I have a C++ program that is able to generate pcap files. However, I would like to embed additional information in the recorded frames, and I understand that the newer format pcapng allows adding arbitrary comments to frames, which I would like to take advantage of. I also understand that libwiretap is able to generate pcapng files, but I find no reference, tutorials or examples. My needs are very simple: I just have to open a pcapng file, every now and then dump a packet into it and then close it in the end. Do you have any useful references on where to start?
Asked
Active
Viewed 1,098 times
1
Giovanni Mascellani
- 1,218
- 2
- 11
- 26
1 Answers
1
After some trial-and-error and reading header files, I came up with this test snippet:
#include <sys/time.h>
#include <string.h>
#include <wiretap/wtap.h>
int main() {
int err;
wtap_dumper *dumper = wtap_dump_open_ng("test.pcapng", WTAP_FILE_TYPE_SUBTYPE_PCAPNG, WTAP_ENCAP_ETHERNET, 65535, 1, NULL, NULL, NULL, &err);
char *packet = "helloworld";
char *err_info;
struct wtap_pkthdr header;
wtap_phdr_init(&header);
header.caplen = strlen(packet);
header.len = strlen(packet);
gettimeofday(&header.ts, NULL);
header.opt_comment = "how are you?";
wtap_dump(dumper, &header, packet, &err, &err_info);
wtap_phdr_cleanup(&header);
wtap_dump_close(dumper, &err);
return 0;
}
I don't think it is good code, but is just works for me (of course it generates invalid packets). Also, there is no error checking at the moment.
Compile with:
gcc -o test `pkg-config --cflags --libs wireshark` -lwiretap test.c
Giovanni Mascellani
- 1,218
- 2
- 11
- 26