If we recall how the headers are layered from this chapter's introduction, the first layer we will need to peel off is the Ethernet (Link layer) header. It looks like this:
The hardware will filter out the preamble, so we will not have access to it, but we need to retrieve the following elements:
Destination Address: This is the MAC address of the computer that this packet is being sent to
Source Address: This is the MAC address of the computer that this packet came from
Type: This is used to indicate the type of protocol that is encapsulated. Some of the common protocols are as follows:
0x0800—IPv4
0x0806—ARP
0x8035—RARP
0x86DD—IPv6
Data: This indicates the payload
Frame Check Sequence: This indicates the checksum that is added to the frame to detect transmission errors
We will build a PCAP_Headers.h
file that contains the structures and constants needed to decode the various packet headers. The entries in the PCAP_Headers.h
file for the Ethernet header are as follows:
//Ethernet...