diff options
author | Jaap Keuter <jaap.keuter@xs4all.nl> | 2006-06-06 23:23:26 +0000 |
---|---|---|
committer | Jaap Keuter <jaap.keuter@xs4all.nl> | 2006-06-06 23:23:26 +0000 |
commit | 4be9eaddb33e5e5da91a2864e8a380672a4dcd6e (patch) | |
tree | 9965bd11dde4ef23ce83280b6d7395d110dae9c7 /docbook/wsdg_src/WSDG_chapter_works.xml | |
parent | d704554ee20bbe7057580fdcd97b7fe3f6c1213b (diff) | |
download | wireshark-4be9eaddb33e5e5da91a2864e8a380672a4dcd6e.tar.gz |
Fixup edg -> wsdg
svn path=/trunk/; revision=18373
Diffstat (limited to 'docbook/wsdg_src/WSDG_chapter_works.xml')
-rw-r--r-- | docbook/wsdg_src/WSDG_chapter_works.xml | 154 |
1 files changed, 154 insertions, 0 deletions
diff --git a/docbook/wsdg_src/WSDG_chapter_works.xml b/docbook/wsdg_src/WSDG_chapter_works.xml new file mode 100644 index 0000000000..6b27859355 --- /dev/null +++ b/docbook/wsdg_src/WSDG_chapter_works.xml @@ -0,0 +1,154 @@ +<!-- WSDG Chapter Works --> +<!-- $Id$ --> + +<chapter id="ChapterWorks"> + <title>How Wireshark Works</title> + + <section id="ChWorksIntro"> + <title>Introduction</title> + <para> + This chapter will give you a short overview, how Wireshark is working. + </para> + </section> + + <section id="ChWorksOverview"> + <title>Overview</title> + <para> + The following will give you a simplified overview of Wiresharks function blocks: + <figure id="ChWorksFigOverview"> + <title> + <application>Wireshark</application> function blocks. + </title> + <graphic entityref="WiresharkFunctionBlocks" format="PNG"/> + </figure> + </para> + <para> + The function blocks in more detail: + <variablelist> + <varlistentry><term><command>GTK 1/2</command></term> + <listitem> + <para> + Handling of all user input/output (all windows, dialogs and such). + Source code can be found in the <filename>gtk</filename> directory. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>Core</command></term> + <listitem> + <para> + Main "glue code" that holds the other blocks together, source + code can be found in the root directory. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>Epan</command></term> + <listitem> + <para> + Ethereal Packet ANalyzer (XXX - is this correct?) the packet + analyzing engine, source code can be found in the + <filename>epan</filename> directory. + </para> + <itemizedlist> + <listitem> + <para> + Protocol-Tree - Keep data of the capture file protocol information. + </para> + </listitem> + <listitem> + <para> + Dissectors - The various protocol dissectors in + <filename>epan/dissectors</filename>. + </para> + </listitem> + <listitem> + <para> + Plugins - Some of the protocol dissectors are implemented as plugins, source + code at <filename>plugins</filename>. + </para> + </listitem> + <listitem> + <para> + Display-Filters - the display filter engine at + <filename>epan/dfilter</filename>. + </para> + </listitem> + </itemizedlist> + </listitem> + </varlistentry> + <varlistentry><term><command>Capture</command></term> + <listitem> + <para> + Capture engine. + </para> + </listitem> + </varlistentry> + <varlistentry><term><command>Wiretap</command></term> + <listitem> + <para> + The wiretap library is used to read/write capture files in libpcap + and a lot of other file formats, the source code is in the + <filename>wiretap</filename> directory. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><command>Win-/libpcap (not part of the Wireshark package)</command></term> + <listitem> + <para> + The platform dependant packet capture library, including the capture + filter engine. That's the reason why we still have different display + and capture filter syntax, as two different filtering engines used. + </para> + </listitem> + </varlistentry> + </variablelist> + </para> + </section> + + <section id="ChWorksCapturePackets"> + <title>Capturing packets</title> + <para> + Capturing will take packets from a network adapter, and save them to a file + on your harddisk. + </para> + <para> + To hide all the lowlevel machine dependant details from + Wireshark, the libpcap/WinPcap (see <xref linkend="ChLibsPcap"/>) library + is used. This library provides a general purpose interface to capture + packets from a lot of different network interface types (Ethernet, + Token Ring, ...). + </para> + </section> + + <section id="ChWorksCaptureFiles"> + <title>Capture Files</title> + <para> + Wireshark can read and write capture files in it's natural file format, the + libpcap format, which is used by many other network capturing tools, + e.g. tcpdump. In addition to this, as one of it's strengths, + Wireshark can read/write files in many different file formats of other + network capturing tools. The wiretap library, developed together with + Wireshark, provides a general purpose interface to read/write all the file + formats. If you need to add another capture file format, this is the place + to start. + </para> + </section> + + <section id="ChWorksDissectPackets"> + <title>Dissect packets</title> + <para> + While Wireshark is loading packets from a file, each packet is dissected. + Wireshark tries to detect what kind of packet it is and getting as much + information from it as possible. In this run, only the information showed + in the packet list pane is needed though. + </para> + <para> + As the user selects a specific packet in the packet list pane, this packet + will be dissected again. This time, Wireshark tries to + get every single piece of information and put it into + the packet details pane then. + </para> + </section> + +</chapter> +<!-- End of WSDG Chapter Works --> |