Ethereal-dev: Re: [Ethereal-dev] (Newbie Q): I need help understanding...
This is what I've discerned just from poking around...maybe it'll help you:
--On Thursday, April 26, 2001 11:44 AM -0500 Drew Berkemeyer
<drew@xxxxxxxxxxxxxx> wrote:
1.) Where are the dissectors actually invoked? Any sort of architecture
doc. would be wonderful.
There's no architecture doc that I know of, but basically if you look in
the epan.c file in ethereal-*/epan/, you'll see that dissect_frame() get's
called for each packet. dissect_frame() then calls the next packet type,
and that dissector calls the next one and so on and so on and so on.
2.) Where can I get better documentation on the
libpcap libraries. I have not found anything that gives any depth of
info. For instance, what does it mean when the callback function for
pcap_loop returns null for the packet data all the time? Or for that
matter, where is the callback even documented at all.
Sorry, don't know
I'm sure I'll more specific questions as I go on, however, I am fighting
a general lack of understanding right now. Please let me know if this is
the wrong place for such posts or any leads on answering my questions.
The only way to really understand it is it o start at ethereal-*/gtk/main.c
and follow the functions until you reach the end of an actual packet
dissection (i.e. figure out how packet #1 finally get's dissected as a UDP
packet (or whatever it is)). That's what I've been doing!
--
PC Drew
Be nice or I'll replace you with a very
small shell script.
