I am facing a weird problem
retrieving tcp header and trying to print source and destination ports code :
src_p = tcp->th_sport;
dest_p = tcp->th_dport;
output (in hex):
8e08 and 64a2
wireshark shows that the ports are 088e and a264
why is libpcap swapping the bytes? or is there something wrong with my code?
PS: I am using structs shown in this program.
The ports are stored in network byte order (big endian) in the TCP header (most protocols send multi-byte numbers over a network using big endian, hence the nickname). Wireshark is merely converting the bytes to host byte order (big or little endian, depending on your PC's hardware, hence the nickname) when it is translating the bytes into human-readable numbers. In your code, you can use your platform's ntohs() function to do the same thing.
