Question
I was learning about spoofing attacks and now confused on IP and MAC addreses. I learned that every packets(TCP, ICMP, etc..) send from a computer have an Ethernet header which contain mac address of source and destination (Hope I'm right). Is mac address have anything to do with a computer to accept or reject a packet coming over internet? For example consider a situation:
I'm sending a spoofed packet (an HTTP GET request) with my target's ip address as IP source and port 12345, to google.com.
As i dont know the mac address of target, it is my mac address on Ethernet header of the packet as mac source.
google.com will send the HTTP response to target's IP on port 12345, will the target recieve that packet if it is listening on port 12345? Or will it be rejected due to false mac address?
And do the same apply on ICMP flooding attacks?
Solution
The MAC address is the hardware address.
If I send a packet to an IP address, at the network level the packet is routed to the MAC (hardware) address. That will usually be a hardware device en route to the given IP address. So a packet sent across the internet will be routed via various devices, and at each stage the packet is directed to a different MAC address.
As such, the MAC address can identify a particular device.
OTHER TIPS
If you take a look with Wireshark you will see there is more going on behind the scenes other than just the HTTP sent to google.com. You should see a some sort of DNS request then followed by an ARP request (if using IPv4 ... otherwise Neighbor Discovery is used).
The DNS request will get you the IP associated with the google.com host name and then the ARP request will give you MAC address associated with a particular IP address.
Though with increased complexity in your network topology such as an addition of routers, gateways, and a proxy .... this will not be quite so clear as stated above.
https://stackoverflow.com/questions/14241640
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian