Write an array of bytes representing an IP packet to a pcap file

Question

I capture an IPv4 packet in an app like ToyVpn To make sure I handle the read packet correctly I was told to save it and the response I create to a pcap file and open it in WireShark.

I use jnetpcap-1.3.0-1.win64

As for writing to the file, I found an answer on https://stackoverflow.com/a/19170377/1065835

Both examples from http://jnetpcap.com/node/69 throw the same NPE here:

PcapDumper dumper = pcap.dumpOpen(ofile); // output file

Is it possible to do what I'm trying to do?

This is my code:

StringBuilder errbuf = new StringBuilder();
String fname = "test-afs.pcap";
new File(fname).createNewFile();
Pcap pcap = Pcap.openOffline(fname, errbuf);

String ofile = "tmp-capture-file.cap";
new File(ofile).createNewFile();
PcapDumper dumper = pcap.dumpOpen(ofile); // output file

pcap.loop(10, dumper); // Special native dumper call to loop

File file = new File(ofile);
System.out.printf("%s file has %d bytes in it!\n", ofile, file.length());

dumper.close(); // Won't be able to delete without explicit close
pcap.close();

Answer 1

The JavaDoc for Pcap.dumpOpen() states

Parameters: fname - specifies the name of the file to open; currently the libpcap option to open stdout by using "-" as a string, is not supported by jNetPcap

You're creating the very file that Pcap is going to open in the next LoC. That's not going to work, I think...:

String ofile = "tmp-capture-file.cap";
new File(ofile).createNewFile();
PcapDumper dumper = pcap.dumpOpen(ofile); // output file - BUT IT EXISTS!

In either case, you might get lucky surrounding the line with a try-catch and see if Pcap.getErr() has anything meaningful in the catch clause, but I'm betting on an already-exists issue.

Cheers,