0

I was learning about spoofing attacks and now confused on IP and MAC addreses. I learned that every packets(TCP, ICMP, etc..) send from a computer have an Ethernet header which contain mac address of source and destination (Hope I'm right). Is mac address have anything to do with a computer to accept or reject a packet coming over internet? For example consider a situation:

I'm sending a spoofed packet (an HTTP GET request) with my target's ip address as IP source and port 12345, to google.com.

As i dont know the mac address of target, it is my mac address on Ethernet header of the packet as mac source.

google.com will send the HTTP response to target's IP on port 12345, will the target recieve that packet if it is listening on port 12345? Or will it be rejected due to false mac address?

And do the same apply on ICMP flooding attacks?

Rahul K
  • 665
  • 10
  • 25
  • 1
    Off-topic. But the MAC address is the unique hardware address; without that then local networks wouldn't work. I suggest reading about [ARP](http://en.wikipedia.org/wiki/Address_Resolution_Protocol). Generally speaking, MAC addresses have little to no relevance on the internet. – Oliver Charlesworth Jan 09 '13 at 16:23

2 Answers2

2

The MAC address is the hardware address.

If I send a packet to an IP address, at the network level the packet is routed to the MAC (hardware) address. That will usually be a hardware device en route to the given IP address. So a packet sent across the internet will be routed via various devices, and at each stage the packet is directed to a different MAC address.

As such, the MAC address can identify a particular device.

Brian Agnew
  • 268,207
  • 37
  • 334
  • 440
  • 1
    maybe mention the OSI layers as well. IP is layer3, whereas MAC addresses are handled on layer 2. Maybe that already clearifies most: http://en.wikipedia.org/wiki/OSI_model – Najzero Jan 09 '13 at 16:27
  • So the MAC destination in my packet is the address of my router, isn't it? And in a normal communication over internet the server will not able to know source's mac address. Am I right? – Rahul K Jan 09 '13 at 16:31
  • @rahul - that's correct. If I'm talking to a server across the world, it's MAC address would appear to me to be the router, not the actual server – Brian Agnew Jan 09 '13 at 17:52
0

If you take a look with Wireshark you will see there is more going on behind the scenes other than just the HTTP sent to google.com. You should see a some sort of DNS request then followed by an ARP request (if using IPv4 ... otherwise Neighbor Discovery is used).

The DNS request will get you the IP associated with the google.com host name and then the ARP request will give you MAC address associated with a particular IP address.

Though with increased complexity in your network topology such as an addition of routers, gateways, and a proxy .... this will not be quite so clear as stated above.

cottonke
  • 131
  • 10
  • My brain has turned to mush; would you see an ARP request for an internet request? Surely the client knows that the IP address of the host (as returned from DNS) is outside the subnet, and just throws it at the default gateway. – Oliver Charlesworth Jan 09 '13 at 16:31
  • Probably not in the case of actually going out to google.com, but you would in my simplified case where it is all a local network and there is just a switch/router between you and the host google.com (don't ask me why you have a host named google.com ... you just do). – cottonke Jan 09 '13 at 18:05