Table of Contents
Wireshark consists of the following major parts:
Packet dissection - in the /epan/dissector and /plugin/* directory
File I/O - using Wireshark's own wiretap library
Capture - using the libpcap/winpcap library, in /wiretap
User interface - using the GTK+ (and corresponding) libraries
Help - using an external webbrowser and GTK text output
Beside this, some other minor parts and additional helpers exist.
Currently there's no clean separation of the modules in the code. However, as the development team switched from Concurrent Versions System (CVS) to Subversion (SVN) some time ago, directory cleanup is much easier now. So there's a chance that the directory structure will become clean in the future.