I'm making a C++ program using MINGW that uses the Winpcap library to save BTLE packets into a PCAP file.
I'm trying to open a PCAP file using the DLT_USER0 link layer type.
I can open DLT_USER0 using the call to pcap_open_dead() but pcap_dump_open() is complaining that it doesn't know the corresponding link type.
I get the following message after calling pcap_geterr():
out-dump.pcap: link-layer type -1 isn't supported in savefiles
Here's my code below.
#define OUT_FILENAME "out-dump.pcap"
pcap_t *pcap_dumpfile; // Descriptor of an open capture instance
pcap_dumper_t *dumper; // libpcap savefile descriptor"
// pcap_open_dead() creates a pcap_t structure to use when
// calling other functions in libpacp
pcap_dumpfile = pcap_open_dead(DLT_USER0, 128);
// Check if pcap_dumpfile was created. If it was not it will return a NULL
if (NULL == pcap_dumpfile)
{
cout << "\npcap_open_dead() FAILED!!!" << endl;
}
else
{
// Open a save file to write to!
dumper = pcap_dump_open(pcap_dumpfile, OUT_FILENAME);
pcap_dump_flush(dumper);
// Check if the dumper was created
if (NULL == dumper)
{
// Printout the FAIL status
cout << "\npcap_dump_open() FAILED!!!" << endl;
// Printout the PCAP Error
cout << "\n" << pcap_geterr(pcap_dumpfile) << endl;
// Close the pcap_dumpfile and deallocate it's resources
pcap_close(pcap_dumpfile);
}
}
I'm using the WinPcap 4.1.2 Developer's Pack to build my C++ application.
