Ethereal-users: [Ethereal-users] Sniffing link layer headers in Linux

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Lanfranco Salinari" <lanfranco.salinari@xxxxxxxxxxxxxx>
Date: Mon, 17 Dec 2001 09:01:22 +0100
Hello,
I am new to Linux kernel internals, and I would like to know how can a
sniffer
read whole packets, I mean including the link layer header. In the receive
path, this happens, I think,  in the net_rx_action().
In the transmit path, I know that there is a function called
dev_queue_xmit_nit() for this,
but how can a driver add a link layer header to a packet before this
function
gets called? The hard_start_xmit() of the driver is, in fact, called after
the dev_queue_xmit_nit(), (in the function dev_queue_xmit() ).
Yes, Ethereal, for example, is able to sniff packets including Ethernet
headers, but these
are added in the network layer, if I understand well what happens.
I think I'm missing something important about the subject, but I hope
someone
will answer me, anyway.
Thank you in advance,

Lanfranco