Home Community Discussion Forums Most Active Software Boards LabVIEW Topic

LabVIEW

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Wireshark - PCAP Reader - Internet Protocol Portion

Solved!
Go to solution

Wireshark - PCAP Reader - Internet Protocol Portion

‎01-26-2023 11:15 AM

I recently created a PCAP reader in LabVIEW that can dig out the actual payload.  Nothing too complicated.  However there's one bit in there that I don't entirely trust my understanding.  I'm more guessing how it works.  Was hoping someone with a firmer networking grasp could confirm or correct for me.

 

The following portion defines the Header Length bytes.  But what about it actually makes up that number?

DailyDose_4-1674753178225.png

With other pcaps I've looked at, I've concluded that to mean, Version times Header Length = # of bytes - in this case 4 x 5 = 20

DailyDose_3-1674753146015.png

 

Am I wrong?  Or is that the correct way to interpret that?

0 Kudos
Message 1 of 5
(989 Views)
Reply

Re: Wireshark - PCAP Reader - Internet Protocol Portion

‎01-26-2023 12:09 PM

Have you checked out Raw Ethernet Frame Decode and Encode Example?

-------------------------------------------------------
Control Lead | Intelline Inc
Message 2 of 5
(977 Views)
Reply
Solution
Accepted by topic author DailyDose

Re: Wireshark - PCAP Reader - Internet Protocol Portion

‎01-26-2023 12:29 PM

 

IHL (Internet Header Length) is a 4-bit field that specifies the number of 32-bit words (4 bytes) in the header.  This value can vary from 5 to 15, which would give a total header length anywhere from 20 bytes to 60 bytes.  The IHL x version number is probably just a coincidence that it matches the minimum total header length.

 

Take a look here at the IHL definition:

https://en.wikipedia.org/wiki/Internet_Protocol_version_4#Packet_structure

 

 

Message 3 of 5
(971 Views)
Reply

Re: Wireshark - PCAP Reader - Internet Protocol Portion

‎01-26-2023 01:08 PM

Thank you for the link.  Yep, sure enough, just a coincidence.  Will make that change immediately.  Thank you!

0 Kudos
Message 4 of 5
(962 Views)
Reply

Re: Wireshark - PCAP Reader - Internet Protocol Portion

‎01-26-2023 02:02 PM

@playerm1 wrote:

 

IHL (Internet Header Length) is a 4-bit field that specifies the number of 32-bit words (4 bytes) in the header.  This value can vary from 5 to 15, which would give a total header length anywhere from 20 bytes to 60 bytes.  The IHL x version number is probably just a coincidence that it matches the minimum total header length.

 

Take a look here at the IHL definition:

https://en.wikipedia.org/wiki/Internet_Protocol_version_4#Packet_structure

 

 

Because I was curious, though, I looked up IPV6 to see if that would make any difference.  Wiki wasn't as straight forward as it was for IPV4.  But from what I read, it does look like it'll be a larger header.  Just not as sure where to find that info. X number of 128 bits.  So I guess for now, this PCAP parser is strictly IPV4 capable.

0 Kudos
Message 5 of 5
(936 Views)
Reply