diff --git a/pkg/security/ebpf/probes/rawpacket/pcap.go b/pkg/security/ebpf/probes/rawpacket/pcap.go
index 8ffc7c451c6ab..2263e73750d43 100644
--- a/pkg/security/ebpf/probes/rawpacket/pcap.go
+++ b/pkg/security/ebpf/probes/rawpacket/pcap.go
@@ -29,6 +29,10 @@ const (
 
 	// packetCaptureSize see kernel definition
 	packetCaptureSize = 256
+
+	// raw packet data, see kernel definition
+	structRawPacketEventDataSize   = 256
+	structRawPacketEventDataOffset = 100
 )
 
 // ProgOpts defines options
@@ -188,12 +192,6 @@ func filtersToProgs(filters []Filter, opts ProgOpts, headerInsts, senderInsts as
 func FiltersToProgramSpecs(rawPacketEventMapFd, clsRouterMapFd int, filters []Filter, opts ProgOpts) ([]*ebpf.ProgramSpec, error) {
 	var mErr *multierror.Error
 
-	const (
-		// raw packet data, see kernel definition
-		dataSize   = 256
-		dataOffset = 164
-	)
-
 	opts.tailCallMapFd = clsRouterMapFd
 
 	headerInsts := append(asm.Instructions{},
@@ -209,9 +207,9 @@ func FiltersToProgramSpecs(rawPacketEventMapFd, clsRouterMapFd int, filters []Fi
 		asm.Return(),
 		// place in result in the start register and end register
 		asm.Mov.Reg(opts.PacketStart, asm.R0).WithSymbol("raw-packet-event-not-null"),
-		asm.Add.Imm(opts.PacketStart, dataOffset),
+		asm.Add.Imm(opts.PacketStart, structRawPacketEventDataOffset),
 		asm.Mov.Reg(opts.PacketEnd, opts.PacketStart),
-		asm.Add.Imm(opts.PacketEnd, dataSize),
+		asm.Add.Imm(opts.PacketEnd, structRawPacketEventDataSize),
 	)
 
 	senderInsts := asm.Instructions{
diff --git a/pkg/security/ebpf/tests/raw_packet_test.go b/pkg/security/ebpf/tests/raw_packet_test.go
index e0238036542e5..851ea406cd12f 100644
--- a/pkg/security/ebpf/tests/raw_packet_test.go
+++ b/pkg/security/ebpf/tests/raw_packet_test.go
@@ -67,7 +67,7 @@ func testRawPacketFilter(t *testing.T, filters []rawpacket.Filter, expRetCode in
 	if expRetCode != -1 {
 		assert.Nil(t, err, "program execution error")
 	}
-	assert.Equal(t, expRetCode, code, "return code error: %v", err)
+	assert.Equal(t, expRetCode, code, "return code error: %v, check the `struct raw_packet_event_t` and adapt the `structRawPacketEventData*` const", err)
 }
 
 func TestRawPacketTailCalls(t *testing.T) {