Fixup edg -> wsdg

svn path=/trunk/; revision=18373

1 files changed, 154 insertions, 0 deletions

diff --git a/docbook/wsdg_src/WSDG_chapter_works.xml b/docbook/wsdg_src/WSDG_chapter_works.xml
new file mode 100644
index 0000000000..6b27859355
--- /dev/null
+++ b/docbook/wsdg_src/WSDG_chapter_works.xml
@@ -0,0 +1,154 @@
+<!-- WSDG Chapter Works -->
+<!-- $Id$ -->
+
+<chapter id="ChapterWorks">
+  <title>How Wireshark Works</title>
+  
+  <section id="ChWorksIntro">
+	<title>Introduction</title>
+	<para>
+	This chapter will give you a short overview, how Wireshark is working.
+	</para>
+  </section>
+
+  <section id="ChWorksOverview">
+	<title>Overview</title>
+	<para>
+	The following will give you a simplified overview of Wiresharks function blocks:
+	<figure id="ChWorksFigOverview">
+	  <title>
+	    <application>Wireshark</application> function blocks.
+	  </title>
+	  <graphic entityref="WiresharkFunctionBlocks" format="PNG"/>
+	</figure>
+	</para>
+	<para>
+	The function blocks in more detail:
+	<variablelist>
+	  <varlistentry><term><command>GTK 1/2</command></term>
+	    <listitem>
+	      <para>
+		  Handling of all user input/output (all windows, dialogs and such). 
+		  Source code can be found in the <filename>gtk</filename> directory.
+	      </para>
+	    </listitem>
+	  </varlistentry>
+	  <varlistentry><term><command>Core</command></term>
+	    <listitem>
+	      <para>
+		  Main "glue code" that holds the other blocks together, source 
+		  code can be found in the root directory.
+	      </para>
+	    </listitem>
+	  </varlistentry>
+	  <varlistentry><term><command>Epan</command></term>
+	    <listitem>
+	      <para>
+		  Ethereal Packet ANalyzer (XXX - is this correct?) the packet 
+		  analyzing engine, source code can be found in the 
+		  <filename>epan</filename> directory.
+	      </para>
+	  <itemizedlist>
+	    <listitem>
+	      <para>
+		  Protocol-Tree - Keep data of the capture file protocol information.
+	      </para>
+	    </listitem>
+	    <listitem>
+	      <para>
+		  Dissectors - The various protocol dissectors in 
+		  <filename>epan/dissectors</filename>.
+	      </para>
+	    </listitem>
+	    <listitem>
+	      <para>
+		  Plugins - Some of the protocol dissectors are implemented as plugins, source 
+		  code at <filename>plugins</filename>.
+	      </para>
+	    </listitem>
+	    <listitem>
+	      <para>
+		  Display-Filters - the display filter engine at 
+		  <filename>epan/dfilter</filename>.
+	      </para>
+	    </listitem>
+	  </itemizedlist>
+	    </listitem>
+	  </varlistentry>
+	  <varlistentry><term><command>Capture</command></term>
+	    <listitem>
+	      <para>
+		  Capture engine.
+	      </para>
+	    </listitem>
+	  </varlistentry>
+	  <varlistentry><term><command>Wiretap</command></term>
+	    <listitem>
+	      <para>
+		  The wiretap library is used to read/write capture files in libpcap 
+		  and a lot of other file formats, the source code is in the
+		  <filename>wiretap</filename> directory.
+	      </para>
+	    </listitem>
+	  </varlistentry>
+	  <varlistentry>
+	  <term><command>Win-/libpcap (not part of the Wireshark package)</command></term>
+	    <listitem>
+	      <para>
+		  The platform dependant packet capture library, including the capture 
+		  filter engine. That's the reason why we still have different display 
+		  and capture filter syntax, as two different filtering engines used.
+	      </para>
+	    </listitem>
+	  </varlistentry>
+	</variablelist>
+	</para>
+  </section>
+
+	<section id="ChWorksCapturePackets">
+	<title>Capturing packets</title>
+	<para>
+	Capturing will take packets from a network adapter, and save them to a file 
+	on your harddisk. 
+	</para>
+	<para>
+	To hide all the lowlevel machine dependant details from 
+	Wireshark, the libpcap/WinPcap (see <xref linkend="ChLibsPcap"/>) library 
+	is used. This library provides a general purpose interface to capture 
+	packets from a lot of different network interface types (Ethernet, 
+	Token Ring, ...). 
+	</para>
+	</section>
+
+	<section id="ChWorksCaptureFiles">
+	<title>Capture Files</title>
+	<para>
+	Wireshark can read and write capture files in it's natural file format, the 
+	libpcap format, which is used by many other network capturing tools, 
+	e.g. tcpdump. In addition to this, as one of it's strengths,
+	Wireshark can read/write files in many different file formats of other 
+	network capturing tools. The wiretap library, developed together with 
+	Wireshark, provides a general purpose interface to read/write all the file 
+	formats. If you need to add another capture file format, this is the place 
+	to start.	
+	</para>
+	</section>
+
+	<section id="ChWorksDissectPackets">
+	<title>Dissect packets</title>
+	<para>
+	While Wireshark is loading packets from a file, each packet is dissected. 
+	Wireshark tries to detect what kind of packet it is and getting as much 
+	information from it as possible. In this run, only the information showed 
+	in the packet list pane is needed though. 
+	</para>
+	<para>
+	As the user selects a specific packet in the packet list pane, this packet
+	will be dissected again. This time, Wireshark tries to 
+	get every single piece of information and put it into 
+	the packet details pane then.
+	</para>
+	</section>
+
+</chapter>
+<!-- End of WSDG Chapter Works -->