So i am reading this book and in chapter about packet sniffing i uses this
s = socket.socket(AF_PACKET, SOCK_RAW, sock.htons(0x0800))
I looked up to which protocol has the value 8 since htons(0x0800)
In the list of ip protocols 8 is EGP which i did not get why we would use this protocol and looked for more examples and got more confused one example used 0x0003 which is 3 when i looked into it more 3 is the value for GGP protocol and eth_p_all protocol at the same time.
My questions are:
1.Some protocol values seems to be same in the links i provided does socket use protocols based on family or is there something i am not getting?
2.i understand raw sockets and usage of eth_p_all but i do not understand how it diffets from ggp protocol (in regards of value they both are 3)
I found some questions regarding the issue but answers doesent explain what is the difference rather what should be used.
Sorry if i don't make sense i am very confused.
Just a note first i thought it was based on family what protocols were useb but then i found people using af_inet with eth_p_all so there goes that and i found some examples using ntohs(0x0003) this value is somewhere around 700 which got me more confused (i belive there was an error with that example but i am not sure)
Links: https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers?wprov=sfla1
https://github.com/torvalds/linux/blob/master/include/uapi/linux/if_ether.h