Tcpdump, Snort and similar tools are great; administrators and programmers alike can leverage them for everything from basic packet header reading down to bit for bit analysis of what, when, where on a network. How do they work? If someone wished to include packet reading functionality in their own software(s) what might be the best method? In this text a first pass at setting up a simple packet reading program using the libpcap packet reading library.
Full story »