tcpdump mailing list archives
Re: Hardware mac address with pcap/winpcap
From: Chris Morgan <chmorgan () gmail com>
Date: Wed, 4 Mar 2009 13:24:43 -0500
On Wed, Mar 4, 2009 at 1:21 PM, Guy Harris <guy () alum mit edu> wrote:
On Mar 4, 2009, at 9:19 AM, Gianluca Varenni wrote:In the case of Windows/WinPcap, we have an internal Packet API to get the MAC address, the main problem is exposing such MAC address at the pcap API level. I actually didn't know that findalldevs was returning the MAC address on (some flavors of?) linux. What is the sa_family in that case?PF_PACKET, it appears; I suspect that means the address is a sockaddr_ll.
I can confirm that it is PF_PACKET on linux and that the values are sockaddr_ll. It took quite a bit of searching to connect the dots, there isn't a lot of info on the net about PF_PACKET sockaddr entries and how to interpret them. Chris - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Hardware mac address with pcap/winpcap Chris Morgan (Mar 03)
- Re: Hardware mac address with pcap/winpcap Michael Richardson (Mar 03)
- Re: Hardware mac address with pcap/winpcap Chris Morgan (Mar 03)
- Re: Hardware mac address with pcap/winpcap Guy Harris (Mar 03)
- Re: Hardware mac address with pcap/winpcap Chris Morgan (Mar 03)
- Re: Hardware mac address with pcap/winpcap Guy Harris (Mar 03)
- Re: Hardware mac address with pcap/winpcap Gianluca Varenni (Mar 04)
- Re: Hardware mac address with pcap/winpcap Guy Harris (Mar 04)
- Re: Hardware mac address with pcap/winpcap Chris Morgan (Mar 04)
- Re: Hardware mac address with pcap/winpcap Gianluca Varenni (Mar 04)
- Re: Hardware mac address with pcap/winpcap Chris Morgan (Mar 03)
- Re: Hardware mac address with pcap/winpcap Michael Richardson (Mar 03)