pcap basics

simple C library
event driven model
packet arrival triggers actions
simple order of operations
create a pcap_t reader
pcap_open_live() or pcap_open_offline()
set a filter as appropriate
pcap_setfilter()
iterate over content
pcap_dispatch(), pcap_loop(), pcap_next()
destroy pcap_t
pcap_close()

pcap is typically used in building sniffers