aboutsummaryrefslogtreecommitdiffstats
path: root/docbook/wsdg_src/WSDG_chapter_works.asciidoc
diff options
context:
space:
mode:
authorGerald Combs <gerald@zing.org>2014-02-02 11:00:30 -0800
committerGerald Combs <gerald@wireshark.org>2014-02-02 19:12:17 +0000
commit1b2145d931d663c8b4362c310682407fe67eb3d4 (patch)
tree545f5dbd405ced3d5fd00366ad75d163c40a5e89 /docbook/wsdg_src/WSDG_chapter_works.asciidoc
parent06510129bb697a586334996215a4be63aef137c4 (diff)
Convert three more WSDG chapters: works, build, and capture.
Start adding references to Qt and wsutil. Fix a file extension in CMakeLists.txt. Change-Id: I0cbe7e802d88a05effff40b5de72669e22c0df53 Reviewed-on: https://code.wireshark.org/review/79 Reviewed-by: Gerald Combs <gerald@wireshark.org> Tested-by: Gerald Combs <gerald@wireshark.org>
Diffstat (limited to 'docbook/wsdg_src/WSDG_chapter_works.asciidoc')
-rw-r--r--docbook/wsdg_src/WSDG_chapter_works.asciidoc115
1 files changed, 115 insertions, 0 deletions
diff --git a/docbook/wsdg_src/WSDG_chapter_works.asciidoc b/docbook/wsdg_src/WSDG_chapter_works.asciidoc
new file mode 100644
index 0000000000..725aad1b4f
--- /dev/null
+++ b/docbook/wsdg_src/WSDG_chapter_works.asciidoc
@@ -0,0 +1,115 @@
+++++++++++++++++++++++++++++++++++++++
+<!-- WSDG Chapter Works -->
+++++++++++++++++++++++++++++++++++++++
+
+[[ChapterWorks]]
+
+== How Wireshark Works
+
+[[ChWorksIntro]]
+
+=== Introduction
+
+This chapter will give you a short overview of how Wireshark works.
+
+[[ChWorksOverview]]
+
+=== Overview
+
+The following will give you a simplified overview of Wireshark's function blocks:
+
+[[ChWorksFigOverview]]
+
+.Wireshark function blocks
+image::wsdg_graphics/ws-function-blocks.png[]
+
+****
+This image is out of date. It is missing the utility library in 'wsutil' and
+the Qt UI in 'ui/qt'.
+****
+
+The function blocks in more detail:
+$$GTK+ 2$$:: Handling of all user input/output (all windows, dialogs and such).
+Source code can be found in the 'ui/gtk' directory.
+
+Core:: Main "glue code" that holds the other blocks together. Source
+code can be found in the root directory.
+
+Epan:: Ethereal Packet ANalyzer -- the packet analyzing engine.
+Source code can be found in the 'epan' directory. Epan provides
+the following APIs:
+
+* Protocol Tree. Dissection information for an individual packet.
+
+* Dissectors. The various protocol dissectors in
+'epan/dissectors'.
+
+* Dissector Plugins - Support for implementing dissectors as separate modules.
+Source code can be found in 'plugins'.
+
+* Display Filters - The display filter engine at
+'epan/dfilter'.
+
+Wiretap:: The wiretap library is used to read andwrite capture files in libpcap,
+pcapng, and many other file formats. Source code is in the
+'wiretap' directory.
+
+Capture:: The interface with the capture engine. Source code in the
+root directory.
+
+Dumpcap:: The capture engine itself. This is the only part that is to execute
+with elevated privileges. Source code in the root directory.
+
+WinPcap and libpcap:: These are separate libraries that provide packet capture
+and filtering support on different platforms. The filtering WinPcap and libpcap
+works at a much lower level than Wireshark's display filters and uses a
+significantly different mechanism. That's why we have different display and
+capture filter syntaxes.
+
+
+[[ChWorksCapturePackets]]
+
+=== Capturing packets
+
+Capturing takes packets from a network adapter and saves them to a file
+on your hard disk.
+
+Since raw network adapter access requires elevated privileges these functions
+are isolated into the `dumpcap` program. It's only this program that needs these
+privileges, allowing the main part of the code (dissectors, user interface,
+etc) to run with normal user privileges.
+
+To hide all the low-level machine dependent details from Wireshark, the libpcap
+and WinPcap (see <<ChLibsPcap>>) libraries is used. These libraries provide a
+general purpose interface to capture packets and are used by a wide variety of
+applications.
+
+[[ChWorksCaptureFiles]]
+
+=== Capture Files
+
+Wireshark can read and write capture files in its natural file formats, pcapng
+and pcap, which are used by many other network capturing tools, such as tcpdump.
+In addition to this, as one of its strengths, Wireshark can read and write files
+in many different file formats of other network capturing tools. The wiretap
+library, developed together with Wireshark, provides a general purpose interface
+to read and write all the file formats. If you need to add support for another
+capture file format this is the place to start.
+
+[[ChWorksDissectPackets]]
+
+=== Dissect packets
+
+While Wireshark is loading packets from a file each packet is dissected.
+Wireshark tries to detect the packet type and gets as much information from the
+packet as possible. In this run though, only the information shown in the packet
+list pane is needed.
+
+As the user selects a specific packet in the packet list pane this packet will
+be dissected again. This time, Wireshark tries to get every single piece of
+information and put it into the packet details pane.
+
+++++++++++++++++++++++++++++++++++++++
+<!-- End of WSDG Chapter Works -->
+++++++++++++++++++++++++++++++++++++++
+