What Is The Endianness of Captured Packet Headers?
Hello,
I read here that network byte order is big-endian for TCP. This is a protocol-level property.
Two questions regarding endianness in capture files:
- Is it correct that captured packet headers are written in the byte order of the host that wrote the file? In other words, what determines the endianness of the headers in a frame?
- Building off #1, is it possible that, while a protocol-level property of TCP is big-endian, there is no guarantee that a packet that I inspect on Wireshark will have TCP headers that are written in big-endian?
For example,
The Ethernet header here displays type: IPv4 in big-endian (and so do the other headers). But this may not always be the case?
Thanks!
Comments