style="display:inline-block;width:728px;height:90px"
data-ad-client="ca-pub-7505528228218001"
data-ad-slot="1225241371">

Dumping without having a Pcap open

1 reply [Last post]
StaticMe
Offline
Joined: 02/19/2016

Hey there ,

if have the following code implemented in my project :

public void dump(String dummy , String filename , PcapPacketArrayList packets){

StringBuilder errbuf = new StringBuilder();
Pcap pcap = Pcap.openOffline(dummy,errbuf);

PcapDumper dump = pcap.dumpOpen(filename);

PcapPacketHandler dumper = new PcapPacketHandler(){

public void nextPacket(PcapPacket packet, PcapDumper user) {

for(int ctr = 0; ctr < packets.size(); ctr++){
user.dump(packets.get(ctr).getCaptureHeader(), packets.get(ctr));
}
}
};

pcap.loop(1, dumper , dump);
pcap.close();
dump.close();

}

What it does : it takes some parameters (like a list with packets and a dummy pcap filename) opens the dummy with openoffline , opens a dump on that pcap , and in the handler just iterates through the list , adding all packets to the dump to create a new pcapfile .

My question is : is there another way than to use a dummy pcap file, like using just a dumper to straight add the packets out of a list ? i couldnt come up with another idea on how to conveniently write a new pcap file out of stored packets , maybe you can give me a hint ?

Fyi : the dummy file consists of just one random packet i picked up with wireshark , just to be able to get into a "next packet" handler

rockybrenth
Offline
Joined: 05/06/2016
The loop will become a little

The loop will become a little bit interesting. Whoever did this, has the right idea on mind. - Bobby Price

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.