> "Guy" == Guy Harris writes:
Guy> A pcap file has *one* file header followed by a sequence of
Guy> zero or more packets, each with a packet record header. A file
Guy> header is not a valid packet record header, so that wouldn't
Guy> work for *any* number of packets.
Guy
On Nov 11, 2012, at 5:44 PM, barcaroller wrote:
> On 2012-11-11 23:27:00 +, Guy Harris said:
>
>> They could, in principle, be appended to, but that can't be done with the
>> existing APIs - you'd need an "open for appending" call, which would, unlike
>> the "create a new file" calls (pca
On Nov 11, 2012, at 2:55 PM, barcaroller wrote:
> The libpcap C API provides functions for writing (pcap_dump) and reading
> (pcap_next) a PCAP file. I have two questions:
>
> - How do I remove a packet from a PCAP file using the libpcap C API?
You can't remove a packet from an existing file
