I am trying to figure out how to write packet data to a file. I know I can do this with the dispatch method, passing 'None' as the second argument, but I want to write data that's been modified.
Looking at the C source code, I see there is in fact a dump function, which looks to take filehandle, header, and packet data as arguments. But the dump_open call does not return any result (such as a filehandle), and the dump_file function just kind of bombs.
This can't be that hard.. what am I missing?
I don't think there's a way to do that. (You want to capture packets, modify them in some way, and then write the modified packets to the dump file, right?)
You could write to a dump file 'by hand'. The pcap file format is very simple: http://wiki.wireshark.org/Development/LibpcapFileFormat
Yeah, that's what I want to do. Thanks for the confirmation that I'm not missing something simple.