Help to explain the trace ?

  • Thread starter Thread starter Polaris
  • Start date Start date
P

Polaris

Hi: I have a Ethereal trace below (3 lines), which shows something that I do
not understand:



Ethernet II, Source: 00:04:19:00:00:01 (7.0.0.132), Destination:
00:ff:e0:e9:12:00 (7.0.0.9)

Internet Protocol, Source Addr : 7.0.0.132, Destination Addr : 192.168.0.27

User Datagram Protocol: Source Port: 4156, Destination Port: Domain (53)





7.0.0.9 is a DHCP server, 7.0.0.132 is a client. My question is:

How come in the Link Layer (Ethernet), the destination addr (7.0.0.9) is
different from the one in the IP Layer (192.168.0.27) ? Any
help/explanation is appreciated!



Thanks In Advance!

Polaris
 
192.168.0.27 is on a different subnet from 7.0.0.132, so at the ethernet
layer the packet must be sent to a router. The router chosen was 7.0.0.9,
which has a MAC address of 00:ff:e0:e9:12:00.

Cheers,

Mike
 
Thanks for your info.

Forgot to mention, this is a DNS packet. As I understand it, there is no
routing information in the Ethernet Layer becasue there is no information
about IP addresses on source and destination; and the "destination address"
carried in the Ethernet Layer is the real final address of the target
machine. Am I correct?

Polaris
 
Yes and no. You're correct that layer 2 has no IP information. However the
"destination address" is an IP address not an ethernet address (or more
commonly known as a MAC Address). The MAC address is re-written as it
traverses routers, while the destination IP address never changes.
 
Thank you all for your help!

Polaris

Neteng said:
Yes and no. You're correct that layer 2 has no IP information. However the
"destination address" is an IP address not an ethernet address (or more
commonly known as a MAC Address). The MAC address is re-written as it
traverses routers, while the destination IP address never changes.
Click to expand...
 
Back
Top