This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Functions involved in the Dissecting Process [Header files and examples]

According to the book pg 468 (reader) / pg 440 (book), under the title of " The Dissection Process" I was unable to locate which header files that some of the functions belongs to:

dissect_frame()
dissect_try_port()

May i know to which header files that these functions belong to?

Is there any tutorials or guidelines out there on how to use the functions? If you could, please provide me a simple example of using the functions in the dissectors (epan_dissector_run(), dissect_packet,dissect_frame(), dissect_try_port()). I do really appreciate that. Thanks

Regards, Eddie Choo

dissector epan wireshark

asked 27 Jul '11, 20:09

eddie choo
66●9●17●15
accept rate: 66%

One Answer:

Your link to "the book" is dead for me, so I'm not sure what you are referencing.

dissect_frame() isn't in any header file. The function is found in epan\dissectors\frame.c. It is called from epan\packet.c in function dissect_packet() via call_dissector() using the handle to the frame dissector located by the packet_init() function.
I think you mean dissector_try_port() which doesn't exist any more. It was renamed to dissector_try_uint() in revision 35224 with the following reason for the change:

Rename the routines that handle dissector tables with unsigned integer keys to have _uint in their names, to match the routines that handle dissector tables with string keys. (Using _port can confuse people into thinking they're intended solely for use with TCP/UDP/etc. ports when, in fact, they work better for things such as Ethernet types, where the binding of particular values to particular protocols are a lot stronger.)

answered 28 Jul '11, 01:28

grahamb ♦
19.8k●3●30●206
accept rate: 22%

edited 28 Jul '11, 02:08

Hi Graham, thanks for your reply. I am sorry that i submitted the wrong link. This is the correct one

(28 Jul '11, 01:52) eddie choo