[Winpcap-users] pcap file pointer

Gianluca Varenni Gianluca.Varenni at riverbed.com
Tue Jan 18 15:23:56 PST 2011

What are you trying to do? Are you trying to perform an fseek in the file (i.e. random access to a pcap file)?

Have a nice day

From: winpcap-users-bounces at winpcap.org [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Brian Panneton
Sent: Saturday, January 15, 2011 7:03 AM
To: winpcap-users at winpcap.org
Subject: Re: [Winpcap-users] pcap file pointer

Hmm, I did try to fopen in binary mode. It looks like when I call pcap_fopen_offline() that it is defined as pcap_hopen_offline(), if that is the trick you are speaking of. Later, I get the pointer from pcap_file() however the underlying sf.rfile pointer is different between the dll and the exe. I will have to double check the example.

I did find somewhat of a solution. I can call pcap_dump_ftell() to find the position in the file on the dll side, then open the file up on the exe side without using pcap and manually read the headers and data in the file. I feel though that this is not the best way.

Is there something like a pcap_dump_fseek() that would let me go to the beginning of the packet on the pcap side. If so that would be exactly what I need.

On Fri, Jan 14, 2011 at 9:04 PM, Gianluca Varenni <Gianluca.Varenni at riverbed.com<mailto:Gianluca.Varenni at riverbed.com>> wrote:
What you can do is open the file in your code with an fopen, and then use pcap_fopen_offline() (there is a trick in the code that makes everything work).

There is a sample in the wpdpack that shows  how to use it, WpdPack\Examples-remote\pcap_fopen.

Have a nice day

From: winpcap-users-bounces at winpcap.org<mailto:winpcap-users-bounces at winpcap.org> [mailto:winpcap-users-bounces at winpcap.org<mailto:winpcap-users-bounces at winpcap.org>] On Behalf Of Guy Harris
Sent: Friday, January 14, 2011 5:33 PM
To: winpcap-users at winpcap.org<mailto:winpcap-users at winpcap.org>
Subject: Re: [Winpcap-users] pcap file pointer

On Jan 14, 2011, at 11:55 AM, Brian Panneton wrote:

I am aware that pcap_file is deprecated, however I am in need of getting the actual file pointer to the beginning of each packet. Is there some other way to access this pointer?

Unfortunately, no - there's no pcap_tell() call, for example, and something such as that would be needed (as the documentation indicates, pcap_file() is deprecated because there's no guarantee that its return value could be used, so the ftell() call would have to be done inside WinPcap).

Winpcap-users mailing list
Winpcap-users at winpcap.org<mailto:Winpcap-users at winpcap.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20110118/c66ad3f9/attachment.html>

More information about the Winpcap-users mailing list