Hye, does it exist flags in pcaps packet which indicate if a paquet is in little or big endian??
Or is it automatically transform into a valid ip?

I had this problem : 10.1.168.192 instead of 192.168.1.10. I use libnet_host_lookup(ntohl(blurp)). and I had my ip address in 10.1.168.192

So if it is not identify by the this function, how should I act to have my Ip address in the good order?

Before reading this post I was thinking that no matter how lacking in specific details, bad language skills or otherwise weird assumptions the poster might have, at least some kind of message/question could be decrypted from it.

You sir have proved me wrong :D, However it might just be my sleep deprived brain.

http://www.fortunecity.com/skyscraper/arpanet/6/cc.htm


see if this helps out as i assume your using c

Before reading this post I was thinking that no matter how lacking in specific details, bad language skills or otherwise weird assumptions the poster might have, at least some kind of message/question could be decrypted from it.

You sir have proved me wrong :D, However it might just be my sleep deprived brain.

Hum, I was tired when I wrote the post, so if you did'nt understand it, it is not your fault.

To be brief the question is : how can I know if a packet is in little or big endian.

Well as far as I understand the pcap will always be saved according to the characteristics of the machine doing the actual dumping, at least with tcpdump.

Big endian machines will store the data big end first, starting from the most significant byte. Little endian machines stores data the other way around, that is the least significant, or smallest, byte first. There will be no problem with reading the file on the computer it was captured on, but if you transfer it to a computer implementing the other scheme the binary data will show up incorrectly, ex. UNIX / NUXI.

Here are some codes posted that should give you the endianness of your current machine. http://bytes.com/forum/thread457769.html

Thanks Tron!!

If will see that, but I think, I want have to use it because all my captures are done under linux and the software will be implemented for linux :D

Thanks anyway.

Yeah well most UNIX machines are big endian so there is probably no need for it. And as long as you keep it on the same machine you are guranteed to be fine ;)