On Dec 17, 2009, at 12:41 AM, nikhil tripathi wrote:
1:Why the global_port_number is important and how wiresahrk use thi?
What are you referring to? I can't find a variable named
global_port_number anywhere in Wireshark.
2:How wireshark choose protocol to dissect the cpaturing data?
See answer to question #3 below.
3.How we write new plugin when we don't know the port number can we
wirte plugin ?
You can still write the plug-in. It can be written as a heuristic
(something that checks each packet for a certain pattern of data and
then alerts Wireshark when that packet matches the dissector) - read
doc/README.heuristic for more details. You can also register a
protocol by name, but no port numbers, and choose it from the "Decode
As" menu option.
Steve