packets captured with pcap_open_live("any", ...) seem like strange

[d00fy <d00fy () 163 com>]

hi all, recently I captured packets from ethernet with libpcap, I found out that packets which were caputred with 
pcap_open_live("any", ...)seem like strange, there are two bytes new at mac header, for instance:
00 00 00 01 00 06 00 1e     c9 56 f8 a2 f1 00 08 00
but packets which were captured with pcap_open_live("eth0", ...) are normal:
00 1e c9 56 f8 a2 00 0c      29 ee fd fd 08 00 45 10

what doe the two bytes mean? where are they from?

OS: ubuntu with kernel 2.6.23 
ps: I changed the kernel to 2.6.24, but problem exsits all the same, the two bytes change to another two.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.