Find the answer to your Linux question:
Results 1 to 4 of 4
I am taking packet data and using libpcap pcap inject method to pass the packet onto another network. This works fine but the mac address in the packet changes to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2014
    Posts
    2

    MAc address and libpcap


    I am taking packet data and using libpcap pcap inject method to pass the packet onto another network. This works fine but the mac address in the packet changes to that of the local device been used to relay the packet. Tracing through the libpcap code the inject method calls the standard send() socket method, but from there I loose track of the calls which are updating the mac address. Where in the Linux code is the send() method? and does anybody know what I would need to do to prevent the mac address been over written in the packet.

    Thanks in advance

  2. #2
    Linux Engineer
    Join Date
    Dec 2013
    Posts
    1,188
    The source code for send will be part of glibc. It will call into kernel space where the ethernet framing is handled - net_init.c I believe. I can't think of a legitimate reason to spoof a MAC address but then I doubt doing so will accomplish much either.

  3. #3
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,512
    What gregm said. Spoofing addresses is "not a good thing". It is possible, but not simple, and it requires kernel mods to make it work. Are you a kernel-level programmer?
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  4. #4
    Just Joined!
    Join Date
    Feb 2014
    Posts
    2
    Quote Originally Posted by Rubberman View Post
    What gregm said. Spoofing addresses is "not a good thing". It is possible, but not simple, and it requires kernel mods to make it work. Are you a kernel-level programmer?
    Sorry not getting back sooner, I've done some low level kernel work, but not in this area. The version of Linux is an embedded one that I am using, I've located eth.c which contains the Ethernet layer processing. It has a method called eth_mac_addr which appears to copy the socket address to the network device. If I modified this would it provide the required effect.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •