If you need to capture use Net::Pcap.
If you do not need to capture you might want it to craft the file yourself:
the file has a header like
$header = pack("NnnNNNN",0xa1b2c3d4,2,4,0,0,102400,$dlt);
followed by the packets:
$packet = $pkt = (pack "NNNN*", $sec, $usec, length $payload,
length $payload,$payload)
struct pcap_hdr {
unsigned long magic; /* magic */
unsigned short version_major; /* major version number */
unsigned short version_minor; /* minor version number */
unsigned long thiszone; /* GMT to local correction */
unsigned long sigfigs; /* accuracy of timestamps */
unsigned long snaplen; /* max length of captured packets, in octets */
unsigned long network; /* data link type */
};
struct pcaprec_hdr {
long ts_sec; /* timestamp seconds */
unsigned long ts_usec; /* timestamp microseconds */
unsigned long incl_len; /* number of octets of packet saved in file */
unsigned long orig_len; /* actual length of packet */
};
On 7/5/05, stefano bianchi <stefano.bianchi@xxxxxxxxxxxx> wrote:
> Hi guru,
>
> There are some docs about the format of the libpcap file, as i want to read
> them with a perl script ?
>
> Thanks in advance
>
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan