Re: network byte order

[Guy Harris <guy () alum mit edu>]

On May 5, 2011, at 11:39 AM, Brian Oleksa wrote:

> Most network traffic is in network byte order and uses Big-Endian.

Actually, lots of network traffic is plain text or raw binary data (HTTP, for example), and SMB/SMB2 are little-endian 
except for the raw binary data (read and write payload) - there are other protocols that use little-endian values as 
well.

> I am trying to dissect a packet that uses Little-Endian.

Not a problem.  Either

        1) you're fetching values from the packet, and thus converting them from whatever byte order it's in to *host* 
byte order, in which case:

                for big-endian integral values, you use tvb_get_ntohs() for 2-byte values, tvb_get_ntoh24() for 3-byte 
values, tvb_get_ntohl() for 4-byte values, tvb_get_ntoh40() for 5-byte values, tvb_get_ntoh48() for 6-byte values, 
tvb_get_ntoh56() for 7-byte values, and tvb_get_ntoh64() for 8-byte values;

                for big-endian IEEE floating-point values, you use tvb_get_ntohieee_float() for single precision and 
tvb_get_ntohieee_double() for double-precision;

                for little-endian integral values, you use tvb_get_letohs() for 2-byte values, tvb_get_letoh24() for 
3-byte values, tvb_get_letohl() for 4-byte values, tvb_get_letoh40() for 5-byte values, tvb_get_letoh48() for 6-byte 
values, tvb_get_letoh56() for 7-byte values, and tvb_get_letoh64() for 8-byte values;

                for little-endian IEEE floating-point values, you use tvb_get_letohieee_float() for single precision 
and tvb_get_letohieee_double() for double-precision;

or

        2) you're just using proto_tree_add_item(), in which case for big-endian values you pass ENC_BIG_ENDIAN as the 
last argument and for little-endian values you pass ENC_LITTLE_ENDIAN as the last argument.

> Before I write my own "bit decoder"...is there any built in functions that will "convert" Little-Endian to Big-Endian 
> for me..??

No, because that's not what you want to do.  You want either to fetch data and convert it to *host* byte order if 
you're going to look at the value in your code (for example, a message type value, which you need in order to determine 
the format of the rest of the message) or just use proto_tree_add_item() if you're just adding the value to the 
protocol tree.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe