The starting function main is in the file tcpick.c.
Command-line arguments are parsed by parse_args
(args.c).
The packet capture engine is powered by the pcap library, that
handles, with the function pcap_loop the callback loop function
got_packet (loop.c).
When a packet has been captured by pcap_loop it will be
calculated the offset of the ip header (ippacket), the offset
of the tcp header (tcppacket). Finally the function
verify (verify.c) will be called to analyze the packet.
Packet offset and size are declared globally (extern.h and
globals.h) not to allocate the stack every time a function that
works on the packet is called
The source code that contains the function verify begins with
several #define's used to verify if a sniffed packet match an
inizialized connection (or else if it creates a new one).
All connections tracked are stored in a linked list (i hope I will be able to replace it with an efficient balanced tree).
The struct host_descriptor_t describes one side of the tcp
connection (the server or the client). The function verify
detects the changes of the status of the tracked connection and update
it with the function status_switch (tracker.c), that
calls the function display_status to notify the user of this
change and deletes the connection if it is CLOSED
When data are transmitted (IS_DATA_FLOW) the function
established_packet (verify.c) is called.
This function detects if the
packet is an acknowledgment one or a data one.
Unacknowledged data
packets are stored in a linked-list
by the function addfr (fragments.c).
When data are acknowledged by
a ack,
the function flush_ack (fragments.c) is called.
In flush_ack acknowledged data are flushed
to an output stream (display or file)
by the function wrebuild (write.c).
The function out_flavour (write.c)
is used to select the format of the
data wished by the user.