I used tcpdump to capture a single IP packet:
tcpdump -c 1 -w data ip
or something like that (don't remember the exact syntax right now). I got a
file called data that was 1554 bytes long. Using od -x, I found the IP
frame and am able to successfully decode it. This accounts for exact 1500
bytes of the captured data.
There is an additional 54 bytes of data that is prepended to the IP packet.
What is this data? What protocol(s) encapsulate an IP packet? How do I
interpret this data? I've been searching on www.protocols.com for relevant
datalink layer protocols, TCP/IP protocols, and a few others, but I can't
find anything that matches up. I have been able to identify the MAC
addresses of the Ethernet cards in this 54 bytes of data, but that only
accounts for 12 bytes.
Any help would be appreciated.
Thanks.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
