Wireshark · Wireshark-dev: Re: [Wireshark-dev] text2pcap help needed

Wireshark-dev: Re: [Wireshark-dev] text2pcap help needed

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Mon, 8 Jan 2007 23:11:27 -0800


On Jan 8, 2007, at 10:30 PM, jaiswal.vikash@xxxxxxxxx wrote:

Could anyone please explain how the above values produced suchdisplay ( version : 4 , header length : 24 , etc. ) in the wiresharkgui.


Step 1: order a copy of

	TCP/IP Illustrated, Volume 1

and read chapters 1, 2, and 3.

Step 2: armed with what you've learned from that book about the formatof Ethernet headers and IP headers, look at the first 14 bytes of datain the packet (you'll now know how that produces the display you seefor the Ethernet data in the Wireshark GUI) and then look at the next24 bytes of data after that (you'll now know how that produces thedisplay you see for the IP data in the Wireshark GUI).

References:
- [Wireshark-dev] text2pcap help needed
  - From: jaiswal.vikash

Prev by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 20334:/trunk//trunk/asn1/ansi_map/: ansi_map.asnansi_map.cnfpacket-ansi_map-template.c/trunk/epan/dissectors/:packet-ansi_map.c packet-ansi_map.h
Next by Date: [Wireshark-dev] roofnet v1
Previous by thread: [Wireshark-dev] text2pcap help needed
Next by thread: [Wireshark-dev] roofnet v1
Index(es):
- Date
- Thread