Wireshark-dev: Re: [Wireshark-dev] packet parsing question

From: "Luis EG Ontanon" <luis@xxxxxxxxxxx>
Date: Thu, 29 May 2008 16:45:53 +0200
You want to read doc/README.developer from the src tree.


On Thu, May 29, 2008 at 4:31 PM, Piety, Timothy [USA]
<piety_timothy@xxxxxxx> wrote:
> Hi,
>
> I am trying to figure out how wireshark actually does teh dissection of a
> packet. I have a packet and I know the protocol, but do not have a parser
> for it. I would like to be able to give the packet to wireshark and have
> wireshark parse it then read the values back form the appropriate structure.
>
> I have been looking a the code and do not see where wireshark a determines
> what the protocol is and which specific dissector to call. I have been able
> to find out where it determines which file type the input file is. I
> have traced the code into a routine called call_dissector_through_handle in
> packet.c. This appears to call the specific dissector through
> dissector_handle funtion pointer. I cannot find where the dissector_handle
> is set.
>
> Am I on the right track? Any guidance would be appreciated.
>
> thanks,
>
> Tim
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>



-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan