This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

CRC16-TVB checksum custom dissector CRC

0

Hi Iam developing custom dissector using wieshark 1.113 , iam trying for CRC tree uusing crc16_ccitt_tvb() (my polynominal is (x16 + x12 + x5 + 1))and i can able to see results correctly.

But its showing reverse (eg. my 2 byte CRC is 52 AC my wireshark shows as CRC 0X52AC [CORRECT] but actually i suppose to get CRC 0XAC52 [CORRECT] here below my code.

checksum_offset = reported_length - 2;
checksum = tvb_get_ntohs(tvb, checksum_offset);
checksum_calculated = crc16_ccitt_tvb(tvb, checksum_offset);
checksum_calculated = g_htons(checksum_calculated);
  /* Note: g_htons() macro may eval arg multiple times */

if (checksum == checksum_calculated) {
        checksum_ti = proto_tree_add_uint_format_value(PARENT_tree, hf_PARENT_CRC, tvb, checksum_offset, 2, 0, "0x%04x [correct]", checksum, ENC_LITTLE_ENDIAN);
        checksum_tree = proto_item_add_subtree(checksum_ti, ett_PARENT_CRC);
        proto_tree_add_boolean(checksum_tree, hf_PARENT_cksum_gd, tvb,checksum_offset, 2, TRUE);
        proto_tree_add_boolean(checksum_tree, hf_PARENT_cksum_bd, tvb, checksum_offset, 2, FALSE);
 } else {
        checksum_ti = proto_tree_add_uint_format_value(PARENT_tree, hf_PARENT_CRC, tvb, checksum_offset, 2, 0, "0x%04x [incorrect, should be 0x%04x]", checksum, checksum_calculated, ENC_LITTLE_ENDIAN);
        checksum_tree = proto_item_add_subtree(checksum_ti, ett_PARENT_CRC);
        proto_tree_add_boolean(checksum_tree, hf_PARENT_cksum_gd, tvb, checksum_offset, 2, FALSE);
        proto_tree_add_boolean(checksum_tree, hf_PARENT_cksum_bd, tvb, checksum_offset, 2, TRUE);
 }

asked 27 May '14, 01:31

umar's gravatar image

umar
26222427
accept rate: 0%

edited 27 May '14, 02:55

grahamb's gravatar image

grahamb ♦
19.8k330206

@mrajsekar I've already fixed the formatting once, if you edit it again please use the "code" button to format code correctly (or use code tags around the code).

(27 May '14, 02:54) grahamb ♦
2 Answers:
active answersoldest answersnewest answerspopular answers
0

Just a wild guess: Please try ENC_BIG_ENDIAN instead of ENC_LITTLE_ENDIAN.

Regards
Kurt

permanent link

answered 27 May '14, 12:43

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

0

proto_tree_add_uint_format_value() takes, as the value argument and as arguments to the format string, values in the host byte order, so don't do

checksum_calculated = g_htons(checksum_calculated);

Also, all arguments to proto_tree_add_uint_format_value() after the format string are arguments to the format string, and proto_tree_add_uint_format_value() doesn't fetch any values, so leave the ENC_LITTLE_ENDIAN argument out.

permanent link

answered 27 May '14, 12:47

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Hi

Thanks for the reply

Found the issue from checksum = tvb_get_ntohs(tvb, checksum_offset);

This FETCH value in BIG Endian

I hve used checksum = tvb_get_letohs(tvb, checksum_offset);

Issue settled. Thanks!:)

(27 May '14, 21:02) umar
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×13
×1

question asked: 27 May '14, 01:31

question was seen: 2,181 times

last updated: 27 May '14, 21:02

Related questions

dissector debugging -- how to find the exact line of a "malformed packet" exception

Within the scope of a Wireshark dissector, Is it possible to detect out order sequence ids (based on arrival time) in PTP V2?

What is backing_length, reported_length ?

tvb_composite problem

TVB reference from one tree to another CRASH while starting Wireshark

tvb_reported_length_remaining

Can I extract data from the tvb using a header field?

Lua: create an modified TVB before chaining dissector

How to use tvb_new_subset

Lua error: "Tvbs can only be created and used in dissectors"

about | faq | privacy | support | contact

p​o​w​e​r​e​d by O​S​Q​A