Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need to spoof the destination MAC address in a packet that is being sent to a test printer in a private test environment. What I have been doing so far is using the program 'macchanger' to change the source MAC where the packets are being generated and then using the program 'hping' to modify the source and destination IP address as well as the ports. I'm unable to find any information on how to change the MAC for the destination. Has anyone succeeded in doing this?
If you want to have the destination MAC address in a packet be something other than what it actually is on the network, make a static entry in the arp cache. You should be able to do this with arp -s. See the man page on arp for details.
I don't see how this will work on your network though. Let's say your printer has an IP address of 192.168.1.1 and a MAC address of aa:bb:cc:dd:ee:ff. If you create a static entry in the arp cache so that 192.168.1.1 has a MAC address of ff:ee:dd:cc:bb:aa, when the packet is transmitted, IF your printer ever receives it, it will ignore the packet because it doesn't have it's destination address in it.
If you're on a switched network, your printer may never even receive the packet. Your switch will look up the MAC address in it's bridging table. If you've used the MAC address of another valid device on your network, your switch will transmit the packet on the port that device is attached to, not the port your printer is attached to. If the MAC address you've used is not already in your switches bridging table, it may or may not forward the packet at all.
well messing with the arp tables was not an option that we were fond of. what i did end up finding was a utility called 'packETH' (packeth.sf.net) that is capable of faking the source/dest mac and many other options, then forming the packet and sending at any rate/duration desired. check it out for those of you who would like to do such things for testing purposes. in this scenario we were trying to crash a new printer that was being put into production.
this was on a closed network and we just wanted to generate packets that were not only destined for the printer itself but arbitrary packets that were randomly generated (mac destination being one of the factors).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.