Wireshark consists of the following major parts:
-
Packet dissection - in the /epan/dissector and /plugin/* directory
-
File I/O - using Wireshark's own wiretap library
-
Capture - using the libpcap/winpcap library
-
User interface - using the GTK (and corresponding) libraries
-
Help - using an external webbrowser and GTK text output
Beside this, some other minor parts and additional helpers exist.
Currently there's no clean separation of the modules in the code.
However, as the development team switched from CVS to SVN some time ago,
directory cleanup is much easier now. So there's a chance that
the directory structure will become clean in the future.