Wireshark-dev: Re: [Wireshark-dev] regarding packet capture
From: Guillaume Bienkowski <[email protected]>
Date: Tue, 03 Jun 2008 09:06:28 +0200
Look at the epan_dissect_* functions in the epan/epan.c and epan/packet.c files. The real work is done through the epan_dissect_run(..) function, but it's not really clear in the documentation. You can check the example of Eloy Paris in a previous discussion here: http://www.wireshark.org/lists/wireshark-dev/200804/msg00022.html
I also regret the Wireshark API isn't really well documented, you have 
to find out yourself how to use it; but if you feel like writing 
something after going through these files, feel free :-)

Amit Paliwal a écrit :
Thanx for the suggestion, I went through the directory which provides 
very very minimal information its like hardly 20 lines written there 
that does not suffice for my query.
kindly suggest some more ways to get that understanding. What I 
actually wana know is the all protocol information is displayed uding 
a tree so somewhere that tree is made by taking some kinda buffer. 
where are these maintained,i will go through the code more once i get 
the initial point.