Help finding the link layer dissector call (netmon_802_11)

[Shai Shapira via Wireshark-dev <wireshark-dev () wireshark org>]

Hi all,


I'm researching Microsoft's Network Monitor captures format (.cap files) and I need a lead in WS's code.
Based on the 'link layer type' parsed from the file header the packets might be 802.11 frames with NM's special header.
This dissector is known as "netmon_802_11" in wireshark.


It is the first protocol in every frame's stack and it's registration routine is directly to the "wtap_encap" table 
like so:

dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE_802_11_NETMON, netmon_802_11_handle);


(from packet-ieee80211-netmon.c)


Could someone point me to the functoin where the actual 'call_dissector' or 'call_dissector_with_data' is happening for 
the inital layer?
Also, is that dependent on the file format we are parsing (pcap/pcapmg/cap) or is there a single function all 
eventually get to?




Thank you,
Shai

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe