Skip to content
Log in

Protocol dissector

Definition

A software component in a packet analyser that recognises a specific protocol and parses its header fields into named, readable values. Wireshark includes hundreds of built-in dissectors; analysts can also write custom dissectors in Lua for proprietary or custom protocols.

Related terms

Artefact carving
Extracting embedded content from raw data by locating known file signatures (magic bytes) at byte boundaries. In PCAP analysis, this means reassembling...
Beaconing
Periodic outbound connections from a compromised host to a command-and-control server, typically at regular intervals. The regularity of the interval, measured in...
Display filter
A Wireshark filter expression applied to an already-captured PCAP file to show only packets matching specified criteria. Display filters do not delete...
PCAP
Packet capture file. The standard format for storing captured network frames, originally defined by the libpcap library. Each record contains the raw...
Stream reassembly
The process of collecting all the TCP segments belonging to a single connection and reordering them by sequence number to reconstruct the...

Explained in

  • Traffic Analysis and Protocol DissectionA software component in a packet analyser that recognises a specific protocol and parses its header fields into named, readable values. Wireshark includes hund...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account