Building.Open.Source.Network.Security.Tools.Components.And.Techniques [Electronic resources] نسخه متنی

This is a Digital Library

With over 100,000 free electronic resource in Persian, Arabic and English

Building.Open.Source.Network.Security.Tools.Components.And.Techniques [Electronic resources] - نسخه متنی

Mike D. Schiffman

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید







Savefile (Dump) Functions

Libpcap offers the option to write live capture sessions to a file termed a "savefile" (this method is how tcpdump writes sessions to disk). The following functionality manipulates savefiles.



pcap_dumper_t *pcap_dump_open(pcap_t *p, char *fname);


pcap_dump_open() opens a libpcap savefile for writing. The p argument references a valid libpcap descriptor (returned from a successful call to pcap_open_*() functions). fname is a pointer to the filename to open (if the file exists, it will overwrite it). Upon success, the function returns a libpcap dumper descriptor. Upon failure, the function returns a NULL pointer, and you can use one of the pcap_*err() functions to find out the reason.





Note

You can use the "-" string as a filename as a synonym for STDOUT (standard output).




void pcap_dump(u_char *user, struct pcap_pkthdr *h, u_char
*sp);


pcap_dump() writes a packet to an already initialized pcap savefile.





Note

pcap_dump() could silently fail to successfully write data to the savefile because it does not check for errors after writing (buyer beware).




int pcap_is_swapped(pcap_t *p);


pcap_is_swapped() returns 1 if the byte-ordering in the savefile that p references is different from the byte-ordering of the current system.



int pcap_major_version(pcap_t *p);


pcap_major_version() returns the major version of libpcap that wrote the savefile that p referenced.



int pcap_minor_version(pcap_t *p);


pcap_minor_version() returns the minor version of libpcap that wrote the savefile that p referenced.



FILE *pcap_file(pcap_t *p);


pcap_file() returns a stream file pointer to the savefile that p referenced or NULL if p does not refer to a savefile.



void pcap_dump_close(pcap_dumper_t *p);


pcap_dump_close() closes a pcap savefile that p referenced.

/ 135