On May 5, 2011, at 11:39 AM, Brian Oleksa wrote:
> Most network traffic is in network byte order and uses Big-Endian.
Actually, lots of network traffic is plain text or raw binary data (HTTP, for
example), and SMB/SMB2 are little-endian except for the raw binary data (read
and write payload) - there are other protocols that use little-endian values as
well.
> I am trying to dissect a packet that uses Little-Endian.
Not a problem. Either
1) you're fetching values from the packet, and thus converting them
from whatever byte order it's in to *host* byte order, in which case:
for big-endian integral values, you use tvb_get_ntohs() for
2-byte values, tvb_get_ntoh24() for 3-byte values, tvb_get_ntohl() for 4-byte
values, tvb_get_ntoh40() for 5-byte values, tvb_get_ntoh48() for 6-byte values,
tvb_get_ntoh56() for 7-byte values, and tvb_get_ntoh64() for 8-byte values;
for big-endian IEEE floating-point values, you use
tvb_get_ntohieee_float() for single precision and tvb_get_ntohieee_double() for
double-precision;
for little-endian integral values, you use tvb_get_letohs() for
2-byte values, tvb_get_letoh24() for 3-byte values, tvb_get_letohl() for 4-byte
values, tvb_get_letoh40() for 5-byte values, tvb_get_letoh48() for 6-byte
values, tvb_get_letoh56() for 7-byte values, and tvb_get_letoh64() for 8-byte
values;
for little-endian IEEE floating-point values, you use
tvb_get_letohieee_float() for single precision and tvb_get_letohieee_double()
for double-precision;
or
2) you're just using proto_tree_add_item(), in which case for
big-endian values you pass ENC_BIG_ENDIAN as the last argument and for
little-endian values you pass ENC_LITTLE_ENDIAN as the last argument.
> Before I write my own "bit decoder"...is there any built in functions that
> will "convert" Little-Endian to Big-Endian for me..??
No, because that's not what you want to do. You want either to fetch data and
convert it to *host* byte order if you're going to look at the value in your
code (for example, a message type value, which you need in order to determine
the format of the rest of the message) or just use proto_tree_add_item() if
you're just adding the value to the protocol tree.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
