Information in a PCAP file with a single TCP/IP packet


If you need to create packets for your protocol so that you can test a Wireshark dissector, the following information may be useful to you. The PCAP file format is well documented in the Wireshark Wiki.

00 – 24 byte PCAP global header (see magic number 0xa1b2c3d4 sequence to determine how fields are to be read)

18 – 16 byte packet header

20 – 4 byte length of packet in file (same byte order as magic number)

24 – 4 byte original length of packet (same byte order as magic number)

28 – 14 byte Ethernet frame header

36 – 20 byte IPv4 header

38 – Total length of IP packet, includes the IP header and the TCP payload

40 – 2 byte IP packet checksum

4a – 20 byte TCP header

4a – 2 byte source port

4c – 2 byte destination port

5e – Payload

If you mess around with the payload, the fields in red are the ones you will need to adjust. The fields in blue don’t prevent Wireshark from opening the capture file correctly, but may need to be modified. You can fix the IP checksum based on the value calculated by Wireshark.

Information in a PCAP file with a single UDP packet


If you need to create packets for your protocol so that you can test a Wireshark dissector, the following information may be useful to you. The PCAP file format is well documented in the Wireshark Wiki.

00 – 24 byte PCAP global header (see magic number 0xa1b2c3d4 sequence to determine how fields are to be read)

18 – 16 byte packet header

20 – 4 byte length of packet in file (same byte order as magic number)

24 – 4 byte original length of packet (same byte order as magic number)

28 – 14 byte ethernet frame

36 – 20 byte IPv4 Header

38 – Total length of IP packet including the header

4a – 8 byte udp header starts here

4a – 2 byte udp src port

4c – 2 byte udp dest port

4e – 2 byte length of payload including udp header (8 bytes)

50 – 2 byte udp checksum (anything is checksum validation is disabled)

52 – payload

If you mess around with the payload, the fields in red are the ones you will need to adjust. The fields in blue don’t prevent Wireshark from opening the capture file correctly, but may need to be modified.

Know Thyself


This is a beginning of a series of posts where I will try to record my family’s history. I have always liked the Greek aphorism, Know Thyself. I believe that records eventually become history. Ancient Indians have had a bad track record of recording. We have adopted foreign (Indian or not) languages and traditions, and quite successfully shed our cultural and ancestral roots.

My recent ancestors come from the Kumaon region of India. My mother Hansa Pant is from Bhowali, a town in the Nainital district. My (late) father, Ramesh Chandra Tewari, is from the Lamgara locality, more specifically the Tewari Jakh village of the Almora district. He left for Mumbai (erstwhile Bombay) in the 1960’s to serve in the Indian Navy, my early childhood and adulthood then is intimately tied to Mumbai.

Bhowali

History is about people and places, and their interactions. My interactions with Kumaon happened during rare and sporadic visits during my summer vacations from school. They have however left a deep mark. The train rides through Indian localities and wilderness, bus rides through winding roads etched in the hills, cold climate, temperate forests, distant views of frosty and snowy mountaintops, wheat fields etched along the hills, walnut trees, orange trees, apple trees, wild berries… the list of fond memories is just endless.

The Kumaoni household is patriarchic, women are highly respected, but all history is recorded around men. In 1991, during one of my visits to Tewari Jakh, I copied a seven generation deep family tree with names of men. That information I then recorded at the excellent myheritage.com portal, and is reproduced in the image below. It also includes names of women in my immediate family circle.

familytree

In my posts, I’ll avoid discriminating against women and their role in my ancestry.