LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
Reload this Page Understanding Linux SLL cooked capture encapsulation packet information
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 10-23-2008, 04:32 AM   #1
evilfish
LQ Newbie
 
Registered: Oct 2008
Posts: 6

Rep: Reputation: 0
Understanding Linux SLL cooked capture encapsulation packet information

Hi guys

I'm trying to write a program that can sniff packets using pcap. This works perfectly, but the problem is, that the packets i recieve is wrapped in a LINUX_SLL header.

I found a struct to parse the information out which looks like this:

Code:
struct sniff_linux_sll 
{
        u_int16_t sll_pkttype;          /* packet type */
        u_int16_t sll_hatype;           /* link-layer address type */
        u_int16_t sll_halen;            /* link-layer address length */
        u_int8_t sll_addr[SLL_ADDRLEN]; /* link-layer address */
        u_int16_t sll_protocol;         /* protocol */
};
Now I trying to use the information, but I'm afraid I don't understand how to read it correctly, or I am doing something wrong.

I'm trying to use the sll_protocol information, because i want to know what kind of protocol i will get further in the packet. But the number i get dont match up with any standards i found so far. These are some of the numbers:

2372
6181
21382
33428

And some others. These numbers seems to repeat them selves, so I guess I found some sort of ID of something. I just don't know, if it really is a protocol ID.

Do any of you have any experience in parsing or understanding of this cooked linux encapsulation, that can help me solve my problem?

Thanks in advace
 
Old 10-23-2008, 06:04 AM   #2
evilfish
LQ Newbie
 
Registered: Oct 2008
Posts: 6

Original Poster
Rep: Reputation: 0
I figured it out.

I have set the wrong casting values for the struct, which meant i got the wrong inputs. Now I got the right ones.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Capture Packet over the network aq_mishu Linux - Networking 5 03-25-2008 10:04 AM
A packet filter using libipq which uses ether type field to capture the packet can26_manish Programming 2 10-16-2007 05:35 AM
how do i read the data in the packet that i have captured after packet capture? gajaykrishnan Programming 23 04-19-2006 05:09 AM
packet capture and modification mimithebrain Programming 5 03-13-2006 09:00 PM
Network packet capture avaya Linux - Newbie 2 10-14-2002 09:37 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 07:21 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration