WinPcap creating empty .pcap file

0
votes

Do you know how to create empty file pcap with winpcap dll? I buffer filtered packets in program memory and want to save when user click to export to .pcap file.

But when using pcap_open_offline(const char *fname, char *errbuf) can open file only if file exists. I tried fopen and other functions to create file previously (in binary mode too) but unsucessfully.

So how to get pcap_t handle pointer for pcap_dump_open(pcap_t *p, const char *fname) this way?

UPDATED: I try to use this code

fileHandle = pcap_open_offline(pcap_file_path.c_str(), errbuf);
if (errbuf == nullptr) {
    fprintf(stderr, "\nUnable to open the file %s.\n", pcap_file_path.c_str());
    return 1;
}

if (fileHandle == nullptr) {

    fprintf(stderr, "\nError to open file\n");//HERE IT FAILS
    return 1;
}

dumpfile = pcap_dump_open(fileHandle, pcap_file_path.c_str());
if (dumpfile == NULL)
{
    fprintf(stderr, "\nError opening output file\n");
    return 1;
}

SOLUTION: (Creating a pcap file)

/*create fake handle*/
fileHandle = pcap_open_dead(DLT_EN10MB, 65535);
if (fileHandle == nullptr) {
    fprintf(stderr, "\nError to open file\n");
    return 1;
}

/* Open the dump file */
dumpfile = pcap_dump_open(fileHandle, file_path.c_str());
if (dumpfile == NULL)
{
    fprintf(stderr, "\nError opening output file\n");
    return 1;
}
1
c++cpcapwinpcap
I do not know any pcap functionality, but maybe you have to create a file of the needed size i.e. create a file using fopen/ofstream/etc and write some bytes until the file is big enough.Thomas Lang
The pcap_t handle is associated to an interface or an existing savefile. So in your case, you have to use pcap_open or pcap_create/pcap_activate to associate your future dump to an interface.omuffat
omuffat: But how to use pcap_open, pcap_create when I do not have opened any device? I want to save if offline into file. When applying pcap_open_offline(const char *fname, char *errbuf) and file specified in fname does not exists, it returns NULL.Ales100

1 Answers

0
votes

Do you know how to create empty file pcap with winpcap dll? I buffer filtered packets in program memory and want to save when user click to export to .pcap file.

...

So how to get pcap_t handle pointer for pcap_dump_open(pcap_t *p, const char *fname) this way?

pcap_dump_open() returns a pcap_dumper_t * handle for use when writing the file; a pcap_t * is used for capturing or reading, not writing.

What you need to do, if you want to write a pcap file, is use pcap_dump_open(). If you have a pcap_t * from which you're reading or capturing the filtered packets, you should use that pcap_t * in the call to pcap_dump_open().