tcpdump mailing list archives
Re: Re[2]: sniffing and Packet demultiplexing on gif0 on Openbsd
From: Guy Harris <guy () alum mit edu>
Date: Wed, 10 Dec 2003 11:04:55 -0800
On Dec 10, 2003, at 7:29 AM, kifah Abbad wrote:
no i tried to decode the MAC adresses (source and destination), and thought itwould be coming right after the ip header (etherip)...but no luck.
Why would you think MAC addresses would come after the IP header?What comes after the IP header in a packet is the IP payload - for example, TCP payload, starting with a TCP header, if the protocol number field specifies that the payload is TCP.
The MAC addresses don't come *anywhere* in a packet from a DLT_NULL packet - there *are* no MAC addresses on those packet.
(i still assume the packets on gif0 are etherip)
That's an incorrect assumption. They aren't - there's *NO* Ethernet header anywhere in those packets.
- This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- sniffing and Packet demultiplexing on gif0 on Openbsd kifah Abbad (Dec 08)
- Re: sniffing and Packet demultiplexing on gif0 on Openbsd Guy Harris (Dec 08)
- Re[2]: sniffing and Packet demultiplexing on gif0 on Openbsd Kifah Abbad (Dec 08)
- Re: Re[2]: sniffing and Packet demultiplexing on gif0 on Openbsd kifah Abbad (Dec 10)
- Re: Re[2]: sniffing and Packet demultiplexing on gif0 on Openbsd Guy Harris (Dec 10)
- Re[2]: sniffing and Packet demultiplexing on gif0 on Openbsd Kifah Abbad (Dec 08)
- Re: sniffing and Packet demultiplexing on gif0 on Openbsd Guy Harris (Dec 08)