Ethernet type in wrong byte order

["Claudio Lavecchia" <Claudio.Lavecchia () eurecom fr>]

 Hello,

I am using libpcap to build a sniffer.

I define an ethernet header as follows :

/* Ethernet header */  
struct sniff_ethernet {
        u_char  ether_dhost[ETHER_ADDR_LEN];    // Destination host address 
        u_char  ether_shost[ETHER_ADDR_LEN];    // Source host address 
        u_short ether_type;                     // IP? ARP? RARP? etc 
};

The packets I sniff are then  encapsulated in the standard way: the ethernet
header precedes the Ip header, then follows the TCP header and then the
payload. Up to here, nothing strange, I just got inspired by the sniffer
code that is available on the web and that appeared several times in this
forum. In my sniffer code I open a sniffing session in the standard libpcap
way, everything seems to run smoothly.
I run the sniffer on a redhat  7.3 Linux. I use libnet libraries to generate
packets that I sniff, so that I can easily debug what happens. 
If I put an ARP packet on the wire, the sniffer will sniff a packet that
contains value 1644 in the ethernet type field of the structure
sniff_ethernet described above.
If I read ethernet encapsulation specifications, I find out that the value
corresponding to a ethernet packet carrying ARP is 0x0806. If I invert the
two bytes of this value I obtain 0x0608 which is 1644 in decimal notation.
So that is obviously a problem in the byte order. If I sniff ARP packets
using ethereal, the ethernet type value is correctly set to 0x0806, so that
means that I have a byte order issue. I am not very familiar with this kind
of issues, can anyone please explain me what is going on and possibly give
me a hint on what is the correct way to handle this kind of issues?

Thank you

Claudio