|
Hi list
Most of the questions I am asking might be very
simple but I am just trying to understand How exactly ethereal code is written
(Macro level -concept not the code itself) . I am planning
to write a flow chart for ethereal
this is for some one like me who
knows network programming but new to
sniffing .
It will be a document which a technical person
should read before getting in to unserstanding the ethereal source. As a kind of
prerequiste for reading Readme.devoloper or source
code.
Let us concentrate on pcap only (If
you guys are interested we can add other types also in flow
chart.
Just want to know whether i understood the
mechanism correctly
Capturing and storing
----------------
Step1: How does ethereal know which format
should be used for writing packet or in other words what are
the field different in different file types like pcap,enc etc Since packet
structure is same (depending on Protocol) .
Step 2: For the case of pcap How does it
find out the DLT type
Step 3: How packets bytes are written on file
sequetialy or ....
Reading
------------
step 1 : You have a device which can give you
packets in pcap format
step 2 : You get a pointer to start of
file.
step 3 : How will you find out DLT type ie is
the location of DLT is fixed from start of file.
Step 4 : Now Let us say you know DLT value ,
How ethereal knows which protocol discetor to call now (generally not for
a particular protocol)
I am not looking for programming stuff but
technology behind ethereal
Kindly send you comment on all or any of the
questions above. I am available to compile all comments finally.
Naveen
| 
