The Header Length is in terms of 32-bit words. So a setting of 1111 will represent a length of 60 bytes (i.e. 15 * 4). Wireshark might be combining the reserved field and header-length field into one.
Alex 2008/11/16 Imad Gharazeddine | McGill <[EMAIL PROTECTED]>: > During our attempt to create an STCP packet, we encountered this problem: > > RFC 793 states that DATA OFFSET field must be 4 bits long. After it, comes > the RESERVED field which is 6 bits long. > > Wireshark analysis of regular TCP packets from UMLs reveals that the HEADER > LENGTH field, which we assume to be the equivalent of the DATA OFFSET field, > has a field-length of 2 hex digits = 2x4bits = 8bits. > > If the RFC states DATA OFFSET must be 4 bits, how come wireshark is > expecting this field to have 8 bits in it? > > How can a TCP header length of 20 = value of "50" in wireshark be achieved > if our DATA OFFSET field is limited to 4 bits. With 4 bits you can only go > up to 15. > > Thanks, > > -- Imad > > _______________________________________________ > gini mailing list > gini@cs.mcgill.ca > http://mailman.cs.mcgill.ca/mailman/listinfo/gini > > _______________________________________________ gini mailing list gini@cs.mcgill.ca http://mailman.cs.mcgill.ca/mailman/listinfo/gini