From 9977ec6012452bfc5053dbc90aed53f55064c86b Mon Sep 17 00:00:00 2001 From: Vadim Kochan Date: Tue, 16 Jun 2015 04:10:19 +0300 Subject: netsniff-ng: Add dissector for Linux "cooked" packets Added dissector_sll.c which uses sockaddr_ll to lookup & print higher L3 layer protocol. This dissector is mapped by LINKTYPE_LINUX_SLL link type. Sample output of dissected Netlink & Ethernet packets. Truncated manually some longer lines by "...": > nlmon0 20 1434193547s.717131169ns #6 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 824 (netlink), Addr Len 0, Src (), Proto 0x0 ] [ NLMSG Family 0 (routing), Len 20, Type 0x0003 (DONE)... > wlp3s0 52 1434194181s.436224709ns #9 [ Linux "cooked" Pkt Type 4 (outgoing), If Type 1 (ether), Addr Len 6, Src (XX:XX:XX:XX:XX:XX), Proto 0x800 ] [ IPv4 Addr (XXX.XXX.XXX.XXX => 212.42.76.253), Proto (6), TTL (64), TOS (0), ... ), CSum (0x1ef5) is ok ] [ Geo (local => Ukraine) ] [ TCP Port (45849 => 443 (https)), SN (0x1744209), AN (0x46ca9611), DataOff (8) ... [ Chr .....w.Rj).. ] [ Hex XX XX XX XX XX XX XX XX XX XX XX XX ] Signed-off-by: Vadim Kochan Signed-off-by: Daniel Borkmann --- dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'dev.c') diff --git a/dev.c b/dev.c index a29b4c1..c28fa0e 100644 --- a/dev.c +++ b/dev.c @@ -376,7 +376,7 @@ const char *device_type2str(uint16_t type) } /* Taken from iproute2 ll_addr_n2a func */ -const char *device_addr2str(const char *addr, int alen, int type, +const char *device_addr2str(const unsigned char *addr, int alen, int type, char *buf, int blen) { int i, l; -- cgit v1.2.3-54-g00ecf