Ethereal-users: Re: [Ethereal-users] tcpdump/libpcap file format

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 25 Aug 2003 11:35:19 -0700

On Monday, August 25, 2003, at 1:12 AM, Tim Everitt wrote:


strange timing!
Not really - I checked in the change because your message pointed out that the comment was wrong. 


But it doesn't clear my query. The packet's Ethernet header
(destination MAC address, source MAC address and ethernet protocol), the IP header and so on are all in this puzzling byte order - not just the ultimate 
"payload".
Libpcap does not know the difference between the Ethernet header, the IP header, ..., and the "ultimate payload". As far as the underlying packet capture mechanism in the OS, and libpcap, are concerned, the packet is an uninterpreted sequence of bytes, in the order in which they were copied from the network into memory.