C PF_PACKET Link-layer Processing
-
11-04-2021 - |
문제
I'm trying to figure out the data structure that is stored in 'buffer' after the following:
sock=socket(PF_PACKET, SOCK_RAW, htons(ETHERTYPE_IP));
recvfrom(sock, buffer, 2048, 0, NULL, NULL);
I'd like to be able to poke into the data structure and read in the link-layer, IP layer, and TCP layer if it is a TCP packet. I tried the man pages, and some header files, but have it's just all over the place.
Thanks in advance.
해결책
I believe what you're after is the RFC that specifies how IP is encapsulated in Ethernet. Sadly that RFC is very thin, but a more recent RFC includes significantly more detail.
다른 팁
This is the raw bits that go over the wire (OSI layer 2). The man page for packet explains it pretty well.
What I would do is to get the output of this and compare it to the output of a Wireshark session looking at the same data. You then should be able to correlate the two and see what's going on.