trist's profile - activity

How Can I Change the Data in a TCP Packet's Payload? Hello, I have several Pcap files. I'd like to edit the contents of

How Can I Change the Data in a TCP Packet's Payload? Hello, I have several Pcap files. I'd like to edit the contents of

How Can I Edit The Contents of a TCP Packet in Wireshark? Hello, I have several Pcap files. I'd like to edit the conten

Thank you for your detailed response Cmaynard. Yes, I know what the endianness of CME iLink3 is. I was just wondering wh

Hello,

I read here that network byte order is big-endian for TCP. This is a protocol-level property.

Two questions regarding endianness in capture files:

1. Is it correct that captured packet headers are written in the byte order of the host that wrote the file? In other words, what determines the endianness of the headers in a frame?
2. Building off #1, is it possible that, while a protocol-level property of TCP is big-endian, there is no guarantee that a packet that I inspect on Wireshark will have TCP headers that are written in big-endian?

For example,

The Ethernet header here displays type: IPv4 in big-endian (and so do the other headers). But this may not always be the case?

Thanks!

Wow, thank you for such a detailed and easy-to-follow answer. You never stop impressing me, Guy!

What Is The Endianness of Captured Packet Headers? Hello, I read here that network byte order is big-endian for TCP. Th

What Is The Endianness of Captured Packet Headers? Hello, I read here that network byte order is big-endian for TCP. Th

With Pcapng I can see it in the Itnerface Description Block's LinkType field. Nowhere to be found with Pcap....

I tried that and I get the following error. The file "A_2020-02-02_12_00_01_00637_copy.pcap" isn't a capture file in a f

I tried that and I get the following error. The file "A_2020-02-02_12_00_01_00637_copy.pcap" isn't a capture file in a f

How Can I view Pre-Frame Data? Hello, Wireshark is awesome, and I love how I can see data so clearly. I can see everyth

Yes, I noticed that the answer for units of time was in the text I pasted, hence I changed some of the body of my questi

How Do I Calculate the Timestamp in UTC in an Enhanced Packet Block? Hello, Reading the 52 page specification on Pcapng

What are the "Units of Time" referring to in an Enhanced Packet Block? Hello, Reading the 52 page specification on Pcap

Yes, I noticed that the answer for units of time was in the text I pasted, hence I changed some of the body of my questi

What are the "Units of Time" referring to in an Enhanced Packet Block? Hello, Reading the 52 page specification on Pcap

What are the "Units of Time" referring to in an Enhanced Packet Block? Hello, Reading the 52 page specification on Pcap

Hello,

I'm looking to build a Pcapng parser. As such I need to programatically determine how large the Section Header Block, and in essence, reverse engineer my parser from raw data. Pcap files were easy, the general header was 24 bytes at the beginning of each file, and the file header was 16 bytes, that's it. It seems that, after reading the 40 page whitepaper on Pcapng, that it's going to be a little tougher.

How do I enable seeing as much information regarding Pcapng data on Wireshark? I'm looking at a Pcapng file right now, but can't tell anything Pcapng related about it.

Would appreciate the help.

Wow, this is EXACTLY what I was looking for. This really solidifies the 40+ page specification I read and I can now work

How Can I Display as Much Pcapng Information As Possible? Hello, I'm looking to build a Pcapng parser. As such I need t