I am programming with Python and its Scapy partner. I came across a situation where I do not know if this is normal behavior from the ARP protocol or some other problem.
I have this scenario:
1 - The vm (1) machine sends an “ARP request” to another vm (2) computer with the MAC address field with a password (generated by Scapy).
2 - The vm (2) machine receives this “ARP request” with the “Source MAC address” field Spoofed and RESPONDS with “ARP Reply”. The strange part is that the vm (1) machine gets this.
Notes: I confirmed with Wireshark that the first packet (ARP Request) hits the vm (2) machine with the source MAC address field, REALLY a hoax. And intransigent mode on network interfaces is disabled, so vm machines only receive packets that are REALLY designed for their interfaces.
So my questions are:
a) Is this normal behavior from ARP?
b) Since the vm (1) machine has a different MAC address configured on your interface (real), as a response packet sent from the vm (2) machine with a different MAC address in the destination field (which is falsified, therefore does not even exist on the network) enters the vm machine (1) and is effectively processed by the vm (1) machine as a valid “ARP response”