Tcpdump.org is the official web site of tcpdump, a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.
Tcpdump uses libpcap, a system-independent interface for user-level packet capture. Before building tcpdump, you must first retrieve and build libpcap, also originally from LBL(Lawrence Berkeley National Laboratory – Berkeley Lab) and now being maintained by tcpdump.org;
-
Wireshark;SharkFest;Wi-Fi @ SharkFest;
Riverbed is the current host and corporate sponsor of the Wireshark project, Wireshark Foundation and SharkFest. - libpcap 最新版 1.8.1 (Oct 26, 2016)
当下我们使用的 1.5.3 (Jan 15, 2014),可以考虑升级。
The Architecture and Optimization Methodology of the libpcap Packet Capture Library
- Keynote Presentation by Steve McCanne, co-creator tcpdump in Sharkfest '11;
-
值得读一下;
原理示例
分析示例
Programming with pcap
- by Tim Carstens
- Further editing and development by Guy Harris
Programming with Libpcap - Sniffing the network from our own application
-
by Luis MartinGarcia
Elements involved in the capture process
Normal program flow of a pcap application
