Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions

  




 

 

6.2. Overview

The following will give you a simplified overview of Wireshark's function blocks:

Figure 6.1. Wireshark function blocks.

Wireshark function blocks.

The function blocks in more detail:

GTK 1/2

Handling of all user input/output (all windows, dialogs and such). Source code can be found in the gtk directory.

Core

Main "glue code" that holds the other blocks together. Source code can be found in the root directory.

Epan

Ethereal Packet ANalyzer (XXX - is this correct?) the packet analyzing engine. Source code can be found in the epan directory.

  • Protocol-Tree - Keep data of the capture file protocol information.

  • Dissectors - The various protocol dissectors in epan/dissectors.

  • Plugins - Some of the protocol dissectors are implemented as plugins. Source code can be found at plugins.

  • Display-Filters - the display filter engine at epan/dfilter.

Capture

Capture engine.

Wiretap

The wiretap library is used to read/write capture files in libpcap and a lot of other file formats. Source code in the wiretap directory.

Win-/libpcap (not part of the Wireshark package)

The platform dependent packet capture library, including the capture filter engine. That's the reason why we still have different display and capture filter syntax, as two different filtering engines are used.


 
 
  Published under the terms fo the GNU General Public License Design by Interspire