NAME¶
pcap_dump_open, pcap_dump_fopen - open a file to which to write packets
SYNOPSIS¶
#include <pcap/pcap.h>
pcap_dumper_t *pcap_dump_open(pcap_t *p, const char *fname);
pcap_dumper_t *pcap_dump_open_append(pcap_t *p, const char *fname);
pcap_dumper_t *pcap_dump_fopen(pcap_t *p, FILE *fp);
DESCRIPTION¶
pcap_dump_open() is called to open a ``savefile'' for writing.
fname specifies the name of the file to open. The file will have the
same format as those used by
tcpdump(1) and
tcpslice(1). The
name "-" is a synonym for
stdout.
pcap_dump_fopen() is called to write data to an existing open stream
fp. Note that on Windows, that stream should be opened in binary mode.
p is a capture or ``savefile'' handle returned by an earlier call to
pcap_create() and activated by an earlier call to
pcap_activate(), or returned by an earlier call to
pcap_open_offline(),
pcap_open_live(), or
pcap_open_dead(). The time stamp precision, link-layer type, and
snapshot length from
p are used as the link-layer type and snapshot
length of the output file.
pcap_dump_open_append() is like
pcap_dump_open but does not create
the file if it does not exist and, if it does already exist, and is a pcap
file with the same byte order as the host opening the file, and has the same
time stamp precision, link-layer header type, and snapshot length as
p,
it will write new packets at the end of the file.
RETURN VALUES¶
A pointer to a
pcap_dumper_t structure to use in subsequent
pcap_dump() and
pcap_dump_close() calls is returned on success.
NULL is returned on failure. If
NULL is returned,
pcap_geterr( p) can be used to get the error text.
SEE ALSO¶
pcap(3PCAP), pcap_create(3PCAP), pcap_activate(3PCAP), pcap_open_offline(3PCAP),
pcap_open_live(3PCAP), pcap_open_dead(3PCAP), pcap_dump(3PCAP),
pcap_dump_close(3PCAP), pcap_geterr(3PCAP),
pcap-savefile(5)