Hi all,
I'm researching Microsoft's Network Monitor captures format (.cap files) and I need a lead in WS's code.
Based on the 'link layer type' parsed from the file header the packets might be 802.11 frames with NM's special header.
This dissector is known as "netmon_802_11" in wireshark.
It is the first protocol in every frame's stack and it's registration routine is directly to the "wtap_encap" table like so:
|
| dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE_802_11_NETMON, netmon_802_11_handle); |
|
(from packet-ieee80211-netmon.c)
Could someone point me to the functoin where the actual 'call_dissector' or 'call_dissector_with_data' is happening for the inital layer?
Also, is that dependent on the file format we are parsing (pcap/pcapmg/cap) or is there a single function all eventually get to?
Thank you,
Shai