P Chaitra-A15829 wrote: > Thanks for the reply Ben. > > I haven't tried arp filter yet. But what I did was updated the arp > table of the other host (himadri) with the spoofed MAC address of > Linux machine. > himadri :> arp -a | grep 210 > 7:qfe0 192.2.84.210 255.255.255.255 S 00:11:11:29:78:11 > I pinged 192.2.84.210 (spoofy Linux machine) from himadri. > > The snoop at arabhi (192.2.84.210 ): > > 06:29:38.864074 00:03:ba:08:ac:eb > 00:11:11:29:78:11, ethertype IPv4 > (0x0800), length 98: IP (tos 0x0, ttl 255, id 16047, offset 0, flags > [DF], proto 1, length: 84) himadri > 192.2.84.210: icmp 64: echo > request seq 119 > 06:29:39.864080 00:03:ba:08:ac:eb > 00:11:11:29:78:11, ethertype IPv4 > (0x0800), length 98: IP (tos 0x0, ttl 255, id 16048, offset 0, flags > [DF], proto 1, length: 84) himadri > 192.2.84.210: icmp 64: echo > request seq 120 > 06:29:40.863960 00:03:ba:08:ac:eb > 00:11:11:29:78:11, ethertype IPv4 > (0x0800), length 98: IP (tos 0x0, ttl 255, id 16049, offset 0, flags > [DF], proto 1, length: 84) himadri > 192.2.84.210: icmp 64: echo > request seq 121 > There is no response from 'arabhi' (spoofy Linux machine) on this MAC > address... the switch is forwarding the frames though. > > > Do I need to change any configuration on the Linux host to associate > itself with this spoofed MAC interface ?? > > Regards, > Chaitra Are the frames being encapsulated on the VLAN? If not, they will not be delivered to the VLAN device in Linux. Try this: add vlan with VID 5 to the switch, IP addr: 10.10.1.2 add vlan with VID 5 to the Linux box, IP addr: 10.10.1.3 You should be able to ping between them, and sniffing the vlan eth0.5 device on the linux box should show traffic. This assumes that your eth0 interface is on a different subnet, perhaps 192.168.1.3.... Once that works, you can move on to arp-filter stuff. Ben -- Ben Greear <greearb@xxxxxxxxxxxxxxx> Candela Technologies Inc http://www.candelatech.com
