Ethereal Design

The Ethereal source distribution envelopes a main source directory and several subdirectories. The main source directory contains the following important source files:

• config.nmake This file instructs Ethereal where to locate libraries during the build.

• Makefile.nmake This is the script for making the Ethereal binaries on Win32.

• Makefile.am Automake configuration file for UNIX/Linux.

• cleanbld.bat File for switching between platforms.

• configure File for UNIX/Linux build and install.

• idl2eth.sh Shell script for creating Ethereal dissector for Interface Definition Language (IDL) files.

• INSTALL UNIX/Linux installation instructions.

• make-xxx Script files to build support modules.

• packet-xxx Protocol dissectors.

• README Associated readme files for multiple platforms.

• tap-xxx Protocol taps.

• xxxx Remaining files contain utility functions for Ethereal/Tethereal.

In Figure 9.1, you can see a breakdown of the directories contained in the Ethereal distribution.

Figure 9.1: Main Directory

aclocal-fallback and aclocal-missing

The aclocal-fallback and aclocal-missing directories are used to store information used by automake on UNIX/Linux-based systems.

debian

The debian directory is used for compatibility with debian Linux-based operating systems. These files are not under packaging because the debian tools require that the debian directory to be at the top-level directory of a source package.

doc

Contained within the doc directory are many text documents to assist you in the development process. They are provided in the following list:

• README.design This document provides some useful information on the core structure of Ethereal.

• README.developer This is the main document to assist in the development of new protocol dissectors. Also included are helpful design pointers, a sample template and potential problems.

• README.idl2eth Refer to this document when you desire to build a dissector from an IDL file.

• README.plug-ins Documentation for utilizing the plug-in interface of Ethereal.

• README.regression Steps for testing and regressing new dissectors. This file provides a template with which you can test for regressions in packet decodes. The file is structured as a makefile that can be utilized after modifying the core Ethereal code or a dissector to ensure that Ethereal operates correctly.

• README.tapping Detailed information on the tapping system built into Ethereal.

• README.tvbuff Tvbuff is the main structure for dissectors to access and display data. It also performs checks on the data to trap for errors in the data stream to prevent stack and buffer overflows. This document describes the proper use of the tvbuff functions and data structure.

• README.xml-output Tethereal provides a mechanism to output data in XML/PDML (Product Data Markup Language) format. This document outlines what this capability provides.

epan

The epan directory contains most of the utility and global functions used within dissectors. The subdirectory dfilter contains source for display filter functionality. The ftypes subdirectory contains source that define the different data types that are utilized in the data type logic (see Figure 9.2).

Figure 9.2: epan Directory

gtk

Contained within the gtk directory are the source files for the main Ethereal application. This includes the main GUI as well as the menu and toolbar. Basically, any of the Ethereal source that needs to access the GUI will reside within this directory.

help

The help directory will hold the source files that are used to build the content for the help menu dialogs. These are built during compile time and linked into the Ethereal binary file.

image

The icons and bitmaps linked into the Ethereal binary are stored in the image directory, as shown in Figure 9.3. The custom icons are stored in the toolbar subdirectory and are in X PixMap (XPM) format. The XPM file format is used to create icons and bitmaps for X-Windows-based operating systems.

Figure 9.3: Image Directory

packaging

The packaging directory contains the necessary scripts and files to generate a binary distribution, as shown in Figure 9.4. Currently supported distributions include the Nullsoft Scriptable Installation System (NSIS) to generate a Windows installation package or the RedHat Package Manager (rpm) and System V Release 4 (svr4) to generate Linux and UNIX installation packages.

Figure 9.4: Packaging Directory

GTK 2.x allows you to change from stock icons to custom icons. When making your own custom icons, make sure you create them with the same physical dimensions as the other bitmaps contained in the toolbar subdirectory.

plugins

A number of dissectors have been written to interface with Ethereal through the plugin interface, as shown in Figure 9.5. For detailed information on how to create a plug-in, refer to the README.plugins document in the doc directory.

Figure 9.5: Plugins Interface

To build the NSIS install package for Windows-based systems, you will need to download the NSIS compiler from www.nullsoft.com/free/nsis.

tools

Ethereal’s source distribution contains several tools in this directory. In the tools directory the EtherealXML.py file is a python script to read Tethereal-generated PDML files. The lemon directory contains the Lemon tool, which will generate C source files based on a supplied template, as shown in Figure 9.6. Lemon is a parser generator for C or C++ that does the same job as bison and yacc, but Lemon provides more flexibility and does a better job of eliminating common errors. It also runs much faster then the other tools, is reentrant, and is thread-safe.

Figure 9.6: Lemon Directory

wiretap

The wiretap directory is the core capture file support library, which provides the support to read and write different capture file formats. For information on how to add or modify the capture file types supported by Ethereal, refer to the README.developer document located in the wiretap directory.