Updated: 2022/Sep/29

Please read Privacy Policy. It's for your privacy.

PCAP_DUMP_OPEN(3)          Library Functions Manual          PCAP_DUMP_OPEN(3)



NAME
       pcap_dump_open, pcap_dump_open_append, pcap_dump_fopen - open a file to
       which to write packets

SYNOPSIS
       #include <pcap/pcap.h>

       pcap_dumper_t *pcap_dump_open(pcap_t *p, const char *fname);
       pcap_dumper_t *pcap_dump_open_append(pcap_t *p, const char *fname);
       pcap_dumper_t *pcap_dump_fopen(pcap_t *p, FILE *fp);

DESCRIPTION
       pcap_dump_open() is called to open a ``savefile'' for writing.  fname
       specifies the name of the file to open. The file will have the same
       format as those used by tcpdump(8) and tcpslice(1).  If the file does
       not exist, it will be created; if the file exists, it will be truncated
       and overwritten.  The name "-" is a synonym for stdout.

       pcap_dump_fopen() is called to write data to an existing open stream
       fp; this stream will be closed by a subsequent call to
       pcap_dump_close(3).  The stream is assumed to be at the beginning of a
       file that has been newly created or truncated, so that writes will
       start at the beginning of the file.  Note that on Windows, that stream
       should be opened in binary mode.

       p is a capture or ``savefile'' handle returned by an earlier call to
       pcap_create(3) and activated by an earlier call to pcap_activate(3), or
       returned by an earlier call to pcap_open_offline(3), pcap_open_live(3),
       or pcap_open_dead(3).  The time stamp precision, link-layer type, and
       snapshot length from p are used as the link-layer type and snapshot
       length of the output file.

       pcap_dump_open_append() is like pcap_dump_open() but, if the file
       already exists, and is a pcap file with the same byte order as the host
       opening the file, and has the same time stamp precision, link-layer
       header type, and snapshot length as p, it will write new packets at the
       end of the file.

RETURN VALUE
       A pointer to a pcap_dumper_t structure to use in subsequent
       pcap_dump(3) and pcap_dump_close(3) calls is returned on success.  NULL
       is returned on failure.  If NULL is returned, pcap_geterr(3) can be
       used to get the error text.

BACKWARD COMPATIBILITY
       The pcap_dump_open_append() function became available in libpcap
       release 1.7.2.  In previous releases, there is no support for appending
       packets to an existing savefile.

SEE ALSO
       pcap(3), pcap-savefile(5)



                                  3 July 2020                PCAP_DUMP_OPEN(3)