The partial global header in a pcap captured in Linux with a proprietary application, streamed from a browsing PC:
Magic Number: 0xa1b2c3d4
Version: 0x02000400 # the order is incorrect
The partial global header in a pcap captured simultaneously on the browsing PC port.
Magic Number: 0xd4c3b2a1
Version: 0x02000400 # order is correct
The question is why does Wireshark decode the Linux capture correctly if the Version# is not swapped, as it should have been as indicated by the magic number order?
My problem is with a third application that does NOT read the linux pcap.
Thanks,
Seth
On Wed, Jun 25, 2008 at 11:00 AM, Luis EG Ontanon <
luis@xxxxxxxxxxx> wrote:
which kind of file?
On Wed, Jun 25, 2008 at 3:59 PM, sr <
s1redh@xxxxxxxxx> wrote:
> I have two identical files, one in big-endian, the other in little-endian
> formats. The version number is the same 0x02000400 in both. Wireshark reads
> both files. Does it mean that the version number is not parsed?
>
> Thanks,
>
> Seth Reddy
>
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users
