Re: how to construct tcpdump readable packets

[Guy Harris <guy () alum mit edu>]

Hannes Gredler wrote:

> you may want to check the text2pcap utility
> that comes along with ethereal for learning about
> conversion to a libpcap readable format.

Or, alternatively, with newer versions of libpcap (those with 
pcap_open_dead(), so you can write to a libpcap file without having a 
libpcap file or live capture open), use pcap_open_dead() with the 
appropriate DLT_ value to get a fake pcap_t, use that pcap_t to open a 
pcap_dumper_t output stream with pcap_dump_open(), and then write the 
data for the packets out (with faked time stamps and capture 
length/length) using pcap_dump(), and close with pcap_dump_close().
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.