Packet Capture Library Overview

The Packet Capture Library provides a high-level interface to packet capture systems.

In the operating system, the Berkeley Packet Filter (BPF) is the packet capture system. This library provides user-level subroutines that interface with the BPF to allow users access for reading unprocessed network traffic. By using the Packet Capture Library, users can write their own network-monitoring tools. Applications using the Packet Capture Library subroutines must be run as root user. A reference for BPF is in UNIX Network Programming, Volume 1: Networking APIs: Sockets and XTI, Second Edition by W. Richard Stevens, 1998.