How are frames sent from router to guest in bridged mode?
Posted: 20. Jul 2014, 21:05
Hi all,
I'm trying to better understand how networking works in bridged mode.
Specifically, I'm trying to understand how frames get from my router to the guest (and vice versa) at that layer 2 level.
Some basic system info:
Router:
IP: 192.168.1.1
MAC: 10:BF:48:E6:3A:4D
Host: Mac OSX 10.9.4
iface: en0 wireless
IP: 192.168.1.117
MAC: b8:f6:b1:1a:67:43
Guest: Ubuntu 12.04 64 bit
iface: eth0
IP: 192.168.1.115
MAC: 08:00:27:d3:87:e1
When I run tcpdump on my host, and curl google dot com from the guest, I notice the following headers
Layer 2 (src/dest): b8:f6:b1:1a:67:43 > 10:bf:48:e6:3a:4d,
Layer 3 (src/dest): 192.168.1.115.39061 > 74.125.226.129.80
However, when i run tcpdump on my guest, and curl google dot com from the guest, I get the following:
Layer 2: 08:00:27:d3:87:e1 > 10:bf:48:e6:3a:4d
Layer 3: 192.168.1.115.39061 > 74.125.226.129.80
I'm trying to understand why there is a discrepancy at the Layer 2 level, and to better understand what is truly happening at this level.
Intuitively, I would think that when I send packets from my guest to my router, at the Layer 2 level I would use the guest mac address as source and the router mac address as destination. Then when data comes back from google, my router would use the guest mac address as dest, and its own mac address as source (just like tcpdump
shows on the guest computer). However, I don't think this is what is happening because running arp -a on my router shows both guest and host IP pointing to the host mac address. So the router knows nothing about the guest MAC address.
Can anyone provide clarification as to what is truly happening at the layer 2 level and why tcpdump shows different layer 2 headers when run from guest and host?
I'm trying to better understand how networking works in bridged mode.
Specifically, I'm trying to understand how frames get from my router to the guest (and vice versa) at that layer 2 level.
Some basic system info:
Router:
IP: 192.168.1.1
MAC: 10:BF:48:E6:3A:4D
Host: Mac OSX 10.9.4
iface: en0 wireless
IP: 192.168.1.117
MAC: b8:f6:b1:1a:67:43
Guest: Ubuntu 12.04 64 bit
iface: eth0
IP: 192.168.1.115
MAC: 08:00:27:d3:87:e1
When I run tcpdump on my host, and curl google dot com from the guest, I notice the following headers
Layer 2 (src/dest): b8:f6:b1:1a:67:43 > 10:bf:48:e6:3a:4d,
Layer 3 (src/dest): 192.168.1.115.39061 > 74.125.226.129.80
However, when i run tcpdump on my guest, and curl google dot com from the guest, I get the following:
Layer 2: 08:00:27:d3:87:e1 > 10:bf:48:e6:3a:4d
Layer 3: 192.168.1.115.39061 > 74.125.226.129.80
I'm trying to understand why there is a discrepancy at the Layer 2 level, and to better understand what is truly happening at this level.
Intuitively, I would think that when I send packets from my guest to my router, at the Layer 2 level I would use the guest mac address as source and the router mac address as destination. Then when data comes back from google, my router would use the guest mac address as dest, and its own mac address as source (just like tcpdump
shows on the guest computer). However, I don't think this is what is happening because running arp -a on my router shows both guest and host IP pointing to the host mac address. So the router knows nothing about the guest MAC address.
Can anyone provide clarification as to what is truly happening at the layer 2 level and why tcpdump shows different layer 2 headers when run from guest and host?