This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

ICMP Sequence Number (BE) vs (LE)

0

When applying a column for a capture looking at a trace route I noticed there are 2 sequence number choices - (BE) and (LE) in the packets detail screen. I did not see these in earlier version of WS. What's the difference? Thanks Eric

asked 28 Mar '11, 05:19

EricKnaus's gravatar image

EricKnaus
46192026
accept rate: 0%


One Answer:

2

The sequence number field is simply being displayed in both big endian (BE) and little endian (LE) formats to make it easier to follow when those sequence numbers are incrementing from one ICMP echo request/reply to the next. The reason both formats are shown is because sometimes those fields are populated in big endian format and sometimes they are populated in little endian format, and there is no definitive way to tell which format it's in from the contents of the packet.

answered 28 Mar '11, 06:41

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%