Skip to Main Content
Practical Packet Analysis, 2nd Edition
book

Practical Packet Analysis, 2nd Edition

by Chris Sanders
June 2011
Intermediate to advanced content levelIntermediate to advanced
280 pages
7h 56m
English
No Starch Press
Content preview from Practical Packet Analysis, 2nd Edition

Protocol Dissection

A protocol dissector allows Wireshark to break down a protocol into various sections so that it can be analyzed. For example, the ICMP protocol dissector allows Wireshark to take the raw data off the wire and format it as an ICMP packet.

You can think of a dissector as the translator between the raw data flowing across the wire and the Wireshark program. In order for a protocol to be supported by Wireshark, it must have a dissector built into it (or you can write your own in C or Python).

Wireshark uses several dissectors in unison to interpret each packet. It determines which dissectors to use by using its programmed logic and making a well-educated guess.

Changing the Dissector

wrongdissector.pcap

Unfortunately, Wireshark does ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Practical Packet Analysis

Practical Packet Analysis

Chris Sanders
Computer Security Handbook, Fifth Edition

Computer Security Handbook, Fifth Edition

SEYMOUR BOSWORTH, ERIC WHYNE, M.E. KABAY

Publisher Resources

ISBN: 9781593272661Errata