Ethereal-dev: Re: [Ethereal-dev] Ethereal Design Considerations.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 16 Apr 2003 16:09:00 -0700
On Wed, Apr 16, 2003 at 04:06:50PM -0700, Guy Harris wrote:
> On Thu, Apr 17, 2003 at 12:42:40AM +0100, Ole Henry Halvorsen wrote:
> > Hi.
> > 
> > theese questions could probably be answered by looking at the source code,
> > which I already did, however as ethereal is a big and complex program, it's
> > hard for someone outside to gain an overall view of it's design. So I
> > figured my questions would be best answered by someone who works on it.
> > 
> > 1. how does ethereal store packets internally
> 
> In a file.
> 
> > and in what form?
> 
> In the same file format tcpdump uses; the file has a header giving
> information such as the link-layer type of the packets in the file,
> followed by a sequence of packets in the form of a header giving a
> packet arrival timestamp and packet lengths (length on the network, and
> length in the file, which could be smaller than the length on the
> network if a shorter "snapshot length" was specified when capturing).

There's also an internal data structure (linked list) storing
information about all the frames in the capture, including a file offset
that can be used to re-read the frame's data from the capture file.