On Mar 17, 2008, at 11:25 AM, Leandro Lucarella wrote:
> But I still can't find a way to tell (looked at FT_* and BASE_*
> constants) wireshark to interpret the field as little endian.
The byte order is *NOT* a property of the field; there exist protocols
(X11 and DCE RPC, to name two) where a given field might appear as
little-endian in some packets and big-endian in other packets, even in
the same capture.
At least as I read the Wireshark Lua reference manual section of the
Wireshark User's Manual, you want to do
subtree:add_le(pf, buffer(0, 4))
to add a little-endian 4-byte quantity, but I'm not an expert on the
Lua support. Luis?
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
