[Winpcap-users] modify and save packets

[sebastien]

 Ok, thank you.
But to  open the output file, the function pcap_open_offline needs a parameter of type   pcap_t *. The documentation says that this structure is returned by pcap_open_offline().
 So is it the result of the pcap_open_offline() used to open the input file? It is strange to use the input file to open the output file!

Guy Harris <guy at alum.mit.edu> a écrit : sebastien wrote:

> I want to write an apllication that write packets from a winpcap file, 
> modify the packets and then save the modify packets in another file.

I assume you meant "read packets from a winpcap file, modify the packets 
and then save the modified packets in another file".

> I have only found how to save packets captured from an interface. Is it 
> possible to save modified packets?

Yes.

> Can you give me an idea how I can do this?

You'd open the input file with pcap_open_offline() or pcap_open() 
(rather than opening an interface with pcap_open_live() or pcap_open()), 
open the output file with pcap_dump_open(), read from the input file, 
modify the packet contents, and then write them with pcap_dump().

I.e., it's not that different from saving packets captured from an 
interface; the only difference is that you open a capture file rather 
than an interface.
_________________


 		
---------------------------------
 Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20060829/ae6e5b45/attachment.htm