https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5370
--- Comment #6 from Guy Harris <guy@xxxxxxxxxxxx> 2010-11-05 16:31:44 PDT ---
 - how are the bytes of a realtime capture arrive to wireshark on little-endian
and big endian computers?
They arrive in whatever format the USB monitoring code delivers them, which I
think is "host byte order".
 - what happens if the capture file which contains caputred USB packets on
little-endian computer is transfered to a big-endian computer and opened there
in Wireshark?
Most of the Linux pseudo-header is byte-swapped by the Wiretap code, so that
most of the fields in the Linux pseudo-header are in the byte order appropriate
for the host reading the file.
The fields in the data[8] portion of the pseudo-header are *NOT* modified in
any fashion, so any multi-byte quantities put there by host code, rather than
being copied from the (little-endian, I think) USB setup information, will be
in the byte order of the host that *wrote* the file.
The same is true of the isochronous descriptors - they are *NOT* examined, and
*NOT* byte-swapped, by the Wiretap code.
The same applies to the libpcap code, so any program that uses libpcap to read
USB captures would have the same issues as Wireshark.
-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.