I am trying to parse a binary file that contains a dump of network packets. The specification for the network packets says that it follows the Big Endian format. Following is a snippet from the file
0400 0001 004f 1a04 595a 2a2a 3132 3300
4000 054d aee0 1f00 001c 2240 2802 0bfa
818b 00e0 4c01 b969 3220 a000 0900 5a00
0300 a300 0100 004f 6a40 7132 6086 0113
On my system, python is reading the file in the Little Endian format. I know that I can set the format string in python's struct module's unpack function to unpack the data in Big Endian format. However, I am not sure of the sequence in which I should read the file or pass the bytes to the unpack function primarily because I don't understand how Endianness works in the context of files.
Considering the first 8 bytes of the packet represent the following struct
typedef struct
{
CHAR cCompOrNot; # 1 byte
SHORT nDataSize; # 2 bytes
SHORT iNoOfPackets; # 2 bytes
}ST_COMP_BATCH_HEADER
how should the data be read in python?
The first byte is a flag (0/1) which tells if the data is compressed or not. Considering this, I tried to read from the first line as 003332312a as well as 000401004f using the following code
import struct
data = b'\x00\x04\x01\x00\x4f'
s = struct.unpack(">chh", data)
print(s)
which outputs
(b'\x00', 1025, 79)
and it makes sense.
But I want to make sure this is correct.
