Wireshark · Ethereal-users: Re: [Ethereal-users] tcpdump and libpcap

Ethereal-users: Re: [Ethereal-users] tcpdump and libpcap

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Thu, 7 Jun 2001 12:10:28 -0700 (PDT)

> I'd like to know the difference between tcpdump and libpcap.

libpcap is a library that uses the underlying OS's packet capture
mechanism (or, in the case of WinPcap and Windows, the packet capture
mechanism supplied with WinPcap, as Windows doesn't come with a packet
capture mechanism) to supply raw network packets to an application, and
that also includes code to save captures to a file and read those files.

tcpdump is a packet-capture-and-analysis application built atop libpcap.

> Also I would like to know if there is a way to use the packets to
> reconstruct the original contents.  In this case I'm not using ethereal but
> I'm relying on tcpdump (or libpcap) only.

The original contents of what?

References:
- [Ethereal-users] tcpdump and libpcap
  - From: Nawar, Hany Nader Soliman (Hany)

Prev by Date: [Ethereal-users] Win98 & promiscuous Mode
Next by Date: [Ethereal-users] Re: Question about Tools->Summary in Ethereal
Previous by thread: [Ethereal-users] tcpdump and libpcap
Next by thread: [Ethereal-users] Ethereal Capture not working
Index(es):
- Date
- Thread