Because the project at hand needed to identify the application-layer protocol, the Wireshark was thought to integrate the Wireshark Protocol analysis code into the project. On the official website under the latest version of the Wireshark source code, my goodness, more than 200 m, so many code files how to see? On the internet for a long time, hoping to find other people's analysis report, unfortunately, looked for a long time did not find, more or how to develop Wireshark protocol identification and analysis of plug-ins, very few people analyze its source code. So, I found a tool to view the source code more convenient--source insight, want to take a look at these code files, maybe a good luck, look at to know how it works.
People who have seen Wireshark source code should know that it has a lot of code files, and I am also the first to read so many other people's code, so to integrate the Wireshark protocol analysis code into my project, it is really not easy for me. Spent a lot of time, searched a lot of information, also read a lot of information, finally decided to start from Wireshark command line mode--tshark, analysis Tshark How to identify the network protocol.
I decided to use breakpoint debugging to see how Tshark works, but to debug, you need to compile the connection Wireshark source code. Then began to find information to explore how to compile my Wireshark code. This part of the information is relatively easy to find, but the data are not successfully compiled, and finally on the basis of others, coupled with their own thinking, finally compiled successfully. The previous article describes how to compile Wireshark source code on visual studio2008.
Long winded so much, really began to analyze the Tshark code.
First of all, the successful compilation of the Wireshark source code folder appears a lot of target files, but also generated a wireshark-gtk2 folder, there are several EXE files, such as Wireshark.exe,tshark.exe,dumpcap.exe and so on. The following are the specific examples:
This image is part of the Wireshark-gtk2 folder.
Next, you can use Visual studio2008 (the tool is not limited, but finally with the tools you selected at compile time) to open the WIRESHARK-GTK2 in the directory of the project files, such a number of engineering documents, open one, the other will be automatically added, Because all the project files are in one solution, as shown in:
Because only the tshark part of the code, so you can remove it all the project, and then in the Tshark project source file has a tshark.c file, found in the main () function, this is the entry of the program, then you can next breakpoint tracking debugging.
Write this today and attach a detailed analysis report tomorrow.
Wireshark Source Analysis One