On May 6, 2014, at 12:47 PM, my007ms <[email protected]> wrote:
>
> So wireshark use normal libpcap.so not libwiretap.so in capture packets ?
(Not on my machine - it's called libpcap.dylib on my machine. It might be
called libpcap.dll on other machines. :-))
Correct. Early in Ethereal development, we thought libwiretap would be used to
do live capture in addition to reading capture files, but that never became
necessary.
> if you please guide me which file in source code i should read to find more
> about this part of wireshark
If by "this part" you mean packet capture, read dumpcap.c. (Wireshark and
TShark run dumpcap to do the packet capture; packet capture might require
elevated privileges, and, well, as doc/README.packaging says:
WIRESHARK CONTAINS OVER TWO MILLION LINES OF SOURCE CODE. DO NOT RUN
THEM AS ROOT.
so we limit the elevated-privileges part to dumpcap, which is simpler and does
not contain and *NEVER* will contain packet-dissection code.)
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
