Hello all,
I am studying & planning to implement the packet capture drivers.
According what info I gathered from the net and other sources, I
visualize it as follows:-
When interested in specific traffic i.e. to sniff on port 23 (telnet) in
search of passwords or perhaps we want to highjack a file being sent
over port 21 (FTP), whatever the case, rarely do we just want to blindly
sniff all network traffic. Then we enter pcap_compile() and
pcap_setfilter().
First, pcap's filter is more efficient, because it does it directly with
the BPF filter.
So, I imagine the calls to pcap_compile() and pcap_setfilter() functions
will invoke the packet capture driver.
Am I right? How & where do I get the Architecture of the packet capture
driver & where exactly it fits?
Sorry, if I have posted in a wrong place. In such case, do guide me with
the right maillists or site address.
Thanks for the help in advance.
Regards,
Mukund jampala