Are the functions located in the capture.c file? I have gone through the Developer's Guide but I can't really find the explanation on how wireshark automatically detects which protocol the raw data belongs to. Thanks for your attention. Regards, Eddie Choo asked 25 Jul '11, 01:14  eddie choo edited 25 Jul '11, 01:52 |
2 Answers:
I'll refer you to the overview in the Developer Guide. There you'll see the frame data comes in from the Wiretap library. It is generalized input from various sources. Epan gives data and metadata to the frame dissector. Based on this metadata it decides which further dissector gets the data passed to it. Therefore these dissectors have to register themselves, for the Wiretap encapsulation type they handle, with the table ("wtap_encap") which is used by the frame dissector. Then it's just a matter of Rinse and Repeat(sm). answered 25 Jul '11, 05:15  Jaap ♦ |
I have found a quite complete explanation from an e-book for my own question (again) Chapter 8, pg 440 "The Dissection Process" answered 25 Jul '11, 20:16 eddie choo |
i have been reading this whole day and still feeling blurred