pcap_fopen_offline (3)
Leading comments
Copyright (c) 1994, 1996, 1997 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that: (1) source code distributions retain the above copyright notice and this paragraph in its entirety, (2) distributions including binary code include the above copyright notice and this paragraph in its entirety in the documentation or other materials provided with the distribution...
NAME
pcap_open_offline, pcap_open_offline_with_tstamp_precision, pcap_fopen_offline, pcap_fopen_offline_with_tstamp_precision - open a saved capture file for readingSYNOPSIS
#include <pcap/pcap.h> char errbuf[PCAP_ERRBUF_SIZE]; pcap_t *pcap_open_offline(const char *fname, char *errbuf); pcap_t *pcap_open_offline_with_tstamp_precision(const char *fname, u_int precision, char *errbuf); pcap_t *pcap_fopen_offline(FILE *fp, char *errbuf); pcap_t *pcap_fopen_offline_with_tstamp_precision(FILE *fp, u_int precision, char *errbuf);
DESCRIPTION
pcap_open_offline() and pcap_open_offline_with_tstamp_precision() are called to open a ``savefile'' for reading.fname specifies the name of the file to open. The file can have the pcap file format as described in pcap-savefile(5), which is the file format used by, among other programs, tcpdump(1) and tcpslice(1), or can have the pcap-ng file format, although not all pcap-ng files can be read. The name "-" is a synonym for stdin.
pcap_open_offline_with_tstamp_precision() takes an additional precision argument specifying the time stamp precision desired; if PCAP_TSTAMP_PRECISION_MICRO is specified, packet time stamps will be supplied in seconds and microseconds, and if PCAP_TSTAMP_PRECISION_NANO is specified, packet time stamps will be supplied in seconds and nanoseconds. If the time stamps in the file do not have the same precision as the requested precision, they will be scaled up or down as necessary before being supplied.
Alternatively, you may call pcap_fopen_offline() or pcap_fopen_offline_with_tstamp_precision() to read dumped data from an existing open stream fp. pcap_fopen_offline_with_tstamp_precision() takes an additional precision argument as described above. Note that on Windows, that stream should be opened in binary mode.