libpcap is an open source, small, free, platform-independent and handy library software implemented in C/C++ and designed from the ground up to provide a packet filtering mechanism based on BPF (Berkeley Packet Filter), the BSD packet filter.
It is heavily used in many networking applications, such as tcpdump or Wireshark. However, if you want to capture network packets on a Linux-based operating system, your kernel must support the "packet" protocol, which means that you need to configure the kernel with the CONFIG_PACKET option if it's not already configured by the package maintainer.
Getting started with libpcap
To install and use the libpcap library on your GNU/Linux distribution, download the latest version from Softpedia, save the archive on a location of your choice, use an archive manager to extract its contents, and open your favorite terminal emulator application.
In the terminal app, use the ‘cd’ command to navigate to the location of the extracted arvhive files (e.g. cd /home/softpedia/libpcap-1.6.2), and then execute the ‘./configure && make’ command to configure/optimize and compile the program.
If the compilation process was successful, run the ‘make install’ command as root or the ‘sudo make install’ command as a privileged user to install the libpcap library system wide. You project will now be able to use libpcap to capture network data traffic. Comprehensive documentation can be found on the project’s homepage (see link below).
Under the hood and availability
The libpcap library is written in the C and C++ programming language, which means that it is very fast and compatible with all GNU/Linux operating systems. It’s distributed as a tarball (TAR archive) that contains the program’s source code, supported on 32-bit and 64-bit hardware platforms. Also part of the libpcap project, is the tcpdump application, which can be downloaded from Softpedia.