b6:13:9a:7c
    PROTO : 08:00 (IP)

My 0.02?

-- 
Cédric Blancher  <blancher@xxxxxxxxxxxxxxxxxx>
Consultant en sécurité des systèmes et réseaux  - Cartel Sécurité
Tél: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99
PGP KeyID:157E98EE  FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux