1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
<!-- EDG Chapter Works -->
<!-- $Id$ -->
<chapter id="ChapterWorks">
<title>How Ethereal Works</title>
<section id="ChWorksIntro">
<title>Introduction</title>
<para>
This chapter will give you a short overview, how Ethereal is working.
</para>
</section>
<section id="ChWorksOverview">
<title>Overview</title>
<para>
The following will give you a simplified overview of Ethereals function blocks:
<figure id="ChWorksFigOverview">
<title>
<application>Ethereal</application> function blocks.
</title>
<graphic entityref="EtherealFunctionBlocks" format="PNG"/>
</figure>
</para>
<para>
The function blocks in more detail:
<variablelist>
<varlistentry><term><command>GTK 1/2</command></term>
<listitem>
<para>
Handling of all user input/output (all windows, dialogs and such).
Source code can be found in the <filename>gtk</filename> directory.
</para>
</listitem>
</varlistentry>
<varlistentry><term><command>Core</command></term>
<listitem>
<para>
Main "glue code" that holds the other blocks together, source
code can be found in the root directory.
</para>
</listitem>
</varlistentry>
<varlistentry><term><command>Epan</command></term>
<listitem>
<para>
Ethereal Package ANalyzing (XXX - is this correct?) the packet
analyzing engine, source code can be found in the
<filename>epan</filename> directory.
</para>
<itemizedlist>
<listitem>
<para>
Protocol-Tree - Keep data of the capture file protocol information.
</para>
</listitem>
<listitem>
<para>
Dissectors - The various protocol dissectors in
<filename>epan/dissectors</filename>.
</para>
</listitem>
<listitem>
<para>
Plugins - Some of the protocol dissectors are implemented as plugins, source
code at <filename>plugins</filename>.
</para>
</listitem>
<listitem>
<para>
Display-Filters - the display filter engine at
<filename>epan/dfilter</filename>.
</para>
</listitem>
</itemizedlist>
</listitem>
</varlistentry>
<varlistentry><term><command>Capture</command></term>
<listitem>
<para>
Capture engine.
</para>
</listitem>
</varlistentry>
<varlistentry><term><command>Wiretap</command></term>
<listitem>
<para>
The wiretap library is used to read/write capture files in libpcap
and a lot of other file formats, the source code is in the
<filename>wiretap</filename> directory.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>Win-/libpcap (not part of the Ethereal package)</command></term>
<listitem>
<para>
The platform dependant packet capture library, including the capture
filter engine. That's the reason why we still have different display
and capture filter syntax, as two different filtering engines used.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</section>
<section id="ChWorksCapturePackets">
<title>Capturing packets</title>
<para>
Capturing will take packets from a network adapter, and save them to a file
on your harddisk.
</para>
<para>
To hide all the lowlevel machine dependant details from
Ethereal, the libpcap/WinPcap (see <xref linkend="ChLibsPcap"/>) library
is used. This library provides a general purpose interface to capture
packets from a lot of different network interface types (Ethernet,
Token Ring, ...).
</para>
</section>
<section id="ChWorksCaptureFiles">
<title>Capture Files</title>
<para>
Ethereal can read and write capture files in it's natural file format, the
libpcap format, which is used by many other network capturing tools,
e.g. tcpdump. In addition to this, as one of it's strengths,
Ethereal can read/write files in many different file formats of other
network capturing tools. The wiretap library, developed together with
Ethereal, provides a general purpose interface to read/write all the file
formats. If you need to add another capture file format, this is the place
to start.
</para>
</section>
<section id="ChWorksDissectPackets">
<title>Dissect packets</title>
<para>
While Ethereal is loading packets from a file, each packet is dissected.
Ethereal tries to detect what kind of packet it is and getting as much
information from it as possible. In this run, only the information showed
in the packet list pane is needed though.
</para>
<para>
As the user selects a specific packet in the packet list pane, this packet
will be dissected again. This time, Ethereal tries to
get every single piece of information and put it into
the packet details pane then.
</para>
</section>
</chapter>
<!-- End of EUG Chapter Works -->
|
