Looks like you are handling raw IP packets. Here is an example using the pcap API. Refer to the respective manual pages and the pcap(3pcap) overview for an explanation of the functions. Further error handling and cleanup is left as an exercise to the reader.
#include <stdio.h>
#include <pcap/pcap.h>
static u_char ip_pkt[] = {
0x45, 0x00, 0x00, 0x38, 0x00, 0xf2, 0x20, 0x00, /* E..8.. . */
0x40, 0x11, 0x14, 0x33, 0xc0, 0x00, 0x00, 0x02, /* @..3…. */
0x0a, 0x2a, 0x7b, 0x64, 0x7c, 0xab, 0x4e, 0xe5, /* .*{d|.N. */
0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* .$…… */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* …….. */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* …….. */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 /* ……. */
};
static size_t ip_pkt_len = sizeof(ip_pkt)/sizeof(*ip_pkt);
int main(void)
{
pcap_t pcap;
/ open pcap context for Raw IP (DLT_RAW), see
* http://www.tcpdump.org/linktypes.html */
#define DLT_RAW 12
pcap = pcap_open_dead(DLT_RAW, 65565);
pcap_dumper_t *d;
/* open output file (stdout) */
d = pcap_dump_fopen(pcap, stdout);
if (d == NULL) {
pcap_perror(pcap, "pcap_dump_fopen");
return 1;
}
/* prepare for writing */
struct pcap_pkthdr hdr;
hdr.ts.tv_sec = 0; /* sec */
hdr.ts.tv_usec = 0; /* ms */
hdr.caplen = hdr.len = ip_pkt_len;
/* write single IP packet */
pcap_dump((u_char *)d, &hdr, ip_pkt);
/* finish up */
pcap_dump_close(d);
return 0;
}
An alternative (easier) way is to use the Scapy (in Python) to craft a capture file. Example with the data provided in the comments:
#!/usr/bin/env python2
Import dependencies
from scapy.all import Dot11, wrpcap
raw 802.11 contents
hex = 'C0 00 3A 01 00 11 22 33 44 55 FF FF FF FF FF FF 00 11 22 33 44 55 20 EF 06 00 00 00 00 00'
Initialize a 802.11 structure from raw bytes
packet = Dot11(bytearray.fromhex())
Optional: use Scapy for data interpretation
print(p.summary())
print(p.show())
Write the contents to file
wrpcap('your.pcap', pkt)
answered 16 Jan ‘15, 14:05
Lekensteyn
2.2k●3●7●24
accept rate: 30%
thanks a lot! will try that. yes it is RAW IP packet.
There shouldn’t be a need to do
#define DLT_RAW 12;pcap_open_dead()takes the platform’s value forDLT_RAWas an argument, and including<pcap.h>should cause that to be defined.Also, older versions of libpcap generally had just
<pcap.h>, so, for maximum portability, the program should include<pcap.h>rather than<pcap/pcap.h>.in visual studio I was using this code. I was getting an error of unresolved symbols at pacp_dump_fopen
(Presumably that’s a typo for “pcap_dump_fopen()")
You have to link with libpcap (on UN*X) or WinPcap (on WIndows).
it was working if I use pcap_dump_open().
here we are using Raw packet data. if I want to dump 802.11 packets such as data, management,control packets, what should I do?.
I mean if I want to save a packet of hexa values like this–>C0 00 3A 01 00 11 22 33 44 55 FF FF FF FF FF FF 00 11 22 33 44 55 20 EF 06 00 00 00 00 00
@sathish308 you need to use the
DLT_IEEE802_11link layer type, see http://www.tcpdump.org/linktypes.html. Alternatively, you can use Python and the Scapy library (see edit).