Wireshark-users: Re: [Wireshark-users] Swapped major/minor question
From: sr <[email protected]>
Date: Wed, 25 Jun 2008 11:52:42 -0400

The partial global header in a pcap captured in Linux with a proprietary application, streamed from a browsing PC:
Magic Number: 0xa1b2c3d4
Version:           0x02000400 # the order is incorrect

The partial global header in a pcap captured simultaneously on the browsing PC port.
Magic Number: 0xd4c3b2a1
Version:           0x02000400 # order is correct

The question is why does Wireshark decode the Linux capture correctly  if the Version# is not swapped, as it should have been as indicated by the magic number order?

My problem is with a third application that does NOT read the linux pcap.



On Wed, Jun 25, 2008 at 11:00 AM, Luis EG Ontanon <[email protected]> wrote:
which kind of file?

On Wed, Jun 25, 2008 at 3:59 PM, sr <[email protected]> wrote:
> I have two identical files, one in big-endian, the other in little-endian
> formats. The version number is the same 0x02000400 in both.  Wireshark reads
> both files. Does it mean that the version number is not parsed?
> Thanks,
> Seth Reddy
> _______________________________________________
> Wireshark-users mailing list
> [email protected]
> https://wireshark.org/mailman/listinfo/wireshark-users

This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
Wireshark-users mailing list
[email protected]