Ask Your Question

Revision history [back]

The process whereby Wireshark prints all the details of a protocol is called "dissection", performed by code called "dissectors".

A starting point for dissectors (you don't necessarily need to be a programmer) would be my SharkFest presentation on 3 ways to write a dissector.