[obnox/wireshark/wip.git] / docbook / edg_src / EDG_chapter_works.xml

<!-- EDG Chapter Works -->
<!-- $Id$ -->

<chapter id="ChapterWorks">
  <title>How Ethereal Works</title>
  
  <section id="ChWorksIntro">
        <title>Introduction</title>
        <para>
        This chapter will give you a short overview, how Wireshark is working.
        </para>
  </section>

  <section id="ChWorksOverview">
        <title>Overview</title>
        <para>
        The following will give you a simplified overview of Ethereals function blocks:
        <figure id="ChWorksFigOverview">
          <title>
            <application>Ethereal</application> function blocks.
          </title>
          <graphic entityref="EtherealFunctionBlocks" format="PNG"/>
        </figure>
        </para>
        <para>
        The function blocks in more detail:
        <variablelist>
          <varlistentry><term><command>GTK 1/2</command></term>
            <listitem>
              <para>
                  Handling of all user input/output (all windows, dialogs and such). 
                  Source code can be found in the <filename>gtk</filename> directory.
              </para>
            </listitem>
          </varlistentry>
          <varlistentry><term><command>Core</command></term>
            <listitem>
              <para>
                  Main "glue code" that holds the other blocks together, source 
                  code can be found in the root directory.
              </para>
            </listitem>
          </varlistentry>
          <varlistentry><term><command>Epan</command></term>
            <listitem>
              <para>
                  Ethereal Package ANalyzing (XXX - is this correct?) the packet 
                  analyzing engine, source code can be found in the 
                  <filename>epan</filename> directory.
              </para>
          <itemizedlist>
            <listitem>
              <para>
                  Protocol-Tree - Keep data of the capture file protocol information.
              </para>
            </listitem>
            <listitem>
              <para>
                  Dissectors - The various protocol dissectors in 
                  <filename>epan/dissectors</filename>.
              </para>
            </listitem>
            <listitem>
              <para>
                  Plugins - Some of the protocol dissectors are implemented as plugins, source 
                  code at <filename>plugins</filename>.
              </para>
            </listitem>
            <listitem>
              <para>
                  Display-Filters - the display filter engine at 
                  <filename>epan/dfilter</filename>.
              </para>
            </listitem>
          </itemizedlist>
            </listitem>
          </varlistentry>
          <varlistentry><term><command>Capture</command></term>
            <listitem>
              <para>
                  Capture engine.
              </para>
            </listitem>
          </varlistentry>
          <varlistentry><term><command>Wiretap</command></term>
            <listitem>
              <para>
                  The wiretap library is used to read/write capture files in libpcap 
                  and a lot of other file formats, the source code is in the
                  <filename>wiretap</filename> directory.
              </para>
            </listitem>
          </varlistentry>
          <varlistentry>
          <term><command>Win-/libpcap (not part of the Wireshark package)</command></term>
            <listitem>
              <para>
                  The platform dependant packet capture library, including the capture 
                  filter engine. That's the reason why we still have different display 
                  and capture filter syntax, as two different filtering engines used.
              </para>
            </listitem>
          </varlistentry>
        </variablelist>
        </para>
  </section>

        <section id="ChWorksCapturePackets">
        <title>Capturing packets</title>
        <para>
        Capturing will take packets from a network adapter, and save them to a file 
        on your harddisk. 
        </para>
        <para>
        To hide all the lowlevel machine dependant details from 
        Ethereal, the libpcap/WinPcap (see <xref linkend="ChLibsPcap"/>) library 
        is used. This library provides a general purpose interface to capture 
        packets from a lot of different network interface types (Ethernet, 
        Token Ring, ...). 
        </para>
        </section>

        <section id="ChWorksCaptureFiles">
        <title>Capture Files</title>
        <para>
        Ethereal can read and write capture files in it's natural file format, the 
        libpcap format, which is used by many other network capturing tools, 
        e.g. tcpdump. In addition to this, as one of it's strengths,
        Ethereal can read/write files in many different file formats of other 
        network capturing tools. The wiretap library, developed together with 
        Ethereal, provides a general purpose interface to read/write all the file 
        formats. If you need to add another capture file format, this is the place 
        to start.       
        </para>
        </section>

        <section id="ChWorksDissectPackets">
        <title>Dissect packets</title>
        <para>
        While Wireshark is loading packets from a file, each packet is dissected. 
        Ethereal tries to detect what kind of packet it is and getting as much 
        information from it as possible. In this run, only the information showed 
        in the packet list pane is needed though. 
        </para>
        <para>
        As the user selects a specific packet in the packet list pane, this packet
        will be dissected again. This time, Ethereal tries to 
        get every single piece of information and put it into 
        the packet details pane then.
        </para>
        </section>

</chapter>
<!-- End of EDG Chapter Works -->