Not binding to specified MAC address #92
Description
Hello,
After some punching around, I managed to get "honeyd" mostly working the way that I want. One thing that I have noticed is that I am unable to "set" the MAC address as per the documentation. For example, my configuration looks like this:
----
create windows
set windows personality "Microsoft Windows XP Professional SP1"
set windows default tcp action reset
add windows tcp port 135 open
add windows tcp port 139 open
add windows tcp port 445 open
set windows ethernet "00:1a:e2:bc:a0:01"
bind 10.55.5.200 windows
----
I can ping 10.55.5.200 and nmap it just fine. However, it appear to not be using the specified MAC address of "00:1a:e2:bc:a0:01". Below is the output.
From the workstation I am pinging from:
----
root@ubuntu:~# ping 10.55.5.200
PING 10.55.5.200 (10.55.5.200) 56(84) bytes of data.
64 bytes from 10.55.5.200: icmp_seq=1 ttl=128 time=20.1 ms
64 bytes from 10.55.5.200: icmp_seq=2 ttl=128 time=10.3 ms
----
From the Honeyd -d output:
----
honeyd[7531]: started with -P -d -f /etc/honeyd/champ.conf
honeyd[7531]: listening promiscuously on ens3: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip )) and not ether src 00:e0:4c:12:7e:93
honeyd[7531]: switching to polling mode
honeyd[7531]: Demoting process privileges to uid 65534, gid 65534
honeyd[7531]: Sending ICMP Echo Reply: 10.55.5.200 -> 10.55.5.250
honeyd[7531]: arp_send: who-has 10.55.5.250 tell 10.55.5.200
honeyd[7531]: arp_recv_cb: 10.55.5.250 at 00:e0:4c:12:7e:92
honeyd[7531]: Sending ICMP Echo Reply: 10.55.5.200 -> 10.55.5.250
honeyd[7531]: arp reply 10.55.5.200 is-at 00:1a:e2:be:cc:99
----
(Note the last line).
From the arp table of the "pinging" machine:
10.55.5.200 ether 00:1a:e2:be:cc:99 C eth0
The MAC is successful with "00:1a:e2:be:cc:99", but I would expect this to be "00:1a:e2:bc:a0:01" as per my template.
Is there any reason it's only using "part" of my specified MAC address?
Hopefully this makes sense. Thank you.