This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

.pcap File format

0

hey ,

I need to develop a program that saves a file in .pcap format , I have no information about this format , I would like to know the structure of a file .pcap.

Please can anywone help me.

Thank you

asked 24 Jun '13, 01:52

cruz's gravatar image

cruz
11446
accept rate: 0%

2 Answers:

4

You could google for it, and find pages like this:

http://wiki.wireshark.org/Development/LibpcapFileFormat

or, better yet, use the new PCAPng format:

http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html

answered 24 Jun '13, 01:57

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Thank you for your answer

(24 Jun '13, 02:00) cruz

Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(24 Jun '13, 02:17) grahamb ♦

1

I need to develop a program that saves a file in .pcap format

You could also try using libpcap/WinPcap to write the file out. You need a pcap_t in order to create the pcap file with libpcap/WinPcap when you call pcap_dump_open(), but in current versions of libpcap you can use pcap_open_dead() to get a pcap_t with a specified link-layer header type and snapshot length.

(If you're already using libpcap/WinPcap to capture packets or read an existing pcap or pcap-ng file, you already have a pcap_t.)

answered 24 Jun '13, 18:33

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%