virtualbox.org

End user forums for VirtualBox
https://forums.virtualbox.org/

arpwatch reporting host mac for VM with bridged networking?

https://forums.virtualbox.org/viewtopic.php?t=50771

Page 1 of 1

arpwatch reporting host mac for VM with bridged networking?

Posted: 4. Aug 2012, 05:04
by Steve Prior
I'm noticing that when a VM is running with a bridged network adapter on either a Windows 7 or Linux host, my network DHCP server is correctly detecting the configured MAC address of the VM, but arpwatch on that same server is reporting the MAC address of the host network adapter instead of the configured MAC address of the VM. Is this normal/expected?

Re: arpwatch reporting host mac for VM with bridged networki

Posted: 4. Aug 2012, 08:41
by BillG
I would not find that surprising. Arpwatch works at the hardware level (otherwise it would be useless). The bridge filter driver works in conjunction with the NIC device driver to sort out which IP stack to send the packet to.

Arpwatch is used to detect MAC spoofing. That is pretty much what bridged networking is doing.
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited