Ben, I get the below warning when I try to configure vconfig for the first time. [root@arabhi] vconfig add eth0 5 WARNING: Could not open /proc/net/vlan/config. Maybe you need to load the 8021q module, or maybe you are not using PROCFS?? Added VLAN with VID == 5 to IF -:eth0:- But the 802.1q module is present in the kernel. /sys/module/8021q /proc/3802 /proc/3802/task/3802 /usr/src/kernels/2.6.9-22.EL-i686/drivers/net/wireless/ieee80211 /usr/src/kernels/2.6.9-22.EL-i686/net/8021q /usr/src/kernels/2.6.9-22.EL-i686/include/config/vlan/8021q /usr/src/kernels/2.6.9-22.EL-smp-i686/include/config/vlan/8021q /usr/src/kernels/2.6.9-22.EL-hugemem-i686/net/8021q /usr/src/kernels/2.6.9-22.EL-hugemem-i686/net/802 Thanks, Chaitra -----Original Message----- From: vlan-bounces@xxxxxxxxxxxxxxx [mailto:vlan-bounces@xxxxxxxxxxxxxxx] On Behalf Of Ben Greear Sent: Wednesday, September 27, 2006 7:05 AM To: Linux 802.1Q VLAN Subject: Re: [VLAN] 802.1Q - MAC Spoofing P Chaitra-A15829 wrote: > Thanks for the reply Ben. > > I haven't tried arp filter yet. But what I did was updated the arp > table of the other host (himadri) with the spoofed MAC address of > Linux machine. > himadri :> arp -a | grep 210 > 7:qfe0 192.2.84.210 255.255.255.255 S 00:11:11:29:78:11 > I pinged 192.2.84.210 (spoofy Linux machine) from himadri. > > The snoop at arabhi (192.2.84.210 ): > > 06:29:38.864074 00:03:ba:08:ac:eb > 00:11:11:29:78:11, ethertype IPv4 > (0x0800), length 98: IP (tos 0x0, ttl 255, id 16047, offset 0, flags > [DF], proto 1, length: 84) himadri > 192.2.84.210: icmp 64: echo > request seq 119 > 06:29:39.864080 00:03:ba:08:ac:eb > 00:11:11:29:78:11, ethertype IPv4 > (0x0800), length 98: IP (tos 0x0, ttl 255, id 16048, offset 0, flags > [DF], proto 1, length: 84) himadri > 192.2.84.210: icmp 64: echo > request seq 120 > 06:29:40.863960 00:03:ba:08:ac:eb > 00:11:11:29:78:11, ethertype IPv4 > (0x0800), length 98: IP (tos 0x0, ttl 255, id 16049, offset 0, flags > [DF], proto 1, length: 84) himadri > 192.2.84.210: icmp 64: echo > request seq 121 > There is no response from 'arabhi' (spoofy Linux machine) on this MAC > address... the switch is forwarding the frames though. > > > Do I need to change any configuration on the Linux host to associate > itself with this spoofed MAC interface ?? > > Regards, > Chaitra Are the frames being encapsulated on the VLAN? If not, they will not be delivered to the VLAN device in Linux. Try this: add vlan with VID 5 to the switch, IP addr: 10.10.1.2 add vlan with VID 5 to the Linux box, IP addr: 10.10.1.3 You should be able to ping between them, and sniffing the vlan eth0.5 device on the linux box should show traffic. This assumes that your eth0 interface is on a different subnet, perhaps 192.168.1.3.... Once that works, you can move on to arp-filter stuff. Ben -- Ben Greear <greearb@xxxxxxxxxxxxxxx> Candela Technologies Inc http://www.candelatech.com _______________________________________________ Vlan mailing list Vlan@xxxxxxxxxxxxxxx http://www.candelatech.com/mailman/listinfo/vlan
