In an Ethernet Frame, the ethertype specifies the upper layer. The IP will specify protocol layer above. Let's say you have TCP layer, and then some traffic on a "random port" 8080. It could be HTTP, or it could not be since it is not a registered port. Same with UDP protocol. You just know which port you are going to, but that doesn't guarantee the protocol for decoding.
What is the algorithm wireshark uses to know what the next protocol is to decode? You can run HTTP protocol on any other port. I assume WireShark will decode it properly, but is it just port numbers used to decode layers above UDP/TCP or what? There are ports that are used by multiple protocols so somehow WireShark would have to decide how to decode it properly.
