ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] USB URB hex bytes not shown

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Date: Thu, 8 Apr 2010 14:45:49 -0400
Hmm, I'm still confused.  Byte order aside, the "packet details" pane contains information from the "pseudo-header".  For example, in the example capture file I sent, the URB id filed is displayed as:

	URB id: 0xffff810024eaab40

But nowhere in the "packet bytes" pane do those bytes appear.

Contrast this with the attached example of a Linux cooked capture where the cooked pseudo header is present and the hex bytes are also shown.  Selecting each of the fields within the cooked header highlights the corresponding bytes in the "packet bytes" pane.  I guess I would expect the same behavior for DLT_USB_LINUX as we get for DLT_LINUX_SLL.

- Chris


-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Thursday, April 08, 2010 2:34 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] USB URB hex bytes not shown


On Apr 8, 2010, at 11:28 AM, Maynard, Chris wrote:

> For DLT_USB_LINUX, is there any good reason why the pcap_usb_header information (from libpcap's pcap/usb.h file) is only displayed in the "packet details" pane, but the hex bytes don't appear in the "packet bytes" pane?  (See attached sample capture file containing a single frame depicting this.)

The reason is that, for better or worse, that's treated by the Wiretap library code that reads it as a "pseudo-header".

Whether that's a *good* reason is another matter.

Note that the data in question is in the host byte order of the machine on which the capture was done, so if the data were to be fetched from a tvbuff, it would have to be fetched in that byte order.  That information is available (although it gets more complicated with pcap-ng, as the byte order is per-section, *not* per-interface, so, for example, if multiple pcap-ng captures, including one or more USB interfaces, were to be merged, the pcap_usb_header information would have to be put into the appropriate byte order when writing the capture).
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.

Attachment: cookedex.pcap
Description: cookedex.pcap

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube