| Char * device; |
| /*declaring variable, name of the network interface being used for intercepting data packets*/ |
| pcap_t*p; |
| /*declaring variable, control code of the intercepted data packets (the most important data structure)*/ |
| Struct bpf_program fcode; |
| /* Berkeley Packet Filter (BPF) code structure involving the use of struct*/ |
| Step 1. Locate the device that can intercept data packets; |
| device = pcap_lookupdev(errbuf); |
| Step 2. Create a control program for interception, and then prepare to intercept; |
| p = pcap_open_live (device, 8000, 1, 500, errbuf); |
| Step 3. If the user has set the screening criteria, proceed to compile and install the screening program; |
| pcap_compile(p, &fcode, filter_string, 0, netmask): |
| pcap_setfilter(p, &fcode): |
| Step 4. Enter (dead) loop, and then repeatedly intercept data packets by setting them to NULL; |
| for(;;) |
| {while |
| ((ptr = (char*)(pcap_next(p,&hdr))) == NULL); |
| Step 5. Convert intercepted data to Ethernet data packet type; |
| eth = (struct libnet_ethernet_hdr*)ptr; |
| Step 6. Analyze Ethernet data packets, determine the type of data packets contained within, |
| and carry out further processing; |
| if(eth->ether_type == ntohs(ETHERTYPE_IP)) |
| |
| if(eth->ether_type == ntohs(ETHERTYPE_ARP)) |
| |
| Step 7. Terminate the control program for interception. Increase the number of signal handlers |
| at program initialization so that the last iteration of this program can be executed prior to exiting the program. |
| pcap_close(p); |
