Wireshark · Ethereal-users: Re: [Ethereal-users] tcpdump/libpcap file format

Ethereal-users: Re: [Ethereal-users] tcpdump/libpcap file format

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Fri, 22 Aug 2003 11:27:34 -0700


On Friday, August 22, 2003, at 3:56 AM, Tim Everitt wrote:

The file and packets headers are clear but the body of the packets is a
puzzle as savefile.c is very clear that "Note that the packets arealways
written in network byte order".

Actually, as of about a minute ago, the current CVS version ofsavefile.c says


 * Note that the bytes of packet data are written out in the order in
 * which they were received, so multi-byte fields in packets are not
 * written in host byte order, they're written in whatever order the
 * sending machine put them in.

because I just checked that into the libpcap CVS tree - that's a morecorrect explanation.

Follow-Ups:
- Re: [Ethereal-users] tcpdump/libpcap file format
  - From: Tim Everitt

References:
- [Ethereal-users] tcpdump/libpcap file format
  - From: Tim Everitt

Prev by Date: Re: [Ethereal-users] PPP packets capturing on Win 2000 - still no solution ?
Next by Date: [Ethereal-users] cut and paste
Previous by thread: [Ethereal-users] tcpdump/libpcap file format
Next by thread: Re: [Ethereal-users] tcpdump/libpcap file format
Index(es):
- Date
- Thread