tcpdump是非常强大的网络安全分析工具，可以将网络上截获的数据包保存到文件以备分析。可以定义过滤规则，只截获感兴趣的数据包，以减少输出文件大小和数据包分析时的装载和处理时间。

版本：libpcap-1.4.0 和 tcpdump-4.4.0

编译方法：

上述需要的两个包要解压在同一个目录下，先编译libpcap，再编译tcpdump。

libpcap-1.4.0：

1. make distclean
2. ./configure --host=arm-hisiv300-linux --with-pcap=linux
3. make 
4. object file: libpcap.a /libpcap.so.1.4.0

拷贝上面库到tcpdump-4.4.0目录下

tcpdump-4.4.0:

sh4-linux / arm-hisiv200-linux:
1. make distclean
2. ./configure --host=arm-hisiv300-linux LDFLAGS=-static
3. make 
4. object file: tcpdump
arm-hisvi300-linux-strip tcpdump

注：arm-hisiv300-linux交叉编译器

使用方法：见百度，一大摞

编译可能出现的错误：

checking for local pcap library... ./../libpcap-1.4.0/libpcap.a
checking for pcap-config... ./../libpcap-1.4.0/pcap-config
checking for pcap_loop... no
configure: error: Report this to tcpdump-workers@lists.tcpdump.org, and include the
config.log file in your report.  If you have downloaded libpcap from
tcpdump.org, and built it yourself, please also include the config.log
file from the libpcap source directory, the Makefile from the libpcap
source directory, and the output of the make process for libpcap, as
this could be a problem with the libpcap that was built, and we will
not be able to determine why this is happening, and thus will not be
able to fix it, without that information, as we have not been able to
reproduce this problem ourselves.
解决方法：
将libpcap中的config.h
注释：// #define PCAP_SUPPORT_CANUSB 1