Home/ Questions/Q 878605
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T11:47:47+00:00

I am trying to build an application that converts my old custom Ethernet logs

  • 0

I am trying to build an application that converts my old custom Ethernet logs (bin files) to standard winpcap style logs.

The problem is that I can’t seem to find an example of how to opening a pcap_t* without using an adapter (network card). The temp.pkt has not been created.

I have looked thou the examples provided with Winpcap and all of them use a live adapter when dumping packets. This example is the closest \WpdPack\Examples-pcap\savedump\savedump.c is the closest, see example below slightly modified. 

#ifdef _MSC_VER
/*
 * we do not want the warnings about the old deprecated and unsecure CRT functions
 * since these examples can be compiled under *nix as well
 */
#define _CRT_SECURE_NO_WARNINGS
#endif
#include "pcap.h"

int main(int argc, char **argv)
{
    pcap_if_t *alldevs;
    pcap_if_t *d;
    int inum;
    int i=0;
    pcap_t *adhandle;
    char errbuf[PCAP_ERRBUF_SIZE];
    pcap_dumper_t *dumpfile;


    /* Open the adapter */
    if ((adhandle= pcap_open(??????,    // name of the device
                             65536,         // portion of the packet to capture. 
                                            // 65536 grants that the whole packet will be captured on all the MACs.
                             1,             // promiscuous mode (nonzero means promiscuous)
                             1000,          // read timeout
                             errbuf         // error buffer
                             )) == NULL)
    {
        fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
        /* Free the device list */
        pcap_freealldevs(alldevs);
        return -1;
    }

    /* Open the dump file */
    dumpfile = pcap_dump_open(adhandle, argv[1]);
    if(dumpfile==NULL) {
        fprintf(stderr,"\nError opening output file\n");
        return -1;
    }    

    // ---------------------------
    struct pcap_pkthdr header;
    header.ts.tv_sec    = 1 ;   /* seconds */
    header.ts.tv_usec   = 1;    /* and microseconds */
    header.caplen       = 100;  /* length of portion present */
    header.len          = 100 ; /* length this packet (off wire) */

    u_char pkt_data[100];       
    for( int i = 0 ; i < 100 ; i++ ) {
        pkt_data[i] = i ; 
    }

    pcap_dump( (u_char *) dumpfile, &header, (u_char *)  &pkt_data);
    // ---------------------------

    /* start the capture */
    // pcap_loop(adhandle, 0, packet_handler, (unsigned char *)dumpfile);

    pcap_close(adhandle);
    return 0;
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If all you’re doing is converting your own file format to .pcap, you don’t need a pcap_t*, you can just use something like:

    FILE* create_pcap_file(const char *filename, int linktype)
{
    struct pcap_file_header fh;
    fh.magic = TCPDUMP_MAGIC;
    fh.sigfigs = 0;
    fh.version_major = 2;
    fh.version_minor = 4;
    fh.snaplen = 2<<15; 
    fh.thiszone = 0;
    fh.linktype = linktype;

    FILE *file = fopen(filename, "wb");
    if(file != NULL) {
        if(fwrite(&fh, sizeof(fh), 1, file) != 1) {
            fclose(file);
            file = NULL;
        }
    }

    return file;
}

int write_pcap_packet(FILE* file,size_t length,const unsigned char *data,const struct timeval *tval)
{
    struct pcap_pkthdr pkhdr;
    pkhdr.caplen = length;
    pkhdr.len = length;
    pkhdr.ts = *tval;

    if(fwrite(&pkhdr, sizeof(pkhdr), 1, file) != 1) {
        return 1;
    }

    if(fwrite(data, 1, length, file) != length) {
        return 2;
    }

    return 0;
}
    • 0