The Header Length is in terms of 32-bit words. So a setting of 1111
will represent a length of 60 bytes (i.e. 15 * 4).
Wireshark might be combining the reserved field and header-length
field into one.
2008/11/16 Imad Gharazeddine | McGill <[EMAIL PROTECTED]>:
> During our attempt to create an STCP packet, we encountered this problem:
> RFC 793 states that DATA OFFSET field must be 4 bits long. After it, comes
> the RESERVED field which is 6 bits long.
> Wireshark analysis of regular TCP packets from UMLs reveals that the HEADER
> LENGTH field, which we assume to be the equivalent of the DATA OFFSET field,
> has a field-length of 2 hex digits = 2x4bits = 8bits.
> If the RFC states DATA OFFSET must be 4 bits, how come wireshark is
> expecting this field to have 8 bits in it?
> How can a TCP header length of 20 = value of "50" in wireshark be achieved
> if our DATA OFFSET field is limited to 4 bits. With 4 bits you can only go
> up to 15.
> -- Imad
> gini mailing list
gini mailing list