Hannes Gredler wrote:
you may want to check the text2pcap utility that comes along with ethereal for learning about conversion to a libpcap readable format.
Or, alternatively, with newer versions of libpcap (those with pcap_open_dead(), so you can write to a libpcap file without having a libpcap file or live capture open), use pcap_open_dead() with the appropriate DLT_ value to get a fake pcap_t, use that pcap_t to open a pcap_dumper_t output stream with pcap_dump_open(), and then write the data for the packets out (with faked time stamps and capture length/length) using pcap_dump(), and close with pcap_dump_close().
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
