pcap_dump_open - open a file to which to write packets
#include <pcap/pcap.h> pcap_dumper_t *pcap_dump_open(pcap_t *p, const char *fname); pcap_dumper_t *pcap_dump_open_append(pcap_t *p, const char *fname); pcap_dumper_t *pcap_dump_fopen(pcap_t *p, FILE *fp);
PCAP_DUMP_OPEN(3pcap) PCAP_DUMP_OPEN(3pcap) NAME pcap_dump_open, pcap_dump_fopen - open a file to which to write packets SYNOPSIS #include <pcap/pcap.h> pcap_dumper_t *pcap_dump_open(pcap_t *p, const char *fname); pcap_dumper_t *pcap_dump_open_append(pcap_t *p, const char *fname); pcap_dumper_t *pcap_dump_fopen(pcap_t *p, FILE *fp); DESCRIPTION pcap_dump_open() is called to open a ``savefile'' for writing. fname specifies the name of the file to open. The file will have the same format as those used by tcpdump(1) and tcpslice(1). The name "-" is a synonym for stdout. pcap_dump_fopen() is called to write data to an existing open stream fp; this stream will be closed by a subsequent call to pcap_dump_close(3PCAP). Note that on Windows, that stream should be opened in binary mode. p is a capture or ``savefile'' handle returned by an earlier call to pcap_create(3PCAP) and activated by an earlier call to pcap_activate(3PCAP), or returned by an earlier call to pcap_open_offline(3PCAP), pcap_open_live(3PCAP), or pcap_open_dead(3PCAP). The time stamp precision, link-layer type, and snapshot length from p are used as the link-layer type and snapshot length of the output file. pcap_dump_open_append() is like pcap_dump_open() but does not create the file if it does not exist and, if it does already exist, and is a pcap file with the same byte order as the host opening the file, and has the same time stamp precision, link-layer header type, and snapshot length as p, it will write new packets at the end of the file. RETURN VALUES A pointer to a pcap_dumper_t structure to use in subsequent pcap_dump(3PCAP) and pcap_dump_close(3PCAP) calls is returned on suc- cess. NULL is returned on failure. If NULL is returned, pcap_geterr(3PCAP) can be used to get the error text. BACKWARD COMPATIBILITY The pcap_dump_open_append() function became available in libpcap release 1.7.2. In previous releases, there is no support for appending packets to an existing savefile. ATTRIBUTES See attributes(7) for descriptions of the following attributes: +---------------+------------------------+ |ATTRIBUTE TYPE | ATTRIBUTE VALUE | +---------------+------------------------+ |Availability | system/library/libpcap | +---------------+------------------------+ |Stability | Uncommitted | +---------------+------------------------+ SEE ALSO pcap(3PCAP), pcap-savefile(5) NOTES Source code for open source software components in Oracle Solaris can be found at https://www.oracle.com/downloads/opensource/solaris-source- code-downloads.html. This software was built from source available at https://github.com/oracle/solaris-userland. The original community source was downloaded from https://www.tcpdump.org/release/libp- cap-1.9.1.tar.gz. Further information about this software can be found on the open source community website at https://www.tcpdump.org/. 22 August 2018 PCAP_DUMP_OPEN(3pcap)