I wrote a small application to try to display the protocol headers of captured packets. All my packets are captured with libpcap's pcap_loop. The way my program works is as follows: I wrote my own headers based of the structures defined in if_ether.h ip.h and tcp.h. pcap_loop sets a char pointer to the beginning of the packet, and I then step through the packet, casting to the appropriate structure each time, and incrementing the pointer by the size of the header. Now it's important to remember my question isn't code specific; my code works but there are logical flaws I dont undestand; Keep in mind my packets are sent over the same machine, different port(I wrote tiny python server that I send data to with telnet):
1.the ethernet header doesn't display anything that looks correct when packets are sent over localhost (When I use my program on internet packets, MAC adresses are dosplayed correctly though)
2.Through trial and error, I've determined that the structure iphdr starts exactly 16 bytes after the start of the packet buffer, as opposed to the expected 14 bytes, the size of the ethernet header
Those observations lead me to ask the following questions: When packets are sent over local host, do we use another protocol on layer 2? Is there anything at all that separates the packet headers? Are the iphdr and tcphdr structures defined in ip.h and tcp.h obsolete?
