Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
While checking out my iptables generated logs, I noticed that the mac address of
most of the entries were the same. The MAC address shown is also much longer
than a traditional MAC address. It's also impossible that all these entries were
generated from the same piece of equipment, so I'm left wondering, how did I
get this address in my logs?
Is this some kind of default entry generated by iptables? Is it the address of my ISP gateway?
I guess I'm a little foggy on how MAC works inside a packet. Does an internet
transmitted packet retain it's source MAC through it's whole journey, or is this
something that changes hop to hop?
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
MAC addresses are 6 octets, i.e. 48bits. They're displayed as 6 fields of 2 hex digits. These addresses are used by hardware devices to know where to send frames at the lowest network layer (link layer, AKA layer 2). Since MAC addrs are only used by hardware, the original host's MAC is not sent along the entire life of a datagram. Each hardware device that performs routing has it's own MAC, so firewalls, routers, intelligent bridges, etc all have MACs.
Quote:
Is it the address of my ISP gateway?
Close, it's the MAC of the internal interface of your broadband router.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.