> Are you sure your TPKT has the proper endian-ness?
>
> Is wireshark detecting the proper endianness for your platform?
Well, to be honest, I'm not really sure. How can I verify this?
> > packet-tpkt.c:193: data_len = g_htons(tvb_get_ntohs(tvb,
> offset + 2));
>
> From a code readability standpoint, this is not good.
>
> The way I read this, you are getting a short from a TVB, and
> converting it from network byte order to host byte order. Then,
> g_htons() converts from host to network byte order. Strictly speaking,
> you shouldn't assign something in network byte order to a host
> variable, and then perform arithmetic on the variable in "network byte
> order" (even if it is correctly swapped).
>
> This can cause problems later on if someone tries to debug this
> problem on a big-endian platform.
>
Now that you mention... I have to ensure that our software and Wireshark
uses/displays correct endian-ness.
I'll get back to it later.