libpcap & Tcpdump

Tcpdump.org is the official web site of tcpdump, a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.

Tcpdump uses libpcap, a system-independent interface for user-level packet capture. Before building tcpdump, you must first retrieve and build libpcap, also originally from LBL and now being maintained by tcpdump.org;

• Wireshark；SharkFest；Wi-Fi @ SharkFest；
  Riverbed is the current host and corporate sponsor of the Wireshark project, Wireshark Foundation and SharkFest.
• libpcap 最新版 1.8.1 (Oct 26, 2016)
  当下我们使用的 1.5.3 (Jan 15, 2014)，可以考虑升级。

The Architecture and Optimization Methodology of the libpcap Packet Capture Library

• Keynote Presentation by Steve McCanne, co-creator tcpdump in Sharkfest '11；

• 值得读一下；

  
  原理示例
  分析示例

Programming with pcap

• by Tim Carstens
• Further editing and development by Guy Harris

Programming with Libpcap - Sniffing the network from our own application

• by Luis MartinGarcia

  
  Elements involved in the capture process
  Normal program flow of a pcap application