Quote:
Originally Posted by gonzo
Kevin and Darci Wood are both friends of Oprano.
If you dont know the history of how that came about remind me to link you to the boards most popular thread of all time when you have a weekend to kill....
If you dont know Darci shes was one of those lab techie chicks on G4 with Leo Laporte etc.
You can check her blog out at http://www.agirlandhermac.com
Im sure they will be wrong too though.
|
Sheez man, we don't need to be bothering Kevin and Darci (however Darci can show her cute little face anytime she wants as far as I'm concerned) We can solve the MAC Address debate real easy:
An http protocol packet has 5 layers:
The physical layer (actual computers)
The ethernet layers (this contains the MAC address of the two machines that are talking to each other - sender and reciever)
The IP layer - contains the destination ip
The TCP layer which contains the port info
and the http layer whc\ich contains the actual request
So, like I said, even though we normally do not see the ethernet layer (the MAC addresses) when we are doing our every day processing, it is there and can be detected by a packet sniffer.
here is the breakdown on a packet: from
http://www.onlamp.com/pub/a/bsd/2001...SD_Basics.html
---------------------------------------------------------------
Packet 10
TIME: 10:25:36.854420 (6.232947)
LINK: 00:00:B4:3C:56:40 -> 00:50:BA
E:36:33 type=IP
IP: biko -> genisis hlen=20 TOS=10 dgramlen=44 id=0013
MF/DF=0/1 frag=0 TTL=64 proto=TCP cksum=26A7
TCP: port blackjack -> telnet seq=3205630181 ack=0000000000
hlen=24 (data=0) UAPRSF=000010 wnd=16384 cksum=7814 urg=0
DATA:
---------------------------------------------------------------Not counting the TIME heading, there are four parts to this packet. The LINK heading represents the Layer 2 frame. Normally, this is the portion of the packet that is monitored by the NIC; you'll note that it contains the MAC address of the sending computer and the MAC address of the destination computer. There are several different types of Ethernet frames; I can tell this is an Ethernet_II frame since it contains a "type" field.
More here http://www.newartisans.com/blog_file...tcp.packet.php