While tcpdump and MAGNeT are similar in that they are both monitors of network traffic, they are also very different in that they monitor different aspects of the traffic and are based on different design philosophies.
tcpdump, like magnet-read, is an user-interface application relying on functionality contained in a lower layer. In the case of tcpdump, the lower layer is called libpcap and has been used successfully with other applications, such as CoralReef. The critical difference is that while MAGNeT operates largely within the Linux kernel, libpcap is implemented as a library working in user space under a variety of operating systems.
The exact method used by libpcap to intercept network packets varies depending on the features available in the root operating system, but it always involves a system call or similar facility that causes a switch into kernel mode and a copy of memory from the kernel to the user-level library. This call-and-copy is repeated for every packet traveling across the interface being monitored. At high network speeds (and thus high packet-transfer rates), the overhead of copying each individual packet between kernel and user space becomes a significant burden. MAGNeT benefits from having code embedded in the kernel to aggregate multiple network packets into a single space which then is copied in bulk, thus amortizing the cost of the copy over multiple packets. This approach incurs less overhead but is not as portable as libpcap's method.
Finally, we note again that the kind of data collected by tcpdump and MAGNeT is not exactly the same. As used in the experiments in this paper,8 MAGNeT collects only packet generation time and data size. tcpdump, on the other hand, collects packet time information along with a sampling of the actual data contained in the packet. MAGNeT ignores this data mostly out of privacy concerns.