I read your tutoral on MAC addresses but I still don't under

In a nut shell, the MAC address is hard coded (burnt into) the NIC (Network Interface Card). Every NIC has its own MAC address. It’s the physical ID of that NIC and they are as unique as your fingerprints are.

If you hack or connect to me, some of the info you leave behind on my logs are your IP and MAC address. Of course I can obtain your MAC with out you connecting to my box by other means.

If you engage in illegal activity and the police take your computer this is one of many ID’s they will look at. To change your MAC you will need a new NIC or do MAC spoofing. I have not tried but I was advised that XP can MAC spoof?

Of course I’m not instructing you to spoof or engage in any illegal activities.
If you attempt to educate yourself on spoofing then you should always have a test network or VMWare to practice.

Hope this has helped some.

First off... the mac address is the layer 2 address.. as opposed to the layer 3 ip address.. I don't know why you'd want to log a mac address unless you're on the same subnet as the guy who's attacking you ! The source mac address will change to that of the last router that it went through.. have a look if you haven't understood
www.eventhelix.com/RealtimeMantra/Networking/ip_routing.htm

That packet has been juggled around with lots of routers stripping the frame and changing it to represent their source address. Thats why you log the layer 3 address, because it never changes in the packet.

As far as spoofing a mac address I'm pretty sure nemesis can inject packets with the data link header prewritten.. though frankly I've never done this, it would only be meaningful if you spoofed the IP address.. and then seeing the return packets would mean you'd have to sniff for them.... thus you'd have to be on the same subnet (network segment).

I hope I made my point, its early in the morning and I need some coffee.


Cheers