Analyzing tcp packet captured by Net::Pcap from ppp link.

I tried to analyze tcp packets captured by Net::Pcap from ppp link. I wrote a tiny analyzing packet program referenced the example program 'pcapdump' (which included in Net::Pcap),but the result is totally broken.

Eventually I misunderstood packets captured by Net::Pcap are always starting from ethernet frame format. In real, those are NOT. The correct format of packets of Net::Pcap is valiable, depending on what interface captureing from, what type of packet.At least capturing from ppp link under my linux box, the captured packet data has DLT_LINUX_SLL link header. (About DLT_LINUX_SLL,and other link type, see the man page of pcap-linktype (7))

I haven't yet understood whole format capturing by Net::Pcap, however I wrote tiny program analyzing the packet from ppp link.This codes work enough,at least in my purpose. 

#!/usr/bin/perl
use strict;
use warinings;
use Net::Pcap qw(:functions);
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::TCP;
#...initialize pcap,and do pcap_open_live ...
my $link_type_name=pcap_datalink_val_to_name(pcap_datalink($pcap));
pcap_loop($pcap,-1,\&process_packet,$link_type_name);
#...snip...
sub process_packet {
      my ($link_type_name,$header,$packet)=@_;
      my $payload_stripped_linkheader;
      my $protocol_type_of_linkheader;
      use bytes;
      if ($link_type_name eq "LINUX_SLL" ) {
          # This code is an example,and at least good enough for my purpose. 
          # The best codes are shown in sll_if_print() (print-sll.c in tcpdump). 
          $payload_stripped_linkheader=substr($packet,16);
          $protocol_type_of_link_header=unpack("n",substr($packet,2+2+2+8,2));
      } else {
          # This is not correct code. However, at this moment,I ignore other format.
          my $eth_obj=NetPacket::Ethernet->decode($packet);
          $payload_stripped_linkheader=$eth_obj->{data};
          $protocol_type_of_link_header=$eth_obj->{type};
      }
      if ($protocol_type_of_link_header != 0x0800) {
           warn "uh? this packet is not ip packet, then skip\n";
           return ;
      }
      my $ip_obj=NetPacket::IP->decode($payload_stripped_linkheader);
#      ... you can wrote next analyze ...
}