Can I specify the magic number in pcap files?

0

Can I save a trace file from Wireshark with a specific magic_number in the pcap header? I want to choose whether it will be 0xa1b2c3d4 or 0xd4c3b2a1, which will reflect the endianness of the platforms on which it will be used. Can I do that from Wireshark?

asked 09 Feb '12, 07:02

Kosta's gravatar image

Kosta
1111
accept rate: 0%

edited 09 Feb '12, 07:35

multipleinterfaces's gravatar image

multipleinte...
1.1k71230
One Answer:
oldestnewestmost voted
0

There is no need to specify whether the magic number is written out in little-endian or big-endian format. Wireshark will read either format on either platform. The magic number identifies the file as a pcap file and how the data is recorded, not how it will be used.

link

answered 09 Feb '12, 07:33

multipleinterfaces's gravatar image

multipleinte...
1.1k71230
accept rate: 12%

I know that wireshark can read boat formats but my question is wheter I can choose how wireshark records data in pcap file. If wireshark can read both formats, can he write in both formats too?

(09 Feb '12, 07:58) Kosta

The endianness of the output file is whatever the system endianness happens to be; Wireshark makes no specific election to use big-endian or little-endian format.

(09 Feb '12, 08:06) multipleinte...

Ok. Thanks.

(09 Feb '12, 08:41) Kosta
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×68
×6

Asked: 09 Feb '12, 07:02

Seen: 1,249 times

Last updated: 09 Feb '12, 08:41

Related questions

How to open JPEG files directly?

Write Gzip Encoded HTTP as Inflated in PCAP File

Using the wireshark pcap file capture data as Splunk Log Data

Tshark HTTP multiple files

How to know, How much data transfer occurred in captured pcap file.

How to set a different capture file format as the default one?

Error in Pcap file

Online Tutorial for reading packet capture files

how to display flowid alongwith frame number for each packet of a pcap using tshark/wireshark

Is this a PCAP file?

about | faq | privacy | support | contact

powered by OSQA