Sheez man, we don't need to be bothering Kevin and Darci (however Darci can show her cute little face anytime she wants as far as I'm concerned) We can solve the MAC Address debate real easy:
An http protocol packet has 5 layers:
The physical layer (actual computers)
The ethernet layers (this contains the MAC address of the two machines that are talking to each other - sender and reciever)
The IP layer - contains the destination ip
The TCP layer which contains the port info
and the http layer whc\ich contains the actual request
So, like I said, even though we normally do not see the ethernet layer (the MAC addresses) when we are doing our every day processing, it is there and can be detected by a packet sniffer.
here is the breakdown on a packet: from
http://www.onlamp.com/pub/a/bsd/2001...SD_Basics.html
---------------------------------------------------------------
Packet 10
TIME: 10:25:36.854420 (6.232947)
LINK: 00:00:B4:3C:56:40 -> 00:50:BA
E:36:33 type=IP
IP: biko -> genisis hlen=20 TOS=10 dgramlen=44 id=0013
MF/DF=0/1 frag=0 TTL=64 proto=TCP cksum=26A7
TCP: port blackjack -> telnet seq=3205630181 ack=0000000000
hlen=24 (data=0) UAPRSF=000010 wnd=16384 cksum=7814 urg=0
DATA:
---------------------------------------------------------------Not counting the TIME heading, there are four parts to this packet. The LINK heading represents the Layer 2 frame. Normally, this is the portion of the packet that is monitored by the NIC; you'll note that it contains the MAC address of the sending computer and the MAC address of the destination computer. There are several different types of Ethernet frames; I can tell this is an Ethernet_II frame since it contains a "type" field.
More here http://www.newartisans.com/blog_file...tcp.packet.php