Wireshark · Wireshark-dev: Re: [Wireshark-dev] ICMP and endian-ness issue

Wireshark-dev: Re: [Wireshark-dev] ICMP and endian-ness issue

From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>

Date: Fri, 18 Sep 2009 15:24:13 -0600


On Sep 18, 2009, at 2:49 PM, Maynard, Chris wrote:

Yes, but RFC 792 also says in the Introduction:

            ICMP, uses the basic support of IP as if it were a higher

level protocol, however, ICMP is actually an integral part of IP,and

  must be implemented by every IP module.

So if ICMP is technically an integral part of IP, then it follows that
ICMP should use the byte ordering as defined by Appendix B of RFC 791
... shouldn't it?

It's clear that the intent was to increment the sequence #, so IMO,
Windows got it completely wrong in this case.

Would it help to introduce something similar to the relative TCPsequence numbers in the TCP dissector? I know it seems like a lot ofwork to work around weirdness in Windows, but it's something to thinkabout.



Steve

Follow-Ups:
- Re: [Wireshark-dev] ICMP and endian-ness issue
  - From: Maynard, Chris

References:
- [Wireshark-dev] ICMP and endian-ness issue
  - From: Maynard, Chris
- Re: [Wireshark-dev] ICMP and endian-ness issue
  - From: Guy Harris
- Re: [Wireshark-dev] ICMP and endian-ness issue
  - From: Maynard, Chris

Prev by Date: Re: [Wireshark-dev] ICMP and endian-ness issue
Next by Date: Re: [Wireshark-dev] ICMP and endian-ness issue
Previous by thread: Re: [Wireshark-dev] ICMP and endian-ness issue
Next by thread: Re: [Wireshark-dev] ICMP and endian-ness issue
Index(es):
- Date
- Thread