Dissertation - Design Document - Pseudocode: Acting on the Main Data Structure

Pseudocode: Acting on the Main Data Structure

Scanning involves sending ARP who-has packets, receiving replies, and analyzing the received packets. A parent process will assemble the packet asking for the target IP address holder to reply with its MAC address. The parent process forks a child to receive replies, sends five packets, and then sleeps for 500 msecs. The child process receives packets and forks a child to handle each one. These grandchild processes compare the sender's MAC to the authorized MAC for the IP in ips_and_macs. On a mismatch, an alert is triggered.


// assemble packets of type arphdr

declare packet of type arphdr;

packet->ar_hrd = ARPHRD_ETHER; // 1

packet->ar_pro = ETHERTYPE_IP; //0x0800, per RFC 894

packet->ar_hln = 6 // IEEE 802.3 and IEEE 802.5 have 6-byte addresses

packet->ar_pln = 4;

packet->ar_op = ARPOP_REQUEST; // 1

packet->__ar_sha = local_ethernet_addr;

packet->__ar_sip = local_ip_addr;

packet->__ar_tha = ethernet_broadcast; // dest MAC address unknown

packet->__ar_tip = target_ip_addr; // queried addr from ips_and_macs



fork child process which

   Repeat:

      Receive packets;

      When packet received, fork child process which

         if packet->__ar_tha = local_ethernet_address AND

          packet->ar_op = ARPOP_RESPONSE AND

          packet->__ar_sip = target_ip_address

             if packet->__ar_sha <> target_ethernet_addr

                send alert;

                destroy packet;

                exit;

         else

             destroy packet;

             exit;

	// Does not exit; runs until killed by parent process



repeat 5 times:

   send packet;



sleep for .5 seconds; // plenty of time for child to get all replies

kill child;