Char * device; |
/*declaring variable, name of the network interface being used for intercepting data packets*/ |
pcap_t*p; |
/*declaring variable, control code of the intercepted data packets (the most important data structure)*/ |
Struct bpf_program fcode; |
/* Berkeley Packet Filter (BPF) code structure involving the use of struct*/ |
Step 1. Locate the device that can intercept data packets; |
device = pcap_lookupdev(errbuf); |
Step 2. Create a control program for interception, and then prepare to intercept; |
p = pcap_open_live (device, 8000, 1, 500, errbuf); |
Step 3. If the user has set the screening criteria, proceed to compile and install the screening program; |
pcap_compile(p, &fcode, filter_string, 0, netmask): |
pcap_setfilter(p, &fcode): |
Step 4. Enter (dead) loop, and then repeatedly intercept data packets by setting them to NULL; |
for(;;) |
{while |
((ptr = (char*)(pcap_next(p,&hdr))) == NULL); |
Step 5. Convert intercepted data to Ethernet data packet type; |
eth = (struct libnet_ethernet_hdr*)ptr; |
Step 6. Analyze Ethernet data packets, determine the type of data packets contained within, |
and carry out further processing; |
if(eth->ether_type == ntohs(ETHERTYPE_IP)) |
|
if(eth->ether_type == ntohs(ETHERTYPE_ARP)) |
|
Step 7. Terminate the control program for interception. Increase the number of signal handlers |
at program initialization so that the last iteration of this program can be executed prior to exiting the program. |
pcap_close(p); |