[Winpcap-users] pcap file pointer
Brian Panneton
brian.panneton at gmail.com
Sat Jan 15 07:03:18 PST 2011
Hmm, I did try to fopen in binary mode. It looks like when I call
pcap_fopen_offline() that it is defined as pcap_hopen_offline(), if that is
the trick you are speaking of. Later, I get the pointer from pcap_file()
however the underlying sf.rfile pointer is different between the dll and the
exe. I will have to double check the example.
I did find somewhat of a solution. I can call pcap_dump_ftell() to find the
position in the file on the dll side, then open the file up on the exe side
without using pcap and manually read the headers and data in the file. I
feel though that this is not the best way.
Is there something like a pcap_dump_fseek() that would let me go to the
beginning of the packet on the pcap side. If so that would be exactly what I
need.
Thanks,
Brian
On Fri, Jan 14, 2011 at 9:04 PM, Gianluca Varenni <
Gianluca.Varenni at riverbed.com> wrote:
> What you can do is open the file in your code with an fopen, and then use
> pcap_fopen_offline() (there is a trick in the code that makes everything
> work).
>
>
>
> There is a sample in the wpdpack that shows how to use it,
> WpdPack\Examples-remote\pcap_fopen.
>
>
>
> Have a nice day
>
> GV
>
>
>
> *From:* winpcap-users-bounces at winpcap.org [mailto:
> winpcap-users-bounces at winpcap.org] *On Behalf Of *Guy Harris
> *Sent:* Friday, January 14, 2011 5:33 PM
> *To:* winpcap-users at winpcap.org
> *Subject:* Re: [Winpcap-users] pcap file pointer
>
>
>
>
>
> On Jan 14, 2011, at 11:55 AM, Brian Panneton wrote:
>
>
>
> I am aware that pcap_file is deprecated, however I am in need of getting
> the actual file pointer to the beginning of each packet. Is there some other
> way to access this pointer?
>
>
>
> Unfortunately, no - there's no pcap_tell() call, for example, and something
> such as that would be needed (as the documentation indicates, pcap_file() is
> deprecated because there's no guarantee that its return value could be used,
> so the ftell() call would have to be done inside WinPcap).
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20110115/d907010f/attachment.html>
More information about the Winpcap-users
mailing list