So i was trying to write a parser for the PCAPNG file format as a project and looked at its format from the following link:- https://pcapng.com/. If we move on to the section describing the packet block it says that after time stamp lower we have captured packet length.
In my pcapng file generated by dumpcap for the 1st packet the block length 4 bytes as viewed in ghex is as follows
6B 01 00 00
Converting that to decimal using rapid tables turns out to be 27393 in decimal.
However anaylsing using wire shark gives the length as 363 bytes which in hex is 16B is this some little endian big endian issue or something else i do not seem to understand.
Any help would be appreciated