Wireshark mailing list archives
Re: need to read three bytes of offset
From: prashanth joshi <prashanthsjoshi2000 () yahoo com>
Date: Thu, 4 Mar 2010 10:08:37 -0800 (PST)
Thanks Harris for the response. In our case the functional spec of the company says that the offset is a three byte field. And I am reading the packets from the pcap captured on wireshark / tcpdump. Regards, Prashanth --- On Thu, 3/4/10, Guy Harris <guy () alum mit edu> wrote: From: Guy Harris <guy () alum mit edu> Subject: Re: [Wireshark-dev] need to read three bytes of offset To: "Developer support list for Wireshark" <wireshark-dev () wireshark org> Date: Thursday, March 4, 2010, 12:01 PM On Mar 4, 2010, at 7:23 AM, prashanth s wrote:
I am reading a pcap file and writing to a text file. I am getting a field offset which is supposed to be of three bytes long. How do I read it? Should I assume that the three bytes obey the network byte order or are the three bytes of offset are supposed be just read as three bytes of u_char type?
There are no 3-byte fields in the pcap per-packet header, so you must be referring to a field in a packet. Whether they're a 3-byte integral value in network byte order (big-endian byte order), a 3-byte value in little-endian byte order, 3 one-byte values, a 2-byte integral value in network byte order followed by a 1-byte value, a 2-byte integral value in little-endian byte order followed by a 1-byte value, a 1-byte value followed by a 2-byte value in network byte order, a 1-byte value followed by a 2-byte value in little-endian byte order, etc. is indicated by the specification for the protocol to which that field belongs. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- need to read three bytes of offset prashanth s (Mar 04)
- Re: need to read three bytes of offset Guy Harris (Mar 04)
- Re: need to read three bytes of offset prashanth joshi (Mar 04)
- Re: need to read three bytes of offset Guy Harris (Mar 04)
- Re: need to read three bytes of offset prashanth s (Mar 04)
- Re: need to read three bytes of offset Guy Harris (Mar 04)
- Re: need to read three bytes of offset prashanth joshi (Mar 04)
- Re: need to read three bytes of offset Guy Harris (Mar 04)
- Re: need to read three bytes of offset prashanth s (Mar 04)
- Re: need to read three bytes of offset Maynard, Chris (Mar 04)
- Re: need to read three bytes of offset prashanth s (Mar 04)
- Re: need to read three bytes of offset Jakub Zawadzki (Mar 04)
- Re: need to read three bytes of offset Guy Harris (Mar 04)
- Re: need to read three bytes of offset prashanth joshi (Mar 04)
- Re: need to read three bytes of offset Guy Harris (Mar 04)