pcap_dump_open (3)
Leading comments
Copyright (c) 1994, 1996, 1997 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that: (1) source code distributions retain the above copyright notice and this paragraph in its entirety, (2) distributions including binary code include the above copyright notice and this paragraph in its entirety in the documentation or other materials provided with the distribution...
NAME
pcap_dump_open, pcap_dump_fopen - open a file to which to write packetsSYNOPSIS
#include <pcap/pcap.h> pcap_dumper_t *pcap_dump_open(pcap_t *p, const char *fname); pcap_dumper_t *pcap_dump_open_append(pcap_t *p, const char *fname); pcap_dumper_t *pcap_dump_fopen(pcap_t *p, FILE *fp);
DESCRIPTION
pcap_dump_open() is called to open a ``savefile'' for writing. fname specifies the name of the file to open. The file will have the same format as those used by tcpdump(1) and tcpslice(1). The name "-" is a synonym for stdout.pcap_dump_fopen() is called to write data to an existing open stream fp. Note that on Windows, that stream should be opened in binary mode.
p is a capture or ``savefile'' handle returned by an earlier call to pcap_create() and activated by an earlier call to pcap_activate(), or returned by an earlier call to pcap_open_offline(), pcap_open_live(), or pcap_open_dead(). The time stamp precision, link-layer type, and snapshot length from p are used as the link-layer type and snapshot length of the output file.
pcap_dump_open_append() is like pcap_dump_open but does not create the file if it does not exist and, if it does already exist, and is a pcap file with the same byte order as the host opening the file, and has the same time stamp precision, link-layer header type, and snapshot length as p, it will write new packets at the end of the file.