A protocol dissector allows Wireshark to break down a protocol into various sections so that it can be analyzed. For example, the ICMP protocol dissector allows Wireshark to take the raw data off the wire and format it as an ICMP packet.

You can think of a dissector as the translator between the raw data flowing across the wire and the Wireshark program. In order for a protocol to be supported by Wireshark, it must have a dissector built into it (or you can write your own in C or Python).

Wireshark uses several dissectors in unison to interpret each packet. It determines which dissectors to use by using its programmed logic and making a well-educated guess.