Wireshark mailing list archives
Re: converting pcapng to pcap
From: albert <alo () advancedio com>
Date: Fri, 28 Sep 2012 18:43:29 +0000 (UTC)
Guy Harris <guy@...> writes:
However, if you convert pcap-ng to pcap with the command
tcpdump -r file.pcapng -w file.pcap
on a system with libpcap 1.1.0 or later, the APIs used are
pcap_open_offline(), to open the input file;
pcap_loop(), to read the packets;
pcap_close(), to close the input file;
pcap_dump_open(), to open the output file;
pcap_dump(), to write to the output file;
pcap_dump_close(), to close the output file.
Thank you for the prompt response. If you could tolerate a couple more newbie questions..... I'm assuming that the meat of the .pcapng to .pcap conversion is done in the pcap_handler callback for pcap_offline_read(). Is this correct ? If so, how/where does the callback function for pcap_offline_read() get pre- assigned? Much appreciated for your time in this matter. Cheers, Albert ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- converting pcapng to pcap Albert Lo (Sep 28)
- Re: converting pcapng to pcap Jakub Zawadzki (Sep 28)
- Re: converting pcapng to pcap Guy Harris (Sep 28)
- Re: converting pcapng to pcap albert (Sep 28)
- Re: converting pcapng to pcap Guy Harris (Sep 28)
- Re: converting pcapng to pcap albert (Sep 28)
- Re: converting pcapng to pcap Guy Harris (Sep 28)
- Re: converting pcapng to pcap albert (Sep 28)