Introduction
Source overview
Wireshark consists of the following major parts:
Packet dissection - in the /epan/dissector and /plugin/* directory
File I/O - using Wireshark's own wiretap library
Capture - using the libpcap/winpcap library, in /wiretap
User interface - using the GTK+ (and corresponding) libraries
Help - using an external webbrowser and GTK text output
Beside this, some other minor parts and additional helpers exist.
Currently there's no clean separation of the modules in the code.
However, as the development team switched from Concurrent Versions System
(CVS) to Subversion (SVN) some time ago,
directory cleanup is much easier now. So there's a chance that
the directory structure will become clean in the future.
Coding styleguides
The coding styleguides for Wireshark can be found in the "Code style"
section of the file doc/README.developer.
The GLib library
Glib is used as a basic platform abstraction library, it's not related to
GUI things.
To quote the Glib documentation: GLib is a general-purpose utility
library, which provides many useful
data types, macros, type conversions, string utilities, file utilities,
a main loop abstraction, and so on. It works on many UNIX-like platforms,
Windows, OS/2 and BeOS. GLib is released under the GNU Library General
Public License (GNU LGPL).
GLib contains lot's of useful things for platform independent development.
See
for details about GLib.