Wireshark-dev: Re: [Wireshark-dev] source code
From: Guy Harris <[email protected]>
Date: Fri, 04 Apr 2008 02:22:03 -0700
Maria de Fatima Requena wrote:

Does anyone know where (which files) is the code for telling skinny packets apart
I.e., the code that recognizes that a given packet is a Skinny Client 
Control Protocol packet?
That's dissect_skinny() in epan/dissectors/packet-skinny.c.

and for the capture of packets in general?
The capture code is in dumpcap.c.  It's compiled into a program called 
dumpcap, along with some other source files; both Wireshark and TShark 
run that program to do capturing.  (That way, if the code that does 
capturing has to run with privileges, Wireshark and TShark themselves, 
with their 1.5 million lines of dissector code, don't have to run with 
privileges, so if there's a vulnerability in them, the damage they can 
do is limited.)