Hi guys
I'm trying to write a program that can sniff packets using pcap. This works perfectly, but the problem is, that the packets i recieve is wrapped in a LINUX_SLL header.
I found a struct to parse the information out which looks like this:
Code:
struct sniff_linux_sll
{
u_int16_t sll_pkttype; /* packet type */
u_int16_t sll_hatype; /* link-layer address type */
u_int16_t sll_halen; /* link-layer address length */
u_int8_t sll_addr[SLL_ADDRLEN]; /* link-layer address */
u_int16_t sll_protocol; /* protocol */
};
Now I trying to use the information, but I'm afraid I don't understand how to read it correctly, or I am doing something wrong.
I'm trying to use the sll_protocol information, because i want to know what kind of protocol i will get further in the packet. But the number i get dont match up with any standards i found so far. These are some of the numbers:
2372
6181
21382
33428
And some others. These numbers seems to repeat them selves, so I guess I found some sort of ID of something. I just don't know, if it really is a protocol ID.
Do any of you have any experience in parsing or understanding of this cooked linux encapsulation, that can help me solve my problem?
Thanks in advace