catnip is a tiny non-libpcap based network packet capturing tool (currently only for Linux) which when compiled and stripped the binary is smaller than 20kiB. This makes it very suitable for embedded environments where a libpcap based tool, typically 100kiB for just libpcap and 500kiB for tcpdump, would be simply too large. catnip is generally parameter compatible with tcpdump and what makes catnip stand out from other small packet capturing tools is that also supports BPF filtering.
Whilst putting together a buildroot based Linux environment for my Linksys WAG54G I was disappointed to find that a compiled libpcap/tcpdump was just too large for the 4MiB flash I was limited to. Digging around I could not find any other filtering supporting micro-sized libpcap-less capturing tools so set out to write my own, and this is the result of my efforts.
The source code and (hopefully) better documentation for 'catnip' is at https://github.com/jimdigriz/catnip