I like when things work but I get a strange feeling it if I can’t explain why. Here’s a scenario that works perfectly well but I can’t figure out why. Maybe a Wifi Ueber-Geek can help:
I’ve used a Linksys WRT54 access point configured to AP client mode (bridged) to connect to a Siemens Wifi Access Point. Connected to the WRT54 are two notebooks, each via one Ethernet port. When the cable is plugged in both were assigned an IP address by the DHCP server running on the Siemens AP (192.168.40.20 and 192.168.40.73). Both can communicate with the Internet over the single wireless link just fine. What I wanted to test with this scenario was how the Ethernet MAC addresses of the two notebooks and the WRT54 access point are used on the wireless link.
To my great surprise the Siemens AP always uses the Ethernet MAC address of the WRT54 when packets are sent to one of the notebooks. But how does the WRT54 then know which notebook (which Ethernet port) it should deliver it to? On the notebook the incoming packet contains its MAC address. This means that the WRT54 must have changed the MAC address in the destination field. But why does it do that and how can it know which MAC address to use? I am thoroughly confused.
I’ve documented the result in the two pictures below. The first picture shows how the packet looks like when its received on the WRT54. The destination address in the 802.11 header is the WRT54 (Cisco-Li…, traced with Kismet on the WRT54). The same packet on the notebook (traced with Wireshark) suddenly contains the notebooks MAC address in the destination field of the of the Ethernet II header (Uniwil…). It’s not IP routing since the notebooks and the Siemens AP behind the wireless link are all in
the same subnet. It’s also not Layer 2 bridging since the MAC address
Does anyone have an explanation for this?