Wireshark

http://www.wireshark.org/

Wireshark (previously called ethereal) is a network protocol analysis tool - it examines packets on a network link and allows the used to get information about what is going on.

Examine the latest (or any chosen recent) version of wireshark sources. (Be warned, it is big, the bzip'd tar file is close to 30 million bytes)

Look at (one of) three issues in wireshark ...

How it achieves portability (it runs on many different operating systems, including windows & all unix variants). This will be an issue concerning mostly the way it interacts with the network to select packets to examine, and the User Interface (interaction with the window system, etc).

How it is built to allow analysers for new protocols to be easily added, so it is able to analyse protocols that are new.

How it examines protocols where single packets are insufficient to produce meaningful results - that is, how it collects information from multiple packets and allows the user to get information from those in a way consistent with the general design. (Any protocol that uses TCP for underlying transport might need this kind of service, as TCP breaks the data stream wherever it feels is useful, without regard to any meaning in the upper level data stream. IP fragmentation is another similar issue.)

Both answer the question assigned to you, and explain how you (individually and as a group) examined the source code to discover how wireshark works, and is built.

You can include in your answer any improvements you believe would make wireshark better (particularly from an implementation point of view, rather than in completeness or the user interface.)

To fetch the source code for wireshark, click on this link look under the Stable Release heading, and select the Source Code link.