Re: tcpddump -w help

[Guy Harris <guy () alum mit edu>]

On May 18, 2006, at 9:18 PM, sandeep nitta wrote:

> can anyone help me out with how a tcpdump -w command works.
> I want to know what library functions are invoked if i use a -w  
> option and
> the structures used.

It uses:

        pcap_open_live() to open the capture device;

        pcap_dump_open() to open the output file;

	pcap_loop() to read packets from the capture device - the callback  
uses pcap_dump() to write to the output file (or, in older versions  
of tcpdump, *is* pcap_dump());

        pcap_dump_close() to close the dump file when it's done;

        pcap_close() to close the capture device when it's done.

Some other libpcap routines might be used.

See the source code for further details.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.