2.1 Packet Drivers
In order to keep track of incoming and outgoing packets, we have to insert a component between the network interface and the rest of the operating system. This component is able to track the passing packets or perhaps hand them over to other programs to be protocolled or displayed. This component is often called a packet driver or packet filter. In MS Windows NT (Windows 2000, XP etc.), the packet driver is called the Network Monitor Agent. The program that protocols or displays the packets captured by the packet driver, is the Network Monitor for Windows or the tcpdump command for UNIX.
The network interface cards of systems connected to the LAN listen to the traffic on the LAN, i.e., they read individual passing link frames. Link frames of protocols for local networks usually start with the destination link address, so if the station finds that the incoming frame is not addressed to itself, then it usually ignores the rest of the frame. In practice this means that...
