Wireshark - 0.99.7 사용자 가이드
Core
Main "glue code" that holds the other blocks together. Source
code can be found in the root directory.
code can be found in the root directory.
Epan
Ethereal Packet ANalyzer (XXX - is this correct?) the packet
analyzing engine. Source code can be found in the
analyzing engine. Source code can be found in the
epan
dir-
ectory.
•
Protocol-Tree - Keep data of the capture file protocol in-
formation.
formation.
•
Dissectors - The various protocol dissectors in
epan/
dissectors
.
•
Plugins - Some of the protocol dissectors are implemented
as plugins. Source code can be found at
as plugins. Source code can be found at
plugins
.
•
Display-Filters - the display filter engine at
epan/
dfilter
.
Capture
Capture engine.
Wiretap
The wiretap library is used to read/write capture files in libp-
cap and a lot of other file formats. Source code in the
cap and a lot of other file formats. Source code in the
wiretap
directory.
Win-/libpcap (not part of the
Wireshark package)
Wireshark package)
The platform dependent packet capture library, including the
capture filter engine. That's the reason why we still have dif-
ferent display and capture filter syntax, as two different filter-
ing engines are used.
capture filter engine. That's the reason why we still have dif-
ferent display and capture filter syntax, as two different filter-
ing engines are used.
How Wireshark Works
89