I have always wondered as to at which level packet capture works. Is it this way ...
1. For packets that are sent out, a copy of every packet, given to the device driver by the protocol layer, would be captured by the pcap library. 2. For packets that are received, a copy of every packet, given by the protocl layer to the above layers, would be captured by the pcap library. Please clarify if my understanding is correct. Otherwise please correct me. Looking forward to your reply . Thanks & Regards, Rajagopal - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
