jaiswal.vikash@xxxxxxxxx wrote:
Please correct me if I'm wrong , but as per my understanding , if I have
a file "test" with the above values as content then the below command
will generate an IP packet using these values and add some dummy
ethernet header values to it.
Command : text2pcap test test123.pcap
No, it generates an *Ethernet* packet using those values; that's the
default behavior. To add a dummy Ethernet header, you use the "-e" flag.
As that packet was handled in Wireshark, it obviously already has an
Ethernet header; that's what the first 14 bytes of the packet are.
Therefore, you don't want a dummy Ethernet header added to that packet.
Therefore, if it's an IP packet, the bytes *after* the first 14 start
with an IP header, so:
So could you please tell me which values from above would correspond to
IP header portions like :
1) version
2)IHL
3)TOS
4)Total length
5)Identification ......... etc .
...as you already know the IP header format, it should be easy to
determine which values correspond to which IP header portions (note, for
example, that the byte right after the first 14 bytes is 0x46, which is
the version/IHL byte, so that's version 4, IHL of 6 4-byte words or 24
bytes).