pcap_dump_open - open a file to which to write packets
#include <pcap/pcap.h> pcap_dumper_t *pcap_dump_open(pcap_t *p, const char *fname); pcap_dumper_t *pcap_dump_open_append(pcap_t *p, const char *fname); pcap_dumper_t *pcap_dump_fopen(pcap_t *p, FILE *fp);
PCAP_DUMP_OPEN(3pcap) PCAP_DUMP_OPEN(3pcap)
NAME
pcap_dump_open, pcap_dump_fopen - open a file to which to write packets
SYNOPSIS
#include <pcap/pcap.h>
pcap_dumper_t *pcap_dump_open(pcap_t *p, const char *fname);
pcap_dumper_t *pcap_dump_open_append(pcap_t *p, const char *fname);
pcap_dumper_t *pcap_dump_fopen(pcap_t *p, FILE *fp);
DESCRIPTION
pcap_dump_open() is called to open a ``savefile'' for writing. fname
specifies the name of the file to open. The file will have the same
format as those used by tcpdump(1) and tcpslice(1). The name "-" is a
synonym for stdout.
pcap_dump_fopen() is called to write data to an existing open stream
fp; this stream will be closed by a subsequent call to
pcap_dump_close(3PCAP). Note that on Windows, that stream should be
opened in binary mode.
p is a capture or ``savefile'' handle returned by an earlier call to
pcap_create(3PCAP) and activated by an earlier call to
pcap_activate(3PCAP), or returned by an earlier call to
pcap_open_offline(3PCAP), pcap_open_live(3PCAP), or
pcap_open_dead(3PCAP). The time stamp precision, link-layer type, and
snapshot length from p are used as the link-layer type and snapshot
length of the output file.
pcap_dump_open_append() is like pcap_dump_open() but does not create
the file if it does not exist and, if it does already exist, and is a
pcap file with the same byte order as the host opening the file, and
has the same time stamp precision, link-layer header type, and snapshot
length as p, it will write new packets at the end of the file.
RETURN VALUES
A pointer to a pcap_dumper_t structure to use in subsequent
pcap_dump(3PCAP) and pcap_dump_close(3PCAP) calls is returned on suc-
cess. NULL is returned on failure. If NULL is returned,
pcap_geterr(3PCAP) can be used to get the error text.
BACKWARD COMPATIBILITY
The pcap_dump_open_append() function became available in libpcap
release 1.7.2. In previous releases, there is no support for appending
packets to an existing savefile.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+------------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+------------------------+
|Availability | system/library/libpcap |
+---------------+------------------------+
|Stability | Uncommitted |
+---------------+------------------------+
SEE ALSO
pcap(3PCAP), pcap-savefile(5)
NOTES
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from https://www.tcpdump.org/release/libp-
cap-1.9.1.tar.gz.
Further information about this software can be found on the open source
community website at https://www.tcpdump.org/.
22 August 2018 PCAP_DUMP_OPEN(3pcap)