Capture the data and payload in a packet
Unlike standard packet capture, which only reviews the information in the packet header, DPC captures and reviews the packet header as well as the data or payload the packet's carrying.
Then both tcpdump and Wireshark perform "DPC", presumably meaning "Deep Packet Capture", as they look at all protocols layers, for at least some protocols (and for a lot of protocols, in the case of Wireshark). They might not handle the protocols you're interested in, but there's probably NO software out there that handles every protocol.
(This is why I think the word "deep" is a bunch of marketing nonsense. It doesn't actually mean anything really significant, if it just means "stuff below the transport layer".)
Is it possible to view application protocol header?
Yes. Many protocol analyzers support that.
if yes. what is the idea ,algorithm or libraries.
The source code to those analyzers, which, in most cases, is proprietary. Wireshark, however, is open source, as is tcpdump.
where does the wireshark capture the packets
where does the wireshark capture the packets in the linux kernel?
On UN*Xes, it uses libpcap, which, on Linux, uses AF_PACKET sockets. (On Windows, it uses WinPcap, which is a driver plus a port of libpcap to use the driver.)
If an output packet is captured by wireshark , will the packet be sent out definitely through corresponding interface?
No. The networking stack hands the packet to the appropriate AF_PACKET sockets and to the driver; the driver might drop the packet (for example, if, on an Ethernet, it got multiple collisions and gave up) even though the packet was delivered to the AF_PACKET socket.
In other words, could an output packet that captured by wireshark be dropped before it is sent out?
Yes. See above.
In tools like tcpdump, when exactly are the network packets captured?
Both of those tools capture the data exactly as it goes out over the wire. (Think of it as sort of the equivalent of "tee" for output that's going to screen as well as to file; here too, the same data goes to the socket as well as to tcpdump or whatever.)
So yes, if your tool is configured correctly to encrypt the data before sending it, then tcpdump or Wireshark should reflect that in their packet captures.
Related Topics
How to Open Sublime Text 2 Files from the Command Line in Linux to a Tab, Not a New Window
Unix Command to List Files Containing String But *Not* Containing Another String
Setting Node_Env for Node.Js + Expressjs Application as a Daemon Under Ubuntu
Changing Name of the Video While Downloading via Youtube-Dl
Git Aliases - Command Line Autocompletion of Branch Names
Svn In-Place Import and Checkout
Linux: How to Force a Specific Network Interface to Be Used
How to Mount an Iso Inside a Docker Container
How to Check That Two Folders Are the Same in Linux
How to Decrease the Size of Generated Binaries
Find File Then Cd to That Directory in Linux
Create Iptables Rule Per Process/Service
How to Write a Linux Daemon with .Net Core