Hi,
I am trying to figure out how wireshark actually does teh dissection of a packet. I have a packet and I know the protocol, but do not have a parser for it. I would like to be able to give the packet to wireshark and have wireshark parse it then read the values back form the appropriate structure.
I have been looking a the code and do not see where wireshark a determines what the protocol is and which specific dissector to call. I have been able to find out where it determines which file type the input file is. I have traced the code into a routine called call_dissector_through_handle in packet.c. This appears to call the specific dissector through dissector_handle funtion pointer. I cannot find where the dissector_handle is set.
Am I on the right track? Any guidance would be appreciated.
thanks,
Tim
