Libpcap is a capture engine that was originally developed for Unix-like OS and is incorporated into TCPDUMP, Snort, and other packet analyzers to grab packets as they come off the network interface.

Wireshark and TShark work with libpcap and generate PCAPNG files by default. libpcap and TCPDUMP are developed and maintained at http://www.tcpdump.org/. A version of libpcap was adapted for Windows and is called WinPcap, as we will discuss next.