ZionKing
Reputation: 326
pcap_dump file not opened by Wireshark
I am trying to save the output of this file in libpcap format and although the file does get saved and the right data is written into it, Wireshark is unable to open it. Anyone see what I am missing here ? Thanks.
// opening the device here to listen
handle = pcap_open_live( dev, BUFSIZ, 1, 1000, errbuf );
unsigned int dlt = DLT_EN10MB;
pcap_set_datalink(handle,dlt );
FILE *filename;
filename = fopen("/workarea/capture","a+");
pcap_dumper_t * dump = NULL;
// opens the file
dump = pcap_dump_open( handle, (const char *)filename );
pcap_loop(handle,-1,my_callback,(unsigned char *)filename);
return (0);
}
void my_callback(u_char *dump,const struct pcap_pkthdr* pkthdr,const u_char *packet)
{
unsigned int i=0;
pcap_dump(dump,pkthdr,packet);
}
Upvotes: 2
Views: 1812
Answers (1)
Mark Wilkins
Reputation: 41232
Your call to pcap_dump_open does not seem correct. It is passing a FILE* pointer but should be passing a file name. Use pcap_dump_fopen for a FILE pointer. Or continue using pcap_dump_open but simply pass the file name to it.
Upvotes: 3
Related Questions
- How to use libpcap to parse pcap file.
- Converted pcap file not able to load in veloview
- How to read a pcap file from wireshark with visual c++
- create PCAP file for captured packet in c
- wireshark doesn't display packets from pcap file
- Parsing a .pcap file in plain C
- How can I open a pcap-ng file in C#
- Wireshark error when opening .pcap dumped with pcapy
- Packet is stored wrong in .pcap file
- Opening .pkt (Omnipeek capture) file in C