Wireshark · Wireshark-dev: Re: [Wireshark-dev] [PATCH] update wiretap and sub dissector

Wireshark-dev: Re: [Wireshark-dev] [PATCH] update wiretap and sub dissector

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 30 Jan 2007 12:10:03 -0800

Charles Lepple wrote:

For instance, if I create a .pcap file with "text2pcap -l 189 ..." on
a big-endian machine, then the .pcap file seems not to have the
byte-swapped flag set.

There's no byte-swapped flag in a libpcap file. There's only a magicnumber, which is written out in host byte order on the machine on whichthe file is written; it either looks like 0xa1b2c3d4 if the file isbeing read on a machine with the same byte order, or like 0xd4c3b2a1 ona machine with the opposite byte-order.

If you create a .pcap file with text2pcap, the magic number will bewritten in the byte order of your machine, so it won't appear to bebyte-swapped.

References:
- [Wireshark-dev] [PATCH] update wiretap and sub dissector
  - From: Paolo Abeni
- Re: [Wireshark-dev] [PATCH] update wiretap and sub dissector
  - From: Charles Lepple

Prev by Date: Re: [Wireshark-dev] How do I get my dissector to work in the Display Filter
Next by Date: Re: [Wireshark-dev] [REPOST][PATCH] update USB dissector
Previous by thread: Re: [Wireshark-dev] [REPOST][PATCH] update USB dissector
Next by thread: [Wireshark-dev] proto_tree_add_item problem
Index(es):
- Date
- Thread