PCAP_DUMP_OPEN(3PCAP) PCAP_DUMP_OPEN(3PCAP)

NAME


pcap_dump_open, pcap_dump_open_append, pcap_dump_fopen - open a file
to which to write packets

SYNOPSIS


#include <pcap/pcap.h>

pcap_dumper_t *pcap_dump_open(pcap_t *p, const char *fname);
pcap_dumper_t *pcap_dump_open_append(pcap_t *p, const char *fname);
pcap_dumper_t *pcap_dump_fopen(pcap_t *p, FILE *fp);

DESCRIPTION


pcap_dump_open() is called to open a ``savefile'' for writing. fname
specifies the name of the file to open. The file will have the same
format as those used by tcpdump(1) and tcpslice(1). If the file does
not exist, it will be created; if the file exists, it will be
truncated and overwritten. The name "-" is a synonym for stdout.

pcap_dump_fopen() is called to write data to an existing open stream
fp; this stream will be closed by a subsequent call to
pcap_dump_close(3PCAP). The stream is assumed to be at the beginning
of a file that has been newly created or truncated, so that writes
will start at the beginning of the file. Note that on Windows, that
stream should be opened in binary mode.

p is a capture or ``savefile'' handle returned by an earlier call to
pcap_create(3PCAP) and activated by an earlier call to
pcap_activate(3PCAP), or returned by an earlier call to
pcap_open_offline(3PCAP), pcap_open_live(3PCAP), or
pcap_open_dead(3PCAP). The time stamp precision, link-layer type,
and snapshot length from p are used as the link-layer type and
snapshot length of the output file.

pcap_dump_open_append() is like pcap_dump_open() but, if the file
already exists, and is a pcap file with the same byte order as the
host opening the file, and has the same time stamp precision, link-
layer header type, and snapshot length as p, it will write new
packets at the end of the file.

RETURN VALUE


A pointer to a pcap_dumper_t structure to use in subsequent
pcap_dump(3PCAP) and pcap_dump_close(3PCAP) calls is returned on
success. NULL is returned on failure. If NULL is returned,
pcap_geterr(3PCAP) can be used to get the error text.

BACKWARD COMPATIBILITY


The pcap_dump_open_append() function became available in libpcap
release 1.7.2. In previous releases, there is no support for
appending packets to an existing savefile.

SEE ALSO


pcap(3PCAP), pcap-savefile(4)

3 July 2020 PCAP_DUMP_OPEN(3PCAP)
tribblix@gmail.com :: GitHub :: Privacy