i need a way to stop anything from changing my external MAC address, as my
ISP is extremely sensitive to additional MAC addresses appearing on my
external NIC.
i have done
sudo nmcli conn mod eno1 802-3-ethernet.cloned-mac-address permanent
and it's improved matters, but here's an example of it going wrong even
so, from "tcpdump -n -n -e -i eno1 src 185.219.108.121" (which is my ipv4):
10:23:58.210653 ac:1f:6b:6c:5a:6e > bc:30:5b:f7:3e:c8, ethertype IPv4 (0x0800), length 114: 185.219.108.121.53002 > 198.252.206.25.443: Flags [P.], seq 2018:2066, ack 5333, win 501, options [nop,nop,TS val 4035938817 ecr 1709670339], length 48
10:23:58.405154 ac:1f:6b:6c:5a:6e > bc:30:5b:f7:3e:c8, ethertype IPv4 (0x0800), length 66: 185.219.108.121.44534 > 216.58.212.234.443: Flags [.], ack 21641, win 501, options [nop,nop,TS val 805137946 ecr 1062125308], length 0
10:23:58.447030 ac:1f:6b:6c:58:2d > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 185.219.108.1 tell 185.219.108.121, length 46
10:23:58.447466 ac:1f:6b:6c:58:2d > bc:30:5b:f7:3e:c8, ethertype IPv4 (0x0800), length 342: 185.219.108.121.68 > 185.219.108.1.67: BOOTP/DHCP, Request from ac:1f:6b:6c:58:2d, length 300
10:23:58.629131 ac:1f:6b:6c:5a:6e > bc:30:5b:f7:3e:c8, ethertype IPv4 (0x0800), length 98: 185.219.108.121 > 8.8.8.8: ICMP echo request, id 105, seq 67, length 64
note the first two frames coming from ac:1f:6b:6c:5a:6e, the real MAC
address, which has been happily all over the headers of the previous
several thousand frames, but then two frames from ac:1f:6b:6c:58:2d, which
*utterly* screw up my connection to my ISP. the old MAC address continues
to be on some of the outgoing traffic.
i have some grounds for thinking that the first or second frame with the
"bad" mac address is always a BOOTP/DHCP frame, so i'm open to the idea
that this is dhclient being "helpful", rather than NM.
does anyone have any idea which daemon or service is responsible for this
MAC-rebadging, and/or how i might stop it?
--
Tom Yates - https://www.teaparty.net