Charles Lepple wrote: > For instance, if I create a .pcap file with "text2pcap -l 189 ..." on > a big-endian machine, then the .pcap file seems not to have the > byte-swapped flag set.
There's no byte-swapped flag in a libpcap file. There's only a magic number, which is written out in host byte order on the machine on which the file is written; it either looks like 0xa1b2c3d4 if the file is being read on a machine with the same byte order, or like 0xd4c3b2a1 on a machine with the opposite byte-order. If you create a .pcap file with text2pcap, the magic number will be written in the byte order of your machine, so it won't appear to be byte-swapped. _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
