When computer A sends a packet to computer D through this topology:
+-----+ +------+ +------+ +-----+
|comp.|---|bridge|---|router|---|comp.|
| A |---| B |---| C |---| D |
+-----+ +------+ ^ +------+ +-----+
|
-- Observation point
At the marked segment between bridge B and router C:
- Source MAC: Bridge B's MAC address
- Destination MAC: Router C's MAC address
Ethernet frames get rewritten at each network boundary:
- Original frame from A to D has:
- Src MAC: A
- Dst MAC: B (first hop)
- Bridge B forwards with new MACs:
- Src MAC: B
- Dst MAC: C (next hop)
You can observe this behavior using tcpdump:
tcpdump -i eth0 -e -nn -vv
Sample output would show MAC address changes at each hop.
Key points about layer 2/layer 3 separation:
| Layer | From A | At Bridge |
|---|---|---|
| Network (IP) | Src: A Dst: D |
Unchanged |
| Data Link (MAC) | Src: A Dst: B |
Src: B Dst: C |
Many engineers mistakenly believe:
- MAC addresses remain end-to-end (they don't)
- Layer 2 headers are preserved across routers (they're rewritten)
- Bridges operate purely at layer 2 (true, but affect MAC addressing)
When debugging MAC issues:
- Check ARP tables at each hop
- Verify MAC learning on bridges
- Confirm router interface MACs
When writing network code that examines MACs:
// Example Python code to check MAC changes
from scapy.all import *
def packet_callback(packet):
if packet.haslayer(Ether):
print(f"Source MAC: {packet[Ether].src}")
print(f"Dest MAC: {packet[Ether].dst}")
sniff(prn=packet_callback, count=10)
This demonstrates how MACs change between hops.
html
When Computer A sends traffic to Computer D across this hybrid network topology, the MAC addressing behavior changes at different segments. Let's analyze the specific case at the bridge-router connection point (marked "Here!" in the diagram).
Network Path: [Computer A] → [Bridge B] → [Router C] → [Computer D]
The key distinction to understand is:
- IP addresses (Layer 3) remain constant end-to-end (A→D)
- MAC addresses (Layer 2) change at each network segment
At the marked segment between Bridge B and Router C:
Source MAC: Bridge B's interface MAC (your Possibility 1 is correct) Destination MAC: Router C's receiving interface MAC
The frame cannot preserve Computer A's original MAC address because:
- Bridges operate at Layer 2 and forward frames based on MAC addresses
- Router C's interface only recognizes its directly connected MAC addresses
Here's what you might see in a packet capture:
Ethernet II, Src: Bridge_B_MAC (00:1a:2b:3c:4d:5e), Dst: Router_C_MAC (00:5e:4d:3c:2b:1a) Internet Protocol Version 4, Src: 192.168.1.10 (Computer A), Dst: 10.0.0.20 (Computer D)
Let's simulate this behavior using Python's Scapy library:
from scapy.all import *
# Simulate the bridge-router segment
def analyze_frame(pkt):
if pkt.haslayer(Ether) and pkt.haslayer(IP):
print(f"Source MAC: {pkt[Ether].src}")
print(f"Destination MAC: {pkt[Ether].dst}")
print(f"Source IP: {pkt[IP].src}")
print(f"Destination IP: {pkt[IP].dst}")
# Create the original frame (Computer A perspective)
orig_frame = Ether(src="00:11:22:33:44:55", dst="00:1a:2b:3c:4d:5e") / \
IP(src="192.168.1.10", dst="10.0.0.20") / \
ICMP()
# Process through bridge (MAC translation)
bridge_frame = Ether(src="00:1a:2b:3c:4d:5e", dst="00:5e:4d:3c:2b:1a") / \
orig_frame[IP]
analyze_frame(bridge_frame)
- MAC addresses have local segment significance only
- Router C's ARP table won't contain Computer D's MAC address
- Bridges don't preserve original MACs when forwarding between segments
In real-world networks, this behavior affects:
- Packet capture analysis at different points
- Firewall rule implementation
- QoS marking strategies
- Network troubleshooting procedures