Behavior of Spoof MAC Address communication

Question

I am programming with Python and his partner Scapy. I am facing a situation that i dont know if it is a normal behavior from ARP Protocol or some another problem.

I have this scenario:

1- A vm machine (1) sending an "ARP Request" to another vm machine (2) with Spoofed Source MAC Address field (generated with Scapy).

2 - The vm machine (2) receives that "ARP Request" with the Source MAC Address field Spoofed and RESPONDS that with an "ARP Reply". The strange part is that the vm machine (1) receives that.

Notes: I have confirmed with Wireshark that the first packet (ARP Request) gets on the vm machine (2) with the Source MAC Address Field REALLY spoofed. And the promiscous mode on networks interfaces are disabled, so, the vm machines only receive packets that are REALLY destined to their interfaces.

So, my questions:

a) Is it the normal behavior from ARP Protocol?

b) Because vm machine (1) has another MAC Address configured on your interface (the real one), how the response packet sent from vm machine (2) with another MAC Address on the Destination field (that is spoofed, so, not even exists on the network) arrives to vm machine (1) and is effectively processed by vm machine (1) like a valid "ARP Reply"??

Answer 1

The strange thing I see here that how the ARP Reply bounced back to VM(1) although it uses a spoofed MAC address..

Well, try to check on the ARP table on VM (2) and see which MAC record it holds for VM (1); probably you'll find the legitimate MAC address cached due to some communications before you spoof the MAC address.