Ethereal-users: Re: [Ethereal-users] tcpdump/libpcap file format

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Tim Everitt" <tim.everitt@xxxxxxxx>
Date: Mon, 25 Aug 2003 09:12:18 +0100
Guy,

strange timing! But it doesn't clear my query. The packet's Ethernet header
(destination MAC address, source MAC address and ethernet protocol), the IP
header and so on are all in this puzzling byte order - not just the ultimate
"payload".

Regards, Tim Everitt.

----- Original Message -----
From: "Guy Harris" <guy@xxxxxxxxxxxx>
To: "Tim Everitt" <tim.everitt@xxxxxxxx>
Cc: <ethereal-users@xxxxxxxxxxxx>
Sent: Friday, August 22, 2003 7:27 PM
Subject: Re: [Ethereal-users] tcpdump/libpcap file format


>
> On Friday, August 22, 2003, at 3:56 AM, Tim Everitt wrote:
>
> > The file and packets headers are clear but the body of the packets is a
> > puzzle as savefile.c is very clear that "Note that the packets are
> > always
> > written in network byte order".
>
> Actually, as of about a minute ago, the current CVS version of
> savefile.c says
>
>   * Note that the bytes of packet data are written out in the order in
>   * which they were received, so multi-byte fields in packets are not
>   * written in host byte order, they're written in whatever order the
>   * sending machine put them in.
>
> because I just checked that into the libpcap CVS tree - that's a more
> correct explanation.
>
>