What [additional] information does this MAC field provide to you on the tunnel? Does this field change per packet? Is there some documentation on how to decode it? Is it a hashing of some sort, or just a hex copy of the data (IP header)?
All these questions are answered in my initial post.
It was useful, as it allowed to see what tunnel endpoint had sent a packet when it was dropped by the firewall on the tunl0 device itself. Of course the tunnel source can be seen on the eth0 device but there you cannot (or it is very difficult to) examine the encapsulated packet.
Rob
Rob,
Perhaps then I didn't glean that data...but HOW does one 'decode' that MAC then? Meaning, how do I see SRC, DST protocol number, etc.? (this might be helpful looking through kernel-mod ipt)
- Lynwood KB3VWG
-
lleachii@aol.com -
Rob Janssen