pcap_dump_open(3PCAP) man page
This man page documents libpcap version 1.9.1 (see also: git master branch, 1.10.4, 1.10.2, 1.10.1, 1.10.0, 1.8.1, 1.7.4, 1.6.2, 1.5.3).
Your system may have a different version installed, possibly with some local modifications. To achieve the best results, please make sure this version of this man page suits your needs. If necessary, try to look for a different version on this web site or in the man pages available in your installation.NAME
SYNOPSIS
#include <pcap/pcap.h> pcap_dumper_t *pcap_dump_open(pcap_t *p, const char *fname); pcap_dumper_t *pcap_dump_open_append(pcap_t *p, const char *fname); pcap_dumper_t *pcap_dump_fopen(pcap_t *p, FILE *fp);
DESCRIPTION
pcap_dump_fopen() is called to write data to an existing open stream fp; this stream will be closed by a subsequent call to pcap_dump_close(3PCAP). Note that on Windows, that stream should be opened in binary mode.
p is a capture or ``savefile'' handle returned by an earlier call to pcap_create(3PCAP) and activated by an earlier call to pcap_activate(3PCAP), or returned by an earlier call to pcap_open_offline(3PCAP), pcap_open_live(3PCAP), or pcap_open_dead(3PCAP). The time stamp precision, link-layer type, and snapshot length from p are used as the link-layer type and snapshot length of the output file.
pcap_dump_open_append() is like pcap_dump_open() but does not create the file if it does not exist and, if it does already exist, and is a pcap file with the same byte order as the host opening the file, and has the same time stamp precision, link-layer header type, and snapshot length as p, it will write new packets at the end of the file.
RETURN VALUES
BACKWARD COMPATIBILITY
The pcap_dump_open_append() function became available in libpcap release 1.7.2. In previous releases, there is no support for appending packets to an existing savefile.