tcpdump mailing list archives

Re: how to create a PCAP file made of a bunch of

From: Dustin Spicuzza <dustin () virtualroadside com>
Date: Thu, 11 Mar 2010 12:00:27 -0500

On 3/11/2010 10:23 AM, Selçuk Cevher wrote:

Hi All,

As far as I know, libpcap is capable of packaging certain amount of binary
data in the form of an Ethernet frame.

I wonder if libpcap is capable of combining several Ethernet frames
constructed by itself or obtained from  a live capture in the form of a PCAP
file.


constructing raw frames with a C program: look at the documentation for
pcap_dump() on how to save them to a pcap formatted file -- but you have
to construct the frames yourself (or read them from somewhere... libpcap
has methods you can use to capture from a interface)

live capture: use tcpdump or wireshark to save pcap files, and use
tcpslice to combine pcap files


Dustin


-- 
Innovation is just a problem away

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

how to create a PCAP file made of a bunch of Ethernet frames using libpcap ? Selçuk Cevher (Mar 11)
- Re: how to create a PCAP file made of a bunch of Dustin Spicuzza (Mar 11)
- Re: how to create a PCAP file made of a bunch of Ethernet frames using libpcap ? Michael Richardson (Mar 11)