Re: sockets in SOCK_PACKET mode?

Malcolm Beattie (mbeattie@sable.ox.ac.uk)
Fri, 9 Jan 1998 16:53:26 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Matthias Urlichs: "Re: Security Anti Symlink Attack Patch for 2.1.71"
Previous message: longd: "sockets in SOCK_PACKET mode?"

longd writes:
> Please forgive if this is off topic, it seemed to me the folks on this
> list would know the most about this.
>
> I recently started playing with sockets into the interface packet layer,
> opened via a call something like this:
>
> s=socket(AF_INET,SOCK_PACKET,0);
>
> I learned about this type of socket through a small sniffer (linsniff.c).
> linsniff calls socket() like this:
>
> s=socket(AF_INET,SOCK_PACKET,htons(0x800));
>
> My question is, what is this magic number 0x800 for? I can't find it as a
> #define in any of the include files in the standard include tree. Is it
> necessary? In response to the inevitable question, yes, I am writing my
> own sniffer, simply because I want to play with packet-level sockets and I
> couldn't think of a better thing to do with them.

It's the Ethernet protocol id for IP. The constants are all of the
form ETH_P_FOO, defined in /usr/include/linux/if_ether.h. Use
ETH_P_ALL if you want to see every packet regardless of protocol.

--Malcolm

-- 
Malcolm Beattie <mbeattie@sable.ox.ac.uk>
Unix Systems Programmer
Oxford University Computing Services

Next message: Matthias Urlichs: "Re: Security Anti Symlink Attack Patch for 2.1.71"
Previous message: longd: "sockets in SOCK_PACKET mode?"