I'm running some software that sniffs local packets, then encapsulates the full, raw packet data in a TCP packet and sends it to the server.
What I'd like to do is have the server receive the packet data and put it into a PCAP file for download by anyone who is connected to the server.
Basically what I need is some inspired information regarding the PCAP file format and how to make entries into a PCAP file using raw packet data without using a packet sniffer.
Can this be done and if so how?
Impossible to tell without looking at your data and knowing what tool you are using to capture the packet.
It might be as simple as adding a global header.
The global header contains the magic number, GMT offset, timestamp precision, the maximum length of captured packets (in octets), and the data link type. This information is followed by zero or more records of captured packet data.
If you are using tcpdump then the output might already be pcap compatible. If not, just install tcpdump-libpcap and then use that version.
EXAMPLE PCAP STRUCTURE:
SOURCE: https://www.lesliesikos.com/pcap/
For some example code with PCAP headers, check out this Python program: https://www.codeproject.com/Tips/612847/Generate-a-quick-and-easy-custom-pcap-file-using-P
