Hi,
I'm interested in how Wireshark actually handles the different headers in a packet. For example, when it captures a TCP packet, it has to know and decode the Ethernet, IP, TCP headers to finally get to the payload. I think this process is called "packet dissection"?
I know that the /epan/dissectors folder contains the source codes for the different protocols, i.e. packet-protocolname.c. The source codes relating to the protocol tree are found in /epan in proto.c and proto.h. Also, I believe that the main "glue code" that holds the other blocks together as described in the Developer's Guide is tshark.c.
So are there any other places, besides the source codes and the Wireshark Developer's Guide that would be helpful to me?
Thank you.
|
