Introduction

Because Wireshark is open-source code software that is distributed under the General Public License (GPL), many developers throughout the world are able to contribute to the Wireshark project. This collaboration by many different individuals has made Wireshark a viable tool for many organizations.

Wireshark developers have contributed new features to the growing number of tools in the Wireshark distribution, including the console-based version of Wireshark named,Tshark, as well as a number of other tools that are part of the Wireshark distribution.

The main Wireshark application is a Graphical User Interface (GUI) application that utilizes components of GNU s Not UNIX (GNU) Image Manipulation Program (GIMP). The latest version of the GIMP Toolkit is called GTK+, and is maintained as a separate entity at www.gtk.org. Wireshark uses the GTK library for its GUI implementation, and new features often require modifications to the GUI (e.g., new menu items or modifications to existing menu selections). The core of this application includes the main window, menus, utility functions, and so forth.

The components of Wireshark that dissect packet structures are called protocol dis-sectors. These components are individual source code modules that instruct the main Wireshark application on how to dissect a specific type of protocol. The dissector can be complex or simple, based on the protocol that is being dissected. Most of the contributions to the Wireshark project are either new dissectors or enhancements to existing ones.

By utilizing the concepts within this chapter, you will learn the basic steps...