On Wed, Mar 4, 2009 at 1:21 PM, Guy Harris <g...@alum.mit.edu> wrote: > > On Mar 4, 2009, at 9:19 AM, Gianluca Varenni wrote: > >> In the case of Windows/WinPcap, we have an internal Packet API to get the >> MAC address, the main problem is exposing such MAC address at the pcap API >> level. I actually didn't know that findalldevs was returning the MAC address >> on (some flavors of?) linux. What is the sa_family in that case? > > PF_PACKET, it appears; I suspect that means the address is a sockaddr_ll. >
I can confirm that it is PF_PACKET on linux and that the values are sockaddr_ll. It took quite a bit of searching to connect the dots, there isn't a lot of info on the net about PF_PACKET sockaddr entries and how to interpret them. Chris - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.