Menu
Code snippet from here:
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
....
/* retireve the position of the ip header */
ih = (ip_header *) (pkt_data +
14); //length of ethernet header
....
But this image doesn't say it's necessarily 14:
(source: lewis at www.dcs.gla.ac.uk)
How should I do it properly?
589
In 802.3, both the source and destination addresses are 48-bit MAC addresses. 6+6+2=14
131
Yes, it's 14 in most cases for an end-station scenario. Except the case when you have an 802.1Q frame, that would throw you off by another 4 bytes. 802.1Q is primarily used for VLAN tagging and QoS on router/router communication.
The preamble and start frame delimiter are mostly used by low level firmware to capture a frame. By the time when we (application) have access to an ethernet frame, in general we don't have the preamble nor the start frame delimiter.
From what I can recall the 2 byte length of mac address was part of Ethernet I which never really gained acceptance. And the Ethernet II/802.3 that is having 6 byte addresses is the real common ethernet that we are using nowadays.
Also want to mention that the padding is 0-46, where 46 came from the minimum 64 bytes constraint on ethernet frame for collision detect (CD) purpose. 46(pad) + 14(dmac,smac,type) + 4(CRC) = 64 bytes
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
