Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
PCAP_DUMP_OPEN(3PCAP)					 PCAP_DUMP_OPEN(3PCAP)

NAME
       pcap_dump_open, pcap_dump_open_append, pcap_dump_fopen -	open a file to
       which to	write packets

SYNOPSIS
       #include	<pcap/pcap.h>

       pcap_dumper_t *pcap_dump_open(pcap_t *p,	const char *fname);
       pcap_dumper_t *pcap_dump_open_append(pcap_t *p, const char *fname);
       pcap_dumper_t *pcap_dump_fopen(pcap_t *p, FILE *fp);

DESCRIPTION
       pcap_dump_open()	 is  called to open a ``savefile'' for writing.	 fname
       specifies the name of the file to open. The file	 will  have  the  same
       format  as  those used by tcpdump(1) and	tcpslice(1).  If the file does
       not exist, it will be created; if the file exists, it will be truncated
       and overwritten.	 The name "-" is a synonym for stdout.

       pcap_dump_fopen() is called to write data to an	existing  open	stream
       fp;   this   stream   will   be	 closed	  by   a  subsequent  call  to
       pcap_dump_close(3PCAP).	The stream is assumed to be at	the  beginning
       of a file that has been newly created or	truncated, so that writes will
       start  at the beginning of the file.  Note that on Windows, that	stream
       should be opened	in binary mode.

       p is a capture or ``savefile'' handle returned by an  earlier  call  to
       pcap_create(3PCAP)    and    activated	 by   an   earlier   call   to
       pcap_activate(3PCAP),   or   returned   by   an	 earlier    call    to
       pcap_open_offline(3PCAP),	   pcap_open_live(3PCAP),	    or
       pcap_open_dead(3PCAP).  The time	stamp precision, link-layer type,  and
       snapshot	 length	 from  p  are used as the link-layer type and snapshot
       length of the output file.

       pcap_dump_open_append() is like pcap_dump_open()	but, if	the  file  al-
       ready  exists,  and is a	pcap file with the same	byte order as the host
       opening the file, and has the same  time	 stamp	precision,  link-layer
       header type, and	snapshot length	as p, it will write new	packets	at the
       end of the file.

RETURN VALUE
       A   pointer   to	  a  pcap_dumper_t  structure  to  use	in  subsequent
       pcap_dump(3PCAP)	and pcap_dump_close(3PCAP) calls is returned  on  suc-
       cess.	NULL   is   returned   on   failure.   If  NULL	 is  returned,
       pcap_geterr(3PCAP) can be used to get the error text.

BACKWARD COMPATIBILITY
       The pcap_dump_open_append() function became available  in  libpcap  re-
       lease  1.7.2.   In previous releases, there is no support for appending
       packets to an existing savefile.

SEE ALSO
       pcap(3PCAP), pcap-savefile(5)

				  3 July 2020		 PCAP_DUMP_OPEN(3PCAP)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=pcap_dump_open&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>

home | help