This document is an attempt, to bring some light to the things done, when
packet capturing is performed. There might be things missing, and others
maybe wrong :-( The following will concentrate a bit on the win32 gtk
-port of ethereal.
+port of wireshark.
-XXX: when ongoing file reorganisation will be completed, the following
+XXX: when ongoing file reorganization will be completed, the following
two lists maybe won't be needed any longer!
libpcap related source files:
-----------------------------
-pcap-util.c
-pcap-util.h
-pcap-util-int.h
-pcap-util-unix.c
+capture-pcap-util.c
+capture-pcap-util.h
+capture-pcap-util-int.h
+capture-pcap-util-unix.c
capture-wpcap.c
capture-wpcap.h
capture_wpcap_packet.c
Capture driver
--------------
-Etheral doesn't have direct access to the capture hardware. Instead of this,
+Wireshark doesn't have direct access to the capture hardware. Instead of this,
it uses the Libpcap/Winpcap library to capture data from network cards.
-On Win32, in capture-wpcap.c the function g_module_open("wpcap") is called
+On Win32, in capture-wpcap.c the function ws_module_open("wpcap.dll") is called
to load the wpcap.dll. This dll includes all functions needed for
packet capturing.
dialog box (which obviously cannot be used it this dialog is hidden).
The Stop button will stop the capture itself, close the control pipe and then
-closes itself. The parent will detect this and stop it's part of the capture.
+closes itself. The parent will detect this and stop its part of the capture.
If the menu/toolbar is used, the parent will send a break signal to the child
which will lead to the same sequence as described above.
Start capture
-------------
A capture is started, by specifying to start the capture at the command line,
-trigger the Ok button in the "Capture Options" dialog box and some more. The
+trigger the OK button in the "Capture Options" dialog box and some more. The
capture start is actually done by calling the capture_start() function in
capture.c.
Capture parent
--------------
-In the capture parent the cap_pipe_input_cb() function is called "cyclically"
-(unix:waiting for pipe, win32:timer,1000ms) to read data from the pipe and show it
-on the main screen. While the capture is in progress, no other capture file
+In the capture parent the cap_pipe_input_cb() function is called "cyclically"
+(unix:waiting for pipe, win32:timer,1000ms) to read data from the pipe and show
+it on the main screen. While the capture is in progress, no other capture file
can be opened.
Updating
--------
-The actual packet capturing inside the libpcap is done using it's own task.
+The actual packet capturing inside the libpcap is done using its own task.
Catching and processing the packet data from the libpcap is done using the
-pcap_dispatch() function.
+pcap_dispatch() function.
git.samba.org / obnox / wireshark / wip.git / blobdiff