Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2020-03-31 00:05:06 +0000

trist gravatar image

What Is The Endianness of Captured Packet Headers?

Hello,

I read here that network byte order is big-endian for TCP. This is a protocol-level property.

Two questions regarding endianness in capture files:

  1. Is it correct that captured packet headers are written in the byte order of the host that wrote the file? In other words, what determines the endianness of the headers in a frame?
  2. Building off #1, is it possible that, while a protocol-level property of TCP may be that it is big-endian, there is no guarantee that a packet that I inspect on Wireshark will have TCP headers that are written in big-endian?

For example,

The Ethernet header here displays type: IPv4 in big-endian (and so do the other headers). But this may not always be the case?

image description

Thanks!

What Is The Endianness of Captured Packet Headers?

Hello,

I read here that network byte order is big-endian for TCP. This is a protocol-level property.

Two questions regarding endianness in capture files:

  1. Is it correct that captured packet headers are written in the byte order of the host that wrote the file? In other words, what determines the endianness of the headers in a frame?
  2. Building off #1, is it possible that, while a protocol-level property of TCP may be that it is big-endian, there is no guarantee that a packet that I inspect on Wireshark will have TCP headers that are written in big-endian?

For example,

The Ethernet header here displays type: IPv4 in big-endian (and so do the other headers). But this may not always be the case?

image description

Thanks!

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2