A protocol dissector allows Wireshark to break down a protocol (ICMP, for example) into various sections so that it can be analyzed. The ICMP protocol dissector allows Wireshark to take the raw data off the wire and format it as an ICMP packet. You can think of a dissector as the translator between the raw data flowing across the wire and the Wireshark program. In order for a protocol to be supported by Wireshark, it must have a dissector built into it.

Wireshark uses several dissectors in unison to interpret each packet. It determines which dissectors to use by using its programmed logic and making a very well-educated guess.

Unfortunately, Wireshark does not always make the right choices when selecting the correct dissector ...