DLT Types

[Muhammad Farooq-i-Azam <farooq_a_azam () yahoo com>]

Hello,

I am trying to develop a small experimental sniffer of
my own using libpcap. However, I am confused about DLT
types. I'll be thankful if somebody cares to explain
this. The only place I could find some information was
net/bpf.h in my linux box or an old mail archived at
this list.

1- What are DLT_RAW and DLT_NULL? Please pardon my
ignorance, but just when should I expect
pcap_datalink() to return DLT_RAW or DLT_NULL. (What
is RAW IP and what kind of applications use it?) I
believe they do not correspond to any physical
entity/hardware on the network and these are used as
abstractions to facilitate something which I do  not
know.

2- When I try to capture packets from my loopback
interface, pcap_datalink() returns DLT_EN10MB. Why?
Then what is DLT_LOOP for? And what is more confusing,
I read somewhere that getting DLT_NULL from
pcap_datalink() will imply a loopback interface!!!


Thanks in advance.

Farooq-i-Azam

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe