pcap_dump Subroutine

Purpose

Writes packet capture data to a binary file.

Library

pcap Library (libpcap.a)

Syntax

#include <pcap.h>

void pcap_dump(u_char * user, struct pcap_pkthdr * h, u_char * sp);

Description

The pcap_dump subroutine writes the packet capture data to a binary file. The packet header data, contained in h, will be written to the the file pointed to by the user file pointer, followed by the packet data from sp. Up to h->caplen bytes of sp will be written.

The file that user points to (where the pcap_dump subroutine writes to) must be open. To open the file and retrieve its pointer, use the pcap_dump_open subroutine.

The calling arguments for the pcap_dump subroutine are suitable for use with pcap_dispatch subroutine and the pcap_loop subroutine. To retrieve this data, the pcap_open_offline subroutine can be invoked with the name of the file that user points to as its first parameter.

Parameters

Item Description
h Contains the packet header data that will be written to the packet capture date file, known as the savefile. This data will be written ahead of the rest of the packet data.
sp Points to the packet data that is to be written to the savefile.
user Specifies the savefile file pointer which is returned from the pcap_dump_open subroutine. It should be cast to a u_char * when passed in.