Re: Which pcap function wireshark use

[Guy Harris <guy () alum mit edu>]

On May 6, 2014, at 12:47 PM, my007ms <my007ms () yahoo com> wrote:

> So wireshark use normal libpcap.so not libwiretap.so in capture packets ?

(Not on my machine - it's called libpcap.dylib on my machine.  It might be called libpcap.dll on other machines. :-))

Correct.  Early in Ethereal development, we thought libwiretap would be used to do live capture in addition to reading 
capture files, but that never became necessary.

> if you please guide me which file in source code i should read to find more about this part of wireshark

If by "this part" you mean packet capture, read dumpcap.c.  (Wireshark and TShark run dumpcap to do the packet capture; 
packet capture might require elevated privileges, and, well, as doc/README.packaging says:

        WIRESHARK CONTAINS OVER TWO MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT.

so we limit the elevated-privileges part to dumpcap, which is simpler and does not contain and *NEVER* will contain 
packet-dissection code.)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe