Ramya Desai wrote:

> Dear all,
> I am new to networking.
>
> 1)
> Can anyone of you please explain me what is the difference between
> packet capturing and packet sniffing
>
> 2) what is the place of packet capturing ? is in driver side ? or in
> application ?.
>
> Thanks in advance,
> Ramya.
Hi,

1. I think there is no difference.
2. packet capturing is done with the help of the promicious mode. If the
hardware sopports it, it will queue all the incoming packets in the backlog
queue of a processor. By adding a protocol, that accepts packets of all
kinds (ip/ipx/x.25), a packet_type structure is created with a queue
holding all the incoming packets. This queue can be accessed from
kernel-space. If you want to cope with this topic, you might want to take a
look in the sources of tcpdump.

With kind regards, Alex