tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: some problem in the source code

From: "Peter Sandford" <P.Sandford () lboro ac uk>
Date: Thu, 9 Dec 2004 14:55:57 -0000
There is a different header for the "any" device (DLT_LINUX_SLL), it
looks like this:

2-byte packet type
2-byte field, containing a Linux ARPHRD_value for the link layer device
type;
2-byte field, containing the length     of the link layer address of the
sender of the packet
8-byte field containing that number of bytes  of the link layer header
2-byte field containing an Ethernet  protocol type

- Pete

-----Original Message-----
From: tcpdump-workers-owner () lists tcpdump org
[mailto:tcpdump-workers-owner () lists tcpdump org] On Behalf Of Robert
Lowe
Sent: 09 December 2004 14:37
To: tcpdump-workers () lists tcpdump org
Subject: Re: [tcpdump-workers] some problem in the source code

...


But the problem is when i assign "any" or NULL to the variable "dev" ,

the program 

is capturing the packets but showing wrong destination address like

00:01:00:01:00:06

for each of the 20 packets I captured.


I just went through this... look at pcap_datalink().  If it doesn't
return DLT_EN10MB,
then you have to provide logic to deal with whatever differences there
might be in
the link layer header.  See a recent manpage for pcap, and/or check the
archives for
the thread "loopback interface and byte order".

-Robert

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: