the LIBpcap interface to various kernel packet capture mechanism
C HTML Makefile Yacc CMake Shell Other
Pull request Compare This branch is 157 commits behind the-tcpdump-group:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
ChmodBPF To quote Sep 9, 2009
SUNOS4 Initial revision Oct 7, 1999
Win32 Do not build pcap-tc.c in the MSVC project. Jul 1, 2016
bpf/net The official #define for 32-bit and 64-bit Windows is _WIN32. Aug 31, 2015
cmake BUILDING_LIBPCAP -> BUILDING_PCAP. Dec 27, 2015
config Clean up CMake stuff to start to work on UN*X. Sep 27, 2015
doc Delete trailing spaces/tabs Mar 8, 2015
lbl Use pcap_snprintf() instead of snprintf(). Nov 3, 2015
missing Oops, forgot to add the file with the Windows _snprintf() wrappers. Nov 4, 2015
msdos Updates for the MSDOS port of libpcap. Dec 26, 2015
pcap Update comments to reflect reality and fix some errors. Jul 7, 2016
tests Handle no -i argument, report success. Jun 27, 2016
.gitattributes Introduce end-of-line normalization Sep 22, 2015
.gitignore Add some additional files from Windows builds. Jun 25, 2016
.travis-coverity-scan-build.sh Coverity: Build script: Update the upload URL for the framework change Oct 30, 2015
.travis.yml Travis: Install 'libnl-genl-3-dev' library Sep 3, 2015
CHANGES Update CHANGES in case we release a 1.7.5. Sep 3, 2015
CMakeLists.txt Fix tpo. Jun 30, 2016
CREDITS Delete trailing spaces/tabs Mar 8, 2015
INSTALL.txt We don't use anything in fad-null.c, so get rid of it. Jun 26, 2016
LICENSE Delete trailing spaces/tabs Mar 8, 2015
Makefile-devel-adds The configure script depends on aclocal.m4. May 12, 2013
Makefile.in The MSVC projects were renamed; update the Makefile. Jun 27, 2016
README Delete trailing spaces/tabs Mar 8, 2015
README.Win32 Delete trailing spaces/tabs Mar 8, 2015
README.aix Delete trailing spaces/tabs Mar 8, 2015
README.dag Update README.dag to cover the ERF_DONT_STRIP_FCS environment variable. Jun 7, 2012
README.hpux Delete trailing spaces/tabs Mar 8, 2015
README.linux Delete trailing spaces/tabs Mar 8, 2015
README.macosx Put in a note about the Snow Leopard bug that requires that you have BPF Sep 10, 2009
README.septel Delete trailing spaces/tabs Mar 8, 2015
README.sita The SITA code in pcap-linux.c shares very little with the Linux code; Jan 6, 2008
README.tru64 Delete trailing spaces/tabs Mar 8, 2015
TODO Delete trailing spaces/tabs Mar 8, 2015
VERSION This is the trunk, and there's a 1.7.x branch, so call it 1.8.0-PRE-GIT. Feb 10, 2015
aclocal.m4 Attempt to get UN*X compilers to work like MSVC. Dec 25, 2015
arcnet.h remove libpcap's own CVS keywords Jan 3, 2014
atmuni31.h remove libpcap's own CVS keywords Jan 3, 2014
bpf_dump.c Squelch a compiler warning. Dec 31, 2015
bpf_image.c Use pcap_snprintf() instead of snprintf(). Nov 3, 2015
chmod_bpf Add a script to change the permissions of /dev/bpf*, and a launchd plist May 28, 2008
cmakeconfig.h.in Check for loopback adapters on Windows. Jun 28, 2016
config.guess Update config.{sub,guess}, timestamp='2015-02-2[23]' Mar 1, 2015
config.h.in Fix test programs to build on more platforms. Nov 3, 2015
config.sub Update config.{sub,guess}, timestamp='2015-02-2[23]' Mar 1, 2015
configure Clean up {DAG, Septel, Myricom SNF}-only builds. Jul 1, 2016
configure.in Clean up {DAG, Septel, Myricom SNF}-only builds. Jul 1, 2016
dlpisubs.c Add some more DL_ types from Solaris 11. Jun 27, 2016
dlpisubs.h remove libpcap's own CVS keywords Jan 3, 2014
etherent.c The official #define for 32-bit and 64-bit Windows is _WIN32. Aug 31, 2015
ethertype.h Recognize 802.1ad nested VLAN tag in vlan filter. Aug 19, 2015
fad-getad.c Let the platform decide how to check capturable interfaces. Jun 28, 2016
fad-gifc.c Let the platform decide how to check capturable interfaces. Jun 28, 2016
fad-glifc.c Let the platform decide how to check capturable interfaces. Jun 28, 2016
fad-helpers.c Add support for capturing on FreeBSD usbusN interfaces. Feb 22, 2016
gencode.c No need to single-thread this, it's reentrant now. Mar 25, 2016
gencode.h Don't use global state for the BPF compiler. Feb 11, 2016
grammar.y Don't use global state for the BPF compiler. Feb 11, 2016
ieee80211.h Support OpenBSD's "addr1", "addr2", "addr3", and "addr4" link-layer Nov 18, 2007
inet.c Split out the UN*X flags to pcap flags mapping. Jan 25, 2016
install-sh install-sh: Restore a needed tab Mar 8, 2015
llc.h Add support for filters testing for 802.2 LLC frame types. May 20, 2014
mkdep mkdep: It uses now build environment PATH Jan 17, 2015
nametoaddr.c Get rid of obsolete variable. Mar 7, 2016
nametoaddr.h Don't use global state for the BPF compiler. Feb 11, 2016
nlpid.h remove libpcap's own CVS keywords Jan 3, 2014
optimize.c Don't use global state for the BPF compiler. Feb 11, 2016
org.tcpdump.chmod_bpf.plist This is probably the right way to run something once at startup time; it Jun 5, 2008
pcap-bpf.c pcap_create_interface() needs the interface name on Linux. Jun 30, 2016
pcap-bpf.h Delete trailing spaces/tabs Mar 8, 2015
pcap-bt-linux.c also fix Linux compiling with Bluetooth support Jun 30, 2016
pcap-bt-linux.h Delete trailing spaces/tabs Mar 8, 2015
pcap-bt-monitor-linux.c also fix Linux compiling with Bluetooth support Jun 30, 2016
pcap-bt-monitor-linux.h Add support for Bluetooth Linux Monitor interface Feb 18, 2014
pcap-can-linux.c refine the previous change to fix Linux builds Jun 30, 2016
pcap-can-linux.h Have non-interface modules take responsibility for identifying their … Jun 11, 2012
pcap-canusb-linux.c make more pcap_create_common() fixes Jun 30, 2016
pcap-canusb-linux.h added missing ( to pcap-canusb-linux.h Sep 3, 2012
pcap-common.c Clean up version test. Mar 25, 2016
pcap-common.h Byte-swap the T and L in TLVs as necessary when reading an NFLOG file. Feb 3, 2014
pcap-config.1 update last modified date in man page(s) Dec 18, 2015
pcap-config.in Use config.status to generate pcap-config. Dec 1, 2010
pcap-dag.c Clean up {DAG, Septel, Myricom SNF}-only builds. Jul 1, 2016
pcap-dag.h Move the private-to-DAG-cards definitions to pcap-dag.c. Jun 30, 2016
pcap-dbus.c make more pcap_create_common() fixes Jun 30, 2016
pcap-dbus.h Add a pcap-dbus.h header and include it in pcap-dbus.c and pcap.c. Apr 12, 2013
pcap-dlpi.c Fix some errors on HP-UX. Jul 3, 2016
pcap-dos.c pcap_create_interface() needs the interface name on Linux. Jun 30, 2016
pcap-dos.h Delete trailing spaces/tabs Mar 8, 2015
pcap-enet.c remove libpcap's own CVS keywords Jan 3, 2014
pcap-filter.manmisc.in update last modified date in man page(s) Dec 18, 2015
pcap-int.h Fix warnings with 'strlcpy' macro Jul 2, 2016
pcap-libdlpi.c pcap_create_interface() needs the interface name on Linux. Jun 30, 2016
pcap-linktype.manmisc.in update last modified date in man page(s) Dec 18, 2015
pcap-linux.c pcap_create_interface() needs the interface name on Linux. Jun 30, 2016
pcap-namedb.h remove libpcap's own CVS keywords Jan 3, 2014
pcap-netfilter-linux.c refine the previous change to fix Linux builds Jun 30, 2016
pcap-netfilter-linux.h Delete trailing spaces/tabs Mar 8, 2015
pcap-nit.c pcap_create_interface() needs the interface name on Linux. Jun 30, 2016
pcap-null.c pcap_create_interface() needs the interface name on Linux. Jun 30, 2016
pcap-pf.c pcap_create_interface() needs the interface name on Linux. Jun 30, 2016
pcap-savefile.manfile.in update last modified date in man page(s) Dec 18, 2015
pcap-septel.c Clean up {DAG, Septel, Myricom SNF}-only builds. Jul 1, 2016
pcap-septel.h remove libpcap's own CVS keywords Jan 3, 2014
pcap-sita.c pcap_create_interface() needs the interface name on Linux. Jun 30, 2016
pcap-sita.h remove libpcap's own CVS keywords Jan 3, 2014
pcap-sita.html Again, Git, not CVS. Feb 8, 2010
pcap-snf.c Clean up {DAG, Septel, Myricom SNF}-only builds. Jul 1, 2016
pcap-snf.h Have non-interface modules take responsibility for identifying their … Jun 11, 2012
pcap-snit.c pcap_create_interface() needs the interface name on Linux. Jun 30, 2016
pcap-snoop.c pcap_create_interface() needs the interface name on Linux. Jun 30, 2016
pcap-stdinc.h Clean up white space. Jun 27, 2016
pcap-tc.c make more pcap_create_common() fixes Jun 30, 2016
pcap-tc.h Delete trailing spaces/tabs Sep 22, 2015
pcap-tstamp.manmisc.in update last modified date in man page(s) Dec 18, 2015
pcap-usb-linux.c refine the previous change to fix Linux builds Jun 30, 2016
pcap-usb-linux.h Delete trailing spaces/tabs Mar 8, 2015
pcap-win32.c flags is used even if we don't have PacketIsLoopbackAdapter(). Jun 30, 2016
pcap.3pcap.in update last modified date in man page(s) Dec 18, 2015
pcap.c Clean up {DAG, Septel, Myricom SNF}-only builds. Jul 1, 2016
pcap.h remove libpcap's own CVS keywords Jan 3, 2014
pcap_activate.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_breakloop.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_can_set_rfmon.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_close.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_compile.3pcap.in update last modified date in man page(s) Dec 18, 2015
pcap_create.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_datalink.3pcap.in update last modified date in man page(s) Dec 18, 2015
pcap_datalink_name_to_val.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_datalink_val_to_name.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_dump.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_dump_close.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_dump_file.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_dump_flush.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_dump_ftell.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_dump_open.3pcap.in update last modified date in man page(s) Dec 18, 2015
pcap_file.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_fileno.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_findalldevs.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_freecode.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_get_selectable_fd.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_get_tstamp_precision.3pcap.in update last modified date in man page(s) Dec 18, 2015
pcap_geterr.3pcap Make the second argument to pcap_perror() const. Jan 15, 2016
pcap_inject.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_is_swapped.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_lib_version.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_list_datalinks.3pcap.in update last modified date in man page(s) Dec 18, 2015
pcap_list_tstamp_types.3pcap.in update last modified date in man page(s) Dec 18, 2015
pcap_lookupdev.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_lookupnet.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_loop.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_major_version.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_next_ex.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_offline_filter.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_open_dead.3pcap.in update last modified date in man page(s) Dec 18, 2015
pcap_open_live.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_open_offline.3pcap.in update last modified date in man page(s) Dec 18, 2015
pcap_set_buffer_size.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_set_datalink.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_set_immediate_mode.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_set_promisc.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_set_rfmon.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_set_snaplen.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_set_timeout.3pcap Add a warning about the behavior if no timeout is set. Dec 1, 2015
pcap_set_tstamp_precision.3pcap.in update last modified date in man page(s) Dec 18, 2015
pcap_set_tstamp_type.3pcap.in update last modified date in man page(s) Dec 18, 2015
pcap_setdirection.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_setfilter.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_setnonblock.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_snapshot.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_stats.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_statustostr.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_strerror.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_tstamp_type_name_to_val.3pcap update last modified date in man page(s) Dec 18, 2015
pcap_tstamp_type_val_to_name.3pcap update last modified date in man page(s) Dec 18, 2015
ppp.h remove libpcap's own CVS keywords Jan 3, 2014
savefile.c Update variable names and comments to reflect the previous change. Jun 4, 2016
scanner.l Don't bother with YY_NO_UNISTD_H. Jun 30, 2016
sf-pcap-ng.c More snprintf -> pcap_snprintf. Nov 4, 2015
sf-pcap-ng.h Replace the _nsectime routines with _with_tstamp_precision routines. Jul 1, 2013
sf-pcap.c More snprintf -> pcap_snprintf. Nov 4, 2015
sf-pcap.h Replace the _nsectime routines with _with_tstamp_precision routines. Jul 1, 2013
sunatmpos.h remove libpcap's own CVS keywords Jan 3, 2014

README

LIBPCAP 1.x.y

www.tcpdump.org

Please send inquiries/comments/reports to:
	tcpdump-workers@lists.tcpdump.org

Anonymous Git is available via:
	git clone git://bpf.tcpdump.org/libpcap

Please submit patches by forking the branch on GitHub at

	http://github.com/the-tcpdump-group/libpcap/tree/master

and issuing a pull request.

formerly from 	Lawrence Berkeley National Laboratory
		Network Research Group <libpcap@ee.lbl.gov>
		ftp://ftp.ee.lbl.gov/old/libpcap-0.4a7.tar.Z

This directory contains source code for libpcap, a system-independent
interface for user-level packet capture.  libpcap provides a portable
framework for low-level network monitoring.  Applications include
network statistics collection, security monitoring, network debugging,
etc.  Since almost every system vendor provides a different interface
for packet capture, and since we've developed several tools that
require this functionality, we've created this system-independent API
to ease in porting and to alleviate the need for several
system-dependent packet capture modules in each application.

For some platforms there are README.{system} files that discuss issues
with the OS's interface for packet capture on those platforms, such as
how to enable support for that interface in the OS, if it's not built in
by default.

The libpcap interface supports a filtering mechanism based on the
architecture in the BSD packet filter.  BPF is described in the 1993
Winter Usenix paper ``The BSD Packet Filter: A New Architecture for
User-level Packet Capture''.  A compressed PostScript version can be
found at

	ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z

or

	http://www.tcpdump.org/papers/bpf-usenix93.ps.Z

and a gzipped version can be found at

	http://www.tcpdump.org/papers/bpf-usenix93.ps.gz

A PDF version can be found at

	http://www.tcpdump.org/papers/bpf-usenix93.pdf

Although most packet capture interfaces support in-kernel filtering,
libpcap utilizes in-kernel filtering only for the BPF interface.
On systems that don't have BPF, all packets are read into user-space
and the BPF filters are evaluated in the libpcap library, incurring
added overhead (especially, for selective filters).  Ideally, libpcap
would translate BPF filters into a filter program that is compatible
with the underlying kernel subsystem, but this is not yet implemented.

BPF is standard in 4.4BSD, BSD/OS, NetBSD, FreeBSD, OpenBSD, DragonFly
BSD, and Mac OS X; an older, modified and undocumented version is
standard in AIX.  {DEC OSF/1, Digital UNIX, Tru64 UNIX} uses the
packetfilter interface but has been extended to accept BPF filters
(which libpcap utilizes).  Also, you can add BPF filter support to
Ultrix using the kernel source and/or object patches available in:

	http://www.tcpdump.org/other/bpfext42.tar.Z

Linux, in the 2.2 kernel and later kernels, has a "Socket Filter"
mechanism that accepts BPF filters; see the README.linux file for
information on configuring that option.

Note to Linux distributions and *BSD systems that include libpcap:

There's now a rule to make a shared library, which should work on Linux
and *BSD, among other platforms.

It sets the soname of the library to "libpcap.so.1"; this is what it
should be, *NOT* libpcap.so.1.x or libpcap.so.1.x.y or something such as
that.

We've been maintaining binary compatibility between libpcap releases for
quite a while; there's no reason to tie a binary linked with libpcap to
a particular release of libpcap.

Problems, bugs, questions, desirable enhancements, etc. should be sent
to the address "tcpdump-workers@lists.tcpdump.org".  Bugs, support
requests, and feature requests may also be submitted on the GitHub issue
tracker for libpcap at

	https://github.com/the-tcpdump-group/libpcap/issues

Source code contributions, etc. should be sent to the email address
above or submitted by forking the branch on GitHub at

	http://github.com/the-tcpdump-group/libpcap/tree/master

and issuing a pull request.

Current versions can be found at www.tcpdump.org.

 - The TCPdump team