Consider a Ping Request packet arriving on a computer with 2 NICs (multi-homed PC). The packet is received on 1 of the interfaces. Now the computer has to send the Ping Response packet. To fill the source IP and source MAC address the computer does which of the following?

  • Computer first determines which interface should be used as the egress interface by looking at the Destination IP address. Destination IP address was taken from source IP address field of Ping Request packet. Once it determines egress port, it will enter that interface’s IP and MAC address in the Ping Response packet.
  • Computer takes the destination IP and MAC address of the Ping Request packet and just flips them over to fill source IP and MAC address in Ping Response packet.
  • neidu2@feddit.nl
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    I believe so, yes. The routing table should result in the PC sending the response via the direct route, as opposed to via the defGW. I’m not 100% sure, though. There could be some “default” behavior of using the same nic as the one the packet was received on, stemming from the original 192.168.2.0/24 destination.

    • driftWood@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      4 months ago

      I recently tested this using wireshark. When I run packet capture on nic1 of dstPC I see ping request packets coming, but no response packets leaving the interface. On nic2 I don’t see any packets leaving either. So kind of stumped what is happening. It seems the computer just drops the response packet and it never makes it till any nic. But still don’t have a good explanation of WHY the packet gets dropped.