Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] Understanding packet dissection

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Rayne <hjazz6@xxxxxxxxx>
Date: Thu, 5 Mar 2009 01:17:53 -0800 (PST)

Hi,

I'm interested in how Wireshark actually handles the different headers in a packet. For example, when it captures a TCP packet, it has to know and decode the Ethernet, IP, TCP headers to finally get to the payload. I think this process is called "packet dissection"?

I know that the /epan/dissectors folder contains the source codes for the different protocols, i.e. packet-protocolname.c. The source codes relating to the protocol tree are found in /epan in proto.c and proto.h. Also, I believe that the main "glue code" that holds the other blocks together as described in the Developer's Guide is tshark.c.

So are there any other places, besides the source codes and the Wireshark Developer's Guide that would be helpful to me?

Thank you.

  • Prev by Date: [Wireshark-users] ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57)
  • Next by Date: Re: [Wireshark-users] ssl_generate_keyring_material not enough data togenerate key (0x17 required 0x37 or 0x57)
  • Previous by thread: Re: [Wireshark-users] ssl_generate_keyring_material not enough data togenerate key (0x17 required 0x37 or 0x57)
  • Next by thread: [Wireshark-users] A simple question about Wireshark: confusion about OICQ protocol analysis
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation