Wireshark mailing list archives
Help finding the link layer dissector call (netmon_802_11)
From: Shai Shapira via Wireshark-dev <wireshark-dev () wireshark org>
Date: Tue, 16 Feb 2021 10:41:01 -0000
Hi all, I'm researching Microsoft's Network Monitor captures format (.cap files) and I need a lead in WS's code. Based on the 'link layer type' parsed from the file header the packets might be 802.11 frames with NM's special header. This dissector is known as "netmon_802_11" in wireshark. It is the first protocol in every frame's stack and it's registration routine is directly to the "wtap_encap" table like so: dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE_802_11_NETMON, netmon_802_11_handle); (from packet-ieee80211-netmon.c) Could someone point me to the functoin where the actual 'call_dissector' or 'call_dissector_with_data' is happening for the inital layer? Also, is that dependent on the file format we are parsing (pcap/pcapmg/cap) or is there a single function all eventually get to? Thank you, Shai
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Help finding the link layer dissector call (netmon_802_11) Shai Shapira via Wireshark-dev (Feb 16)
- Re: Help finding the link layer dissector call (netmon_802_11) Guy Harris (Feb 16)