Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 6,651 Commits
.github/ISSUE_TEMPLATE		.github/ISSUE_TEMPLATE
ChmodBPF		ChmodBPF
cmake		cmake
doc		doc
missing		missing
pcap		pcap
rpcapd		rpcapd
testprogs		testprogs
tests		tests
.appveyor.yml		.appveyor.yml
.ci-coverity-scan-build.sh		.ci-coverity-scan-build.sh
.cirrus.yml		.cirrus.yml
.gitattributes		.gitattributes
.gitignore		.gitignore
.mailmap		.mailmap
CHANGES		CHANGES
CMakeLists.txt		CMakeLists.txt
CONTRIBUTING.md		CONTRIBUTING.md
CREDITS		CREDITS
INSTALL.md		INSTALL.md
LICENSE		LICENSE
Makefile-devel-adds		Makefile-devel-adds
Makefile.in		Makefile.in
README.md		README.md
VERSION		VERSION
aclocal.m4		aclocal.m4
autogen.sh		autogen.sh
bpf_dump.c		bpf_dump.c
bpf_filter.c		bpf_filter.c
bpf_image.c		bpf_image.c
build.sh		build.sh
build_common.sh		build_common.sh
build_matrix.sh		build_matrix.sh
cbpf-savefile.manfile.in		cbpf-savefile.manfile.in
charconv.c		charconv.c
charconv.h		charconv.h
chmod_bpf		chmod_bpf
cmake_uninstall.cmake.in		cmake_uninstall.cmake.in
cmakeconfig.h.in		cmakeconfig.h.in
config.guess		config.guess
config.sub		config.sub
configure.ac		configure.ac
diag-control.h		diag-control.h
dlpisubs.c		dlpisubs.c
dlpisubs.h		dlpisubs.h
etherent.c		etherent.c
ethertype.h		ethertype.h
extract.h		extract.h
fad-getad.c		fad-getad.c
fad-gifc.c		fad-gifc.c
fad-glifc.c		fad-glifc.c
fmtutils.c		fmtutils.c
fmtutils.h		fmtutils.h
ftmacros.h		ftmacros.h
gencode.c		gencode.c
gencode.h		gencode.h
grammar.y.in		grammar.y.in
ieee80211.h		ieee80211.h
install-sh		install-sh
instrument-functions.c		instrument-functions.c
libpcap.pc.in		libpcap.pc.in
llc.h		llc.h
mkdep		mkdep
nametoaddr.c		nametoaddr.c
nametoaddr.h		nametoaddr.h
nomkdep		nomkdep
optimize.c		optimize.c
optimize.h		optimize.h
org.tcpdump.chmod_bpf.plist		org.tcpdump.chmod_bpf.plist
pcap-bpf.c		pcap-bpf.c
pcap-bpf.h		pcap-bpf.h
pcap-bt-linux.c		pcap-bt-linux.c
pcap-bt-linux.h		pcap-bt-linux.h
pcap-bt-monitor-linux.c		pcap-bt-monitor-linux.c
pcap-bt-monitor-linux.h		pcap-bt-monitor-linux.h
pcap-common.c		pcap-common.c
pcap-common.h		pcap-common.h
pcap-config.1		pcap-config.1
pcap-config.in		pcap-config.in
pcap-dag.c		pcap-dag.c
pcap-dag.h		pcap-dag.h
pcap-dbus.c		pcap-dbus.c
pcap-dbus.h		pcap-dbus.h
pcap-dll.rc		pcap-dll.rc
pcap-dlpi.c		pcap-dlpi.c
pcap-dpdk.c		pcap-dpdk.c
pcap-dpdk.h		pcap-dpdk.h
pcap-filter.manmisc.in		pcap-filter.manmisc.in
pcap-haiku.c		pcap-haiku.c
pcap-hurd.c		pcap-hurd.c
pcap-int.h		pcap-int.h
pcap-libdlpi.c		pcap-libdlpi.c
pcap-linktype.manmisc.in		pcap-linktype.manmisc.in
pcap-linux.c		pcap-linux.c
pcap-namedb.h		pcap-namedb.h
pcap-netfilter-linux.c		pcap-netfilter-linux.c
pcap-netfilter-linux.h		pcap-netfilter-linux.h
pcap-netmap.c		pcap-netmap.c
pcap-netmap.h		pcap-netmap.h
pcap-npf.c		pcap-npf.c

Repository files navigation

LIBPCAP 1.x.y by The Tcpdump Group

To report a security issue please send an e-mail tosecurity@tcpdump.org.

To report bugs and other problems, contribute patches, request afeature, provide generic feedback etc please see theguidelines for contributing.

Thedocumentation directory has README files about specificoperating systems and options.

Anonymous Git is available via:

https://github.com/the-tcpdump-group/libpcap.git

This directory contains source code for libpcap, a system-independentinterface for user-level packet capture. libpcap provides a portableframework for low-level network monitoring. Applications includenetwork statistics collection, security monitoring, network debugging,etc. Since almost every system vendor provides a different interfacefor packet capture, and since we've developed several tools thatrequire this functionality, we've created this system-independent APIto ease in porting and to alleviate the need for severalsystem-dependent packet capture modules in each application.

formerly fromLawrence Berkeley National LaboratoryNetwork Research Group <libpcap@ee.lbl.gov>ftp://ftp.ee.lbl.gov/old/libpcap-0.4a7.tar.Z

Support for particular platforms and BPF

For some platforms there areREADME.{system} files that discuss issueswith the OS's interface for packet capture on those platforms, such ashow to enable support for that interface in the OS, if it's not built inby default.

The libpcap interface supports a filtering mechanism based on thearchitecture in the BSD packet filter. BPF is described in the 1993Winter Usenix paper ``The BSD Packet Filter: A New Architecture forUser-level Packet Capture''(compressed PostScript,gzipped PostScript,PDF).

Although most packet capture interfaces support in-kernel filtering,libpcap utilizes in-kernel filtering only for the BPF interface.On systems that don't have BPF, all packets are read into user-spaceand the BPF filters are evaluated in the libpcap library, incurringadded overhead (especially, for selective filters). Ideally, libpcapwould translate BPF filters into a filter program that is compatiblewith the underlying kernel subsystem, but this is not yet implemented.

BPF is standard in NetBSD, FreeBSD, OpenBSD, DragonFly BSD, macOS, andSolaris 11; an older, modified and undocumented version is standardin AIX.

Linux has a number of BPF based systems, and libpcap does not supportany of the eBPF mechanisms as yet, although it supports many of thememory mapped receive mechanisms.See theLinux-specific README for more information.

Note to Linux distributions and *BSD systems that include libpcap:

There's now a rule to make a shared library, which should work on Linuxand *BSD, among other platforms.

It sets the soname of the library tolibpcap.so.1; this is what itshould be,NOTlibpcap.so.1.x orlibpcap.so.1.x.y or something such asthat.

We've been maintaining binary compatibility between libpcap releases forquite a while; there's no reason to tie a binary linked with libpcap toa particular release of libpcap.