pcap_dump

Help
2008-06-24
2013-05-09
  • Hello,

    I am trying to figure out how to write packet data to a file.  I know I can do this with the dispatch method, passing 'None' as the second argument, but I want to write data that's been modified.

    Looking at the C source code, I see there is in fact a dump function, which looks to take filehandle, header, and packet data as arguments.  But the dump_open call does not return any result (such as a filehandle), and the dump_file function just kind of bombs.

    This can't be that hard.. what am I missing?

    Thanks.

    Michael Matthews

     
    • Wim Lewis
      Wim Lewis
      2008-06-25

      I don't think there's a way to do that. (You want to capture packets, modify them in some way, and then write the modified packets to the dump file, right?)

      You could write to a dump file 'by hand'. The pcap file format is very simple:  http://wiki.wireshark.org/Development/LibpcapFileFormat

       
      • Wim,

        Yeah, that's what I want to do.  Thanks for the confirmation that I'm not missing something simple.

        Michael