LibPcap is an open source Ethernet packet capture library that is widely used. It provides core functionality for the Wireshark packet sniffer, formerly known as Ethereal. LibPcap libraries are available for Linux and OpenBSD. On Linux and OpenBSD you must link applications to libpcap.a and libwpcap.a. The toolkit does not use either of these libraries on Linux because they are not needed there.

WinPcap is an open source version of LibPcap written for Microsoft Windows™. The WinPcap libraries let Windows applications send and receive raw packets. On Windows™ you must link applications to Packet.lib and wpcap.lib.

In principle, the LibPcap and WinPcap library implementations should function identically but they do not; however, they are similar enough to provide a useful degree of platform independence. Defining preprocessor constants LIBPCAP or WINPCAP when compiling the toolkit will enable the corresponding source code. This can be done by adding "-DLIBPCAP" or "-DWINPCAP" to variable LFLAGS in file Makefile in folders int6k, int6k2, efsu and hpav. Constant WINPCAP need only be defined this way when compiling the toolkit using cygwin™ or mingw™ environments. Do not define both constants LIBPCAP and WINPCAP at the same time or compiler errors will occur.

Berkeley Packet Filters (BPF) is an open source Ethernet packet capture mechanism available on many UNIX™-like systems. Native BPF is supported on some systems but must be explicitly compiled into the kernel on other systems. Linux™ systems normally do not support BPF by default but Mac OS X™ does and so we automatically use it whenever compiler constant __APPLE__ is defined. In principle, one could compile a custom Linux™ kernel with BPF enabled.