Wireshark mailing list archives
Re: Wireshark API/packet "trace"
From: Guy Harris <guy () alum mit edu>
Date: Fri, 5 Mar 2010 11:04:52 -0800
On Mar 4, 2010, at 1:05 PM, Shawn Mayer wrote:
Where is the Wireshark API/code documentation located?
Some of it is in the "doc" directory in the source code, in a bunch of README.* files. The rest of it is scattered in the source tree, in a bunch of .c and .h files. :-)
Also is it described anywhere of what happens to a packet as it is captured (basically how it traverses the code?)
As it is captured, or as it is dissected? "As it is captured" is, at least in part, OS-dependent. Packets are initially processed by a mechanism running in kernel mode; it's built into the OS in UN*Xes (BPF, PF_PACKET sockets, DLPI, etc.), and provided as a driver with WinPcap on Windows. Then it's received by libpcap/WinPcap, which hands them to the application - dumpcap, in this case - and then written to a file, which Wireshark/TShark read. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Wireshark API/packet "trace" Shawn Mayer (Mar 05)
- Re: Wireshark API/packet "trace" Guy Harris (Mar 05)
- Re: Wireshark API/packet "trace" dest (Mar 06)
- Re: Wireshark API/packet "trace" Guy Harris (Mar 05)