PCAP_FILE(3PCAP)PCAP_FILE(3PCAP)NAME
pcap_file - get the standard I/O stream for a savefile being read
SYNOPSIS
#include <pcap/pcap.h>
FILE *pcap_file(pcap_t *p);
DESCRIPTION
pcap_file() returns the standard I/O stream of the ``savefile,'' if a ``savefile'' was opened with pcap_open_offline(), or NULL, if a net-
work device was opened with pcap_create() and pcap_activate(), or with pcap_open_live().
Note that the Packet Capture library is usually built with large file support, so the standard I/O stream of the ``savefile'' might refer
to a file larger than 2 gigabytes; applications that use pcap_file() should, if possible, use calls that support large files on the return
value of pcap_file() or the value returned by fileno() when passed the return value of pcap_file().
SEE ALSO pcap(3PCAP), pcap_open_offline(3PCAP)
5 April 2008 PCAP_FILE(3PCAP)
Check Out this Related Man Page
PCAP_DUMP_OPEN(3PCAP)PCAP_DUMP_OPEN(3PCAP)NAME
pcap_dump_open, pcap_dump_fopen - open a file to which to write packets
SYNOPSIS
#include <pcap/pcap.h>
pcap_dumper_t *pcap_dump_open(pcap_t *p, const char *fname);
pcap_dumper_t *pcap_dump_fopen(pcap_t *p, FILE *fp);
DESCRIPTION
pcap_dump_open() is called to open a ``savefile'' for writing. fname specifies the name of the file to open. The file will have the same
format as those used by tcpdump(1) and tcpslice(1). The name "-" in a synonym for stdout.
pcap_dump_fopen() is called to write data to an existing open stream fp. Note that on Windows, that stream should be opened in binary
mode.
p is a capture or ``savefile'' handle returned by an earlier call to pcap_create() and activated by an earlier call to pcap_activate(), or
returned by an earlier call to pcap_open_offline(), pcap_open_live(), or pcap_open_dead(). The link-layer type and snapshot length from p
are used as the link-layer type and snapshot length of the output file.
RETURN VALUES
A pointer to a pcap_dumper_t structure to use in subsequent pcap_dump() and pcap_dump_close() calls is returned on success. NULL is
returned on failure. If NULL is returned, pcap_geterr(p) can be used to get the error text.
SEE ALSO pcap(3PCAP), pcap_create(3PCAP), pcap_activate(3PCAP), pcap_open_offline(3PCAP), pcap_open_live(3PCAP), pcap_open_dead(3PCAP),
pcap_dump(3PCAP), pcap_dump_close(3PCAP), pcap_geterr(3PCAP), pcap-savefile(5)
5 April 2008 PCAP_DUMP_OPEN(3PCAP)
Hi,
I am new at UNIX and programing in general and only have a basic knowledge of C++. I am helping out with some research at a college and was given the task to sort through captured packets via IP addresses. I was wondering if anyone could help me with writing a code which filters through pcap... (1 Reply)
Hi,
I am new at UNIX and programing in general and only have a basic knowledge of C++. I am helping out with some research at a college and was given the task to sort through captured packets via IP addresses. I was wondering if anyone could help me with writing a code which filters through pcap... (4 Replies)
Hi all,
I'm writing a program using libpcap, and I have multiple pcap files in a folder that I want to capture.
I currently have
handle = pcap_open_offline("/data/traffic/pcap1.pcap", errbuf");
which works fine since pcap_open_offline() takes in a filename. However, I want to process... (0 Replies)
Hi Folks,
i got the following Problem: I want to make an analysis on a pcap file. (diestance between different packets and so on) The difficulty now... it's not a simple Ethernet/ IP/ File, but it's a SS7 file.
There are the Layers MTP2 MTP3 and ISUP. My analysis depends on the ISUP Layer.
Now... (0 Replies)
Hi,
I have a standard pcap file created using tcpdump. The file looks like
06:49:36.487629 IP 202.1.175.252 > 71.126.222.64: ICMP echo request, id 52765, seq 1280, length 40
06:49:36.489552 IP 192.120.148.227 > 71.126.222.64: ICMP echo request, id 512, seq 1280, length 40
06:49:36.491812 IP... (8 Replies)