The switch have a database with mac addresses and the port where it is attached. When it "reads" a packet from the network, it checks the destination mac address. If it is a broad/multicast it is sent to all ports. Else, the switch lookup the database and there are three options:
1. The address isn't in the database: The packet is sent to all ports.
2. The address is in the database and is in the same port where the packet come from: The packet is droped.
3. The address is in the database and is in other port: The packet is bridged to that port.
The database is constantly updated using the source addresses of the packets that passes through the switch/bridge.
If you send a packet with a fake mac address, the database is updated, and the target machine can stop receive the packets, but when it sends any packet the databases are updated again, and you stop receiving packets.
Slashdot Mirror
It's easy, if you use a raw socket.
Who puts the mac address in the packet is the IP, and using raw sockets you can skip the IP.
The switch have a database with mac addresses and the port where it is attached. When it "reads" a packet from the network, it checks the destination mac address. If it is a broad/multicast it is sent to all ports. Else, the switch lookup the database and there are three options:
1. The address isn't in the database: The packet is sent to all ports.
2. The address is in the database and is in the same port where the packet come from: The packet is droped.
3. The address is in the database and is in other port: The packet is bridged to that port.
The database is constantly updated using the source addresses of the packets that passes through the switch/bridge.
If you send a packet with a fake mac address, the database is updated, and the target machine can stop receive the packets, but when it sends any packet the databases are updated again, and you stop receiving packets.