Packet Analyzer - need help!

[Zenitram]

Anyone out there have a straightforward tutorial on packet analyzing? I have been trying to wrap my mind around this thing and cannot seem to understand it. The library im using is winPcap and I get an unsigned char* for incoming data. The ethernet header is in the first 48 bits? The first bit designates Individual or Group Addressing and the second bit is Globally or Locally Administered Address. And then there is 46-bit address.

I'm missing something because I don't know where I am to get the Destination address, Source address, Ether type and IP.

I also do not understand is the packets coming in are ordered left to right LSB first.

Each octet of each address field shall be transmitted least significant bit first.

does this mean that:
1337
is coming in as
8CCE ?
or
C8EC ?

I know each packet is way more than 48 bits so im guessing im goin to be going into the rest of the unsigned char*.

help

 

[noodles]

Check out etherreal. I use it in Linux and it is quite nice.

 

[Zenitram]

I cannot look for another library to parse the packet itself. This is for school so the purpose of all this is that I have to parse the packet into it's various pieces. Im looking for a straightforward tutorial on the packets themselves.

Plus the link goes to some artists website?

I will look around for EtherReal though, perhaps there is some documentation I can use on the packets. Thank you for the help! Keep it coming!

 

[Zenitram]

of course, wikipedia! cool. Finished parsing the ethernet frame. Thanks a lot!