PCAP_FILE(3) Library Functions Manual PCAP_FILE(3)NAME
pcap_file - get the standard I/O stream for a savefile being read
SYNOPSIS
#include <pcap/pcap.h>
FILE *pcap_file(pcap_t *p);
DESCRIPTION
pcap_file() returns the standard I/O stream of the ``savefile,'' if a ``savefile'' was opened with pcap_open_offline(), or NULL, if a net-
work device was opened with pcap_create() and pcap_activate(), or with pcap_open_live().
Note that the Packet Capture library is usually built with large file support, so the standard I/O stream of the ``savefile'' might refer
to a file larger than 2 gigabytes; applications that use pcap_file() should, if possible, use calls that support large files on the return
value of pcap_file() or the value returned by fileno() when passed the return value of pcap_file().
SEE ALSO pcap(3), pcap_open_offline(3)
5 April 2008 PCAP_FILE(3)
Check Out this Related Man Page
PCAP_OPEN_OFFLINE(3PCAP)PCAP_OPEN_OFFLINE(3PCAP)NAME
pcap_open_offline, pcap_fopen_offline - open a saved capture file for reading
SYNOPSIS
#include <pcap/pcap.h>
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *pcap_open_offline(const char *fname, char *errbuf);
pcap_t *pcap_fopen_offline(FILE *fp, char *errbuf);
DESCRIPTION
pcap_open_offline() is called to open a ``savefile'' for reading.
fname specifies the name of the file to open. The file can have the pcap file format as described in pcap-savefile(5), which is the file
format used by, among other programs, tcpdump(1) and tcpslice(1), or can have the pcap-ng file format, although not all pcap-ng files can
be read. The name "-" in a synonym for stdin.
Alternatively, you may call pcap_fopen_offline() to read dumped data from an existing open stream fp. Note that on Windows, that stream
should be opened in binary mode.
RETURN VALUE
pcap_open_offline() and pcap_fopen_offline() return a pcap_t * on success and NULL on failure. If NULL is returned, errbuf is filled in
with an appropriate error message. errbuf is assumed to be able to hold at least PCAP_ERRBUF_SIZE chars.
SEE ALSO pcap(3PCAP), pcap-savefile(5)
5 April 2008 PCAP_OPEN_OFFLINE(3PCAP)
Hi,
I am new at UNIX and programing in general and only have a basic knowledge of C++. I am helping out with some research at a college and was given the task to sort through captured packets via IP addresses. I was wondering if anyone could help me with writing a code which filters through pcap... (1 Reply)
Hi,
I am new at UNIX and programing in general and only have a basic knowledge of C++. I am helping out with some research at a college and was given the task to sort through captured packets via IP addresses. I was wondering if anyone could help me with writing a code which filters through pcap... (4 Replies)
Hi all,
I'm writing a program using libpcap, and I have multiple pcap files in a folder that I want to capture.
I currently have
handle = pcap_open_offline("/data/traffic/pcap1.pcap", errbuf");
which works fine since pcap_open_offline() takes in a filename. However, I want to process... (0 Replies)
Hi Folks,
i got the following Problem: I want to make an analysis on a pcap file. (diestance between different packets and so on) The difficulty now... it's not a simple Ethernet/ IP/ File, but it's a SS7 file.
There are the Layers MTP2 MTP3 and ISUP. My analysis depends on the ISUP Layer.
Now... (0 Replies)
Hi,
I have a standard pcap file created using tcpdump. The file looks like
06:49:36.487629 IP 202.1.175.252 > 71.126.222.64: ICMP echo request, id 52765, seq 1280, length 40
06:49:36.489552 IP 192.120.148.227 > 71.126.222.64: ICMP echo request, id 512, seq 1280, length 40
06:49:36.491812 IP... (8 Replies)