Wireshark mailing list archives

Re: ICMP Echo Requests & Replies - multiple Identifier & Sequence numbers

From: Sake Blok <sake () euronet nl>
Date: Thu, 24 Feb 2011 12:46:32 +0100

On 24 feb 2011, at 12:30, Keith French wrote:

I have recently seen in Wireshark when looking at an echo request/reply pair, that instead of the 
identification/sequence numbers used to tie the two packets together, there are now two identifiers and two sequence 
numbers:-
 
Identifier (BE): 512 (0x0200)
Identifier (LE): 2 (0x0002)
Sequence number (BE): 4352 (0x1100)
Sequence number (LE): 17 (0x0011)
 
What do the BE & LE signify & how do you use them to tie up the request & reply?


The BE and LE stand for Big Endian and Little Endian [1]. Depending on the OS that generated the Identifier and 
Sequence numbers, they are in Big Endian or Little Endian order. To make checking for missing sequences (or process 
ID's in case of the Identifier on some OS'es) easier, we now supply both the BE en LE representation.

Cheers,

Sake

[1]    http://en.wikipedia.org/wiki/Endianness
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

ICMP Echo Requests & Replies - multiple Identifier & Sequence numbers Keith French (Feb 24)
- Re: ICMP Echo Requests & Replies - multiple Identifier & Sequence numbers Sake Blok (Feb 24)
- Re: ICMP Echo Requests & Replies - multiple Identifier & Sequence numbers Stephen Fisher (Feb 24)
- Re: ICMP Echo Requests & Replies - multiple Identifier & Sequence numbers Guy Harris (Feb 24)