Does libpcap use raw sockets underneath them?

Question

I was getting a bit confused on using of raw sockets and libcap. Can, anyone in simple point out advantages of using both. I read few links, but, its making me confused.

Answer 1

libpcap uses different mechanisms on different operating systems. On Linux, it uses PF_PACKET raw or cooked sockets, depending on whether it knows about the Linux link-layer type (ARPHRD_ value) for the interface and whether interfaces of that link-layer type produce a useful link-layer header (PPP interfaces don't, so you can't see the network-layer protocol identifier). On Irix, it uses PF_RAW sockets with the RAWPROTO_SNOOP protocol. On other systems, it doesn't use raw sockets at all.

Raw sockets can be used for a number of purposes, such as sending and receiving raw IPv4 packets without having to worry about the link-layer (i.e., they plug into the IP layer rather than into the network device driver). If you need access to the raw link layer, raw sockets on most OSes don't support that (Linux and Irix being obvious exceptions, as per the previous paragraph), but libpcap does.