-
Notifications
You must be signed in to change notification settings - Fork 0
Home
TaborKelly edited this page Sep 27, 2015
·
3 revisions
When reading pcap files every packet starts with a SLL Cooked Header which is in Big Endian.
| field | size | description |
|---|---|---|
| header_type | u32 | |
| arphdr_type | u16 | |
| address_length | u16 | |
| address | u8[8] | |
| protocol_type | u32 | NETLINK_ROUTE .. NETLINK_INET_DIAG |
Next comes the nlmsghdr which is Native Endian.
| field | size | description |
|---|---|---|
| nlmsg_len | u32 | Length of message including header |
| nlmsg_type | u16 | Message content |
| nlmsg_flags | u16 | Additional flags |
| nlmsg_seq | u32 | Sequence number |
| nlmsg_pid | u32 | Sending process port ID |