EBTABLES. Type of packets "otherhost"

Question

I've got a question concerning ebtables. The question is concerned with --pkttype-type option. In description of this option (MAN) I see there are four possible values:

1. broadcast
2. multicast
3. host
4. otherhost (non of the above)

Please explain me what 4-th option otherhost means. As I know packet can be broadcast, multicast and unicast. Perhaps more packet types exist which I don't know? What happens when I use option --pkttype-type otherhost?

Answer 1

From man ebtables:

a) broadcast (MAC destination is the broadcast address)

b) multi‐cast (MAC destination is a multicast address)

c) host (MAC destination is the receiving network device) This is your MAC address.

d) otherhost (none of the above). MAC addresses of other devices.

What does otherhost mean?

For Ethernet networks, for example when using Ethernet hubs, data going to some computer (with its own MAC address) connected to the Ethernet hub may be seen by any other device (with different MAC address) connected to the same Ethernet hub. You can check this behaviour using wireshark or tcpdump. With Hubs, Ethernet frames going to your computer (MAC addres of your network device as destination) may be seen by any other computer using the same Hub as you.

By default, your network device will pass to your CPU the Ethernet frames that the controller is intended to receive (broadcast, multicast or with your MAC address as destination) even if it is receiving many others (case of using Ethernet hubs)

You can change the default behaviour of your network device by means of the promiscuous mode (wireshark and tcpdump make use of this configuration)

What happens when you use option --pkttype-type otherhost?

Data intended to be received by other devices will match the ebtables rule.