[VLAN] 802.1Q - MAC Spoofing

P Chaitra-A15829 chaitra at motorola.com
Tue Sep 26 18:27:20 PDT 2006 

Thanks for the reply Ben.
 
I haven't tried arp filter yet. But what I did was updated the arp table of the other host (himadri) with the spoofed MAC address of Linux machine.
himadri :> arp -a | grep 210
7:qfe0   192.2.84.210         255.255.255.255 S     00:11:11:29:78:11

I pinged 192.2.84.210 (spoofy Linux machine) from himadri.
 
The snoop at arabhi (192.2.84.210 ):

06:29:38.864074 00:03:ba:08:ac:eb > 00:11:11:29:78:11, ethertype IPv4 (0x0800), length 98: IP (tos 0x0, ttl 255, id 16047, offset 0, flags [DF], proto 1, length: 84) himadri > 192.2.84.210: icmp 64: echo request seq 119
06:29:39.864080 00:03:ba:08:ac:eb > 00:11:11:29:78:11, ethertype IPv4 (0x0800), length 98: IP (tos 0x0, ttl 255, id 16048, offset 0, flags [DF], proto 1, length: 84) himadri > 192.2.84.210: icmp 64: echo request seq 120
06:29:40.863960 00:03:ba:08:ac:eb > 00:11:11:29:78:11, ethertype IPv4 (0x0800), length 98: IP (tos 0x0, ttl 255, id 16049, offset 0, flags [DF], proto 1, length: 84) himadri > 192.2.84.210: icmp 64: echo request seq 121

There is no response from 'arabhi' (spoofy Linux machine) on this MAC address... the switch is forwarding the frames though. 
 
 
Do I need to change any configuration on the Linux host to associate itself with this spoofed MAC interface ?? 
 
Regards,
Chaitra

 
________________________________

From: vlan-bounces at candelatech.com on behalf of Ben Greear
Sent: Wed 27-Sep-06 6:25
To: Linux 802.1Q VLAN
Subject: Re: [VLAN] 802.1Q - MAC Spoofing



P Chaitra-A15829 wrote:
> Hi,
> 
> I am posting my question again in this forum.
> I sincerely appreciate if you could help on this regard. Currently I
> am stuck here..
> 
> _*My Requirement :*_
> 1. On a single Linux RedHat machine with a single interface card,
> spoof the multiple MAC addresses.
> 2. This card will be connected to (2950 cisco ) L2 switch.
> 3. On the switch tag the frames based on the Vlan tag id (802.1Q).

Did you try the arp-filter trick I mentioned in the last email?

Ben


--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com


_______________________________________________
Vlan mailing list
Vlan at candelatech.com
http://www.candelatech.com/mailman/listinfo/vlan


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://ns2.lanforge.com/pipermail/vlan/attachments/20060926/272380d7/attachment.html

More information about the Vlan mailing list