+++ /dev/null
-<!-- EDG Chapter Works -->
-<!-- $Id$ -->
-
-<chapter id="ChapterWorks">
- <title>How Ethereal Works</title>
-
- <section id="ChWorksIntro">
- <title>Introduction</title>
- <para>
- This chapter will give you a short overview, how Wireshark is working.
- </para>
- </section>
-
- <section id="ChWorksOverview">
- <title>Overview</title>
- <para>
- The following will give you a simplified overview of Ethereals function blocks:
- <figure id="ChWorksFigOverview">
- <title>
- <application>Ethereal</application> function blocks.
- </title>
- <graphic entityref="EtherealFunctionBlocks" format="PNG"/>
- </figure>
- </para>
- <para>
- The function blocks in more detail:
- <variablelist>
- <varlistentry><term><command>GTK 1/2</command></term>
- <listitem>
- <para>
- Handling of all user input/output (all windows, dialogs and such).
- Source code can be found in the <filename>gtk</filename> directory.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry><term><command>Core</command></term>
- <listitem>
- <para>
- Main "glue code" that holds the other blocks together, source
- code can be found in the root directory.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry><term><command>Epan</command></term>
- <listitem>
- <para>
- Ethereal Package ANalyzing (XXX - is this correct?) the packet
- analyzing engine, source code can be found in the
- <filename>epan</filename> directory.
- </para>
- <itemizedlist>
- <listitem>
- <para>
- Protocol-Tree - Keep data of the capture file protocol information.
- </para>
- </listitem>
- <listitem>
- <para>
- Dissectors - The various protocol dissectors in
- <filename>epan/dissectors</filename>.
- </para>
- </listitem>
- <listitem>
- <para>
- Plugins - Some of the protocol dissectors are implemented as plugins, source
- code at <filename>plugins</filename>.
- </para>
- </listitem>
- <listitem>
- <para>
- Display-Filters - the display filter engine at
- <filename>epan/dfilter</filename>.
- </para>
- </listitem>
- </itemizedlist>
- </listitem>
- </varlistentry>
- <varlistentry><term><command>Capture</command></term>
- <listitem>
- <para>
- Capture engine.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry><term><command>Wiretap</command></term>
- <listitem>
- <para>
- The wiretap library is used to read/write capture files in libpcap
- and a lot of other file formats, the source code is in the
- <filename>wiretap</filename> directory.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><command>Win-/libpcap (not part of the Wireshark package)</command></term>
- <listitem>
- <para>
- The platform dependant packet capture library, including the capture
- filter engine. That's the reason why we still have different display
- and capture filter syntax, as two different filtering engines used.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </para>
- </section>
-
- <section id="ChWorksCapturePackets">
- <title>Capturing packets</title>
- <para>
- Capturing will take packets from a network adapter, and save them to a file
- on your harddisk.
- </para>
- <para>
- To hide all the lowlevel machine dependant details from
- Ethereal, the libpcap/WinPcap (see <xref linkend="ChLibsPcap"/>) library
- is used. This library provides a general purpose interface to capture
- packets from a lot of different network interface types (Ethernet,
- Token Ring, ...).
- </para>
- </section>
-
- <section id="ChWorksCaptureFiles">
- <title>Capture Files</title>
- <para>
- Ethereal can read and write capture files in it's natural file format, the
- libpcap format, which is used by many other network capturing tools,
- e.g. tcpdump. In addition to this, as one of it's strengths,
- Ethereal can read/write files in many different file formats of other
- network capturing tools. The wiretap library, developed together with
- Ethereal, provides a general purpose interface to read/write all the file
- formats. If you need to add another capture file format, this is the place
- to start.
- </para>
- </section>
-
- <section id="ChWorksDissectPackets">
- <title>Dissect packets</title>
- <para>
- While Wireshark is loading packets from a file, each packet is dissected.
- Ethereal tries to detect what kind of packet it is and getting as much
- information from it as possible. In this run, only the information showed
- in the packet list pane is needed though.
- </para>
- <para>
- As the user selects a specific packet in the packet list pane, this packet
- will be dissected again. This time, Ethereal tries to
- get every single piece of information and put it into
- the packet details pane then.
- </para>
- </section>
-
-</chapter>
-<!-- End of EDG Chapter Works -->
git.samba.org / obnox / wireshark / wip.git / blobdiff