Re: [Wireshark-dev] network byte order

Thu, 05 May 2011 11:53:54 -0700 

On May 5, 2011, at 11:39 AM, Brian Oleksa wrote:

> Most network traffic is in network byte order and uses Big-Endian.

Actually, lots of network traffic is plain text or raw binary data (HTTP, for 
example), and SMB/SMB2 are little-endian except for the raw binary data (read 
and write payload) - there are other protocols that use little-endian values as 
well.

> I am trying to dissect a packet that uses Little-Endian.

Not a problem.  Either

        1) you're fetching values from the packet, and thus converting them 
from whatever byte order it's in to *host* byte order, in which case:

                for big-endian integral values, you use tvb_get_ntohs() for 
2-byte values, tvb_get_ntoh24() for 3-byte values, tvb_get_ntohl() for 4-byte 
values, tvb_get_ntoh40() for 5-byte values, tvb_get_ntoh48() for 6-byte values, 
tvb_get_ntoh56() for 7-byte values, and tvb_get_ntoh64() for 8-byte values;

                for big-endian IEEE floating-point values, you use 
tvb_get_ntohieee_float() for single precision and tvb_get_ntohieee_double() for 
double-precision;

                for little-endian integral values, you use tvb_get_letohs() for 
2-byte values, tvb_get_letoh24() for 3-byte values, tvb_get_letohl() for 4-byte 
values, tvb_get_letoh40() for 5-byte values, tvb_get_letoh48() for 6-byte 
values, tvb_get_letoh56() for 7-byte values, and tvb_get_letoh64() for 8-byte 
values;

                for little-endian IEEE floating-point values, you use 
tvb_get_letohieee_float() for single precision and tvb_get_letohieee_double() 
for double-precision;

or

        2) you're just using proto_tree_add_item(), in which case for 
big-endian values you pass ENC_BIG_ENDIAN as the last argument and for 
little-endian values you pass ENC_LITTLE_ENDIAN as the last argument.

> Before I write my own "bit decoder"...is there any built in functions that 
> will "convert" Little-Endian to Big-Endian for me..??

No, because that's not what you want to do.  You want either to fetch data and 
convert it to *host* byte order if you're going to look at the value in your 
code (for example, a message type value, which you need in order to determine 
the format of the rest of the message) or just use proto_tree_add_item() if 
you're just adding the value to the protocol tree.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Reply via email to