> Please forgive if this is off topic, it seemed to me the folks on this
> list would know the most about this.
>
> I recently started playing with sockets into the interface packet layer,
> opened via a call something like this:
>
> s=socket(AF_INET,SOCK_PACKET,0);
>
> I learned about this type of socket through a small sniffer (linsniff.c).
> linsniff calls socket() like this:
>
> s=socket(AF_INET,SOCK_PACKET,htons(0x800));
>
> My question is, what is this magic number 0x800 for? I can't find it as a
> #define in any of the include files in the standard include tree. Is it
> necessary? In response to the inevitable question, yes, I am writing my
> own sniffer, simply because I want to play with packet-level sockets and I
> couldn't think of a better thing to do with them.
0x800 is ETH_P_IP from include/linux/if_ether.h. It means that you want
to receive all packets with IP ethernet type. If you pass htons(ETH_P_ALL)
you'll get all packets.
-Andi