Who does copy network packets to bpf driver?

As I can understand from this article http://isp.vsi.ru/library/Networking/TCPIPIllustrated/append_a.htm
Tcpdump get packets from bpf driver and I have two questions.

  1. Could anyone explain which one copy transmitted packets into bpf module: Ethernet driver (for example e1000) or linux kernel?
  2. Does driver or kernel always copy packets or only when tcpdump launched? If second, how does tcpdump start that copying?

    Could you please list functions of e1000 driver or linux kernel that copy received and transmitted packets into bpf.
How many English words
do you know?
Test your English vocabulary size, and measure
how many words do you know
Online Test
Powered by Examplum