tcpdump mailing list archives
Obtaining MAC on OSX using AF_LINK
From: Mathew Rowley <mathew.rowley () gmail com>
Date: Thu, 30 Dec 2010 18:00:01 -0700
I am trying to understand how to get the MAC address when a pcap_addr family is of type AF_LINK. It seems that the
pacap_addr.sa_data should be of type (struct sockaddr_dl*) but then the sockaddr_dl sdl_alen is of variable size (I was
expecting), and LLADDR doesnt help much. Any insight? Here is the sample code and output:
OUTPUT:
link sdl_alen: 101
mac : 64:ffffffb9:ffffffe8:ffffffb7:ffffffb8:06
link sdl_alen: 102
mac : 64:ffffffb9:ffffffe8:ffffffff:fffffffe:ffffffb7
link sdl_alen: 118
mac : 63:30:00:1c:42:00
link sdl_alen: 101
mac : fffffff8:1e:ffffffdf:ffffffd6:22:1d
link sdl_alen: 118
mac : 63:31:00:1c:42:00
link sdl_alen: 108
mac : 00:00:00:00:00:00
CODE:
int main() {
pcap_if_t *alldevs;
pcap_if_t *d;
pcap_addr_t *alladdrs;
pcap_addr_t *a;
struct sockaddr_dl* link;
char eb[PCAP_ERRBUF_SIZE];
char *addr_buf[40];
if (pcap_findalldevs(&alldevs, eb) == -1) {
printf("no devs found\n");
return(-1);
}
for (d = alldevs; d != NULL; d = d->next) {
alladdrs = d->addresses;
for (a = alladdrs; a != NULL; a = a->next) {
if(a->addr->sa_family == AF_LINK && a->addr->sa_data != NULL){
// MAC ADDRESS
//struct sockaddr_dl *sdl = (struct sockaddr_dl *) a->addr->sa_data;
link = (struct sockaddr_dl*)a->addr->sa_data;
char mac[link->sdl_alen];
memcpy(mac, LLADDR(link), link->sdl_alen);
printf("link sdl_alen: %i\n", link->sdl_alen);
printf("mac : %02x:%02x:%02x:%02x:%02x:%02x\n", mac[1], mac[2], mac[3], mac[4], mac[5],
mac[6]);
}
}
}
}
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Obtaining MAC on OSX using AF_LINK Mathew Rowley (Dec 30)