I have a quick question on this matter: I have a local network consisting of a proxy server to the internet, a w2k box and a linux box. The three boxes are connected using a layer 2 (hw adress) switch.
I spoofed the mac adress of the linux box using ifconfig to the mac adress of the w2k box. So in the arp tables of the proxy, both the linux and the w2k box have the same mac adress. However, when I run tcpdump on the linux box, and I start surfing the net using the w2k box, I do not see the packets of the w2k box on the linux box, despite they both have the same mac adress.
How is this possible? Does the switch only forward packages to 1 port and refuses 2?
It got me puzzled. I expected to see the w2k packages on the linux machine after the spoof.