Wireshark consists of the following major parts:
-
Packet dissection - in the /epan/dissectors and
/plugins/epan/* directories
-
Capture file I/O - using Wireshark’s own wiretap library
-
Capture - using the libpcap and Npcap libraries, in dumpcap.c and
the /capture directory
-
User interface - using Qt and associated libraries
-
Utilities - miscellaneous helper code
-
Help - using an external web browser and text output