libpcap

libpcap is an open source, small, free, platform-independent and handy library software implemented in C/C++ and designed from the ground up to provide a packet filtering mechanism based on BPF (Berkeley Packet Filter), the BSD packet filter.

It is heavily used in many networking applications, such as tcpdump or Wireshark. However, if you want to capture network packets on a Linux-based operating system, your kernel must support the "packet" protocol, which means that you need to configure the kernel with the CONFIG_PACKET option if it's not already configured by the package maintainer.

Getting started with libpcap

To install and use the libpcap library on your GNU/Linux distribution, download the latest version from Softoware, save the archive on a location of your choice, use an archive manager to extract its contents, and open your favorite terminal emulator application.

In the terminal app, use the ‘cd’ command to navigate to the location of the extracted arvhive files (e.g. cd /home/softoware/libpcap-1.6.2), and then execute the ‘./configure && make’ command to configure/optimize and compile the program.

If the compilation process was successful, run the ‘make install’ command as root or the ‘sudo make install’ command as a privileged user to install the libpcap library system wide. You project will now be able to use libpcap to capture network data traffic. Comprehensive documentation can be found on the project’s homepage (see link below).

Under the hood and availability

The libpcap library is written in the C and C++ programming language, which means that it is very fast and compatible with all GNU/Linux operating systems. It’s distributed as a tarball (TAR archive) that contains the program’s source code, supported on 32-bit and 64-bit hardware platforms. Also part of the libpcap project, is the tcpdump application, which can be downloaded from Softoware.

What is new in this release:

• Don't crash on filters testing a non-existent link-layer type field.
• Fix sending in non-blocking mode on Linux with memory-mapped capture.
• Fix timestamps when reading pcap-ng files on big-endian machines.

What is new in version 1.5.3:

• Don't let packets that don't match the current filter get to the application when TPACKET_V3 is used. (GitHub issue #331)
• Fix handling of pcap_loop()/pcap_dispatch() with a packet count of 0 on some platforms (including Linux with TPACKET_V3). (GitHub issue #333)
• Work around TPACKET_V3 deficiency that causes packets to be lost when a timeout of 0 is specified. (GitHub issue #335)
• Man page formatting fixes.

What is new in version 1.0.0:

• Support was added for IPMB, LAPD, AX25, JUNIPER_ST, 802.15.4, variable length 802.11 headers, X2E data type, Linux tpacket frame headers, and the SITA ACN interface.
• Support was added for zerocopy BPF on platforms that support it.
• VLAN support on Linux was improved.
• Dynamic library support on Mac OS X was fixed.
• Assorted other enhancements and bugfixes were made.