<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2802" name=GENERATOR></HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Benjamin,</FONT></DIV>
<DIV><FONT face=Arial size=2>For both visualizing the packet and saving it to a
file, you should get every packet, first print on the screen and then save it to
a file (pretty obvious).</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>The above can be done using the </FONT><FONT
face=Arial size=2>following functions</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>pcap_next_ex - Use this function to get the next
available packet (the example "basic_dump_ex" shows how to use this
function )</FONT></DIV>
<DIV><FONT face=Arial size=2><FONT size=2>
<P>pcap_dump - for saving the packet to the disk</P>
<P>You can find information regarding winpcap API at winpcap's site</P>
<P>(<A
href="http://www.winpcap.org/docs/docs31/html/group__wpcapfunc.html">http://www.winpcap.org/docs/docs31/html/group__wpcapfunc.html</A>)</P>
<P> </P>
<P></FONT></FONT> </P></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=benjamin.amaudric@hotmail.fr
href="mailto:benjamin.amaudric@hotmail.fr">Benjamin Amaudric</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=sunil.vajir@cacetech.com
href="mailto:sunil.vajir@cacetech.com">sunil.vajir@cacetech.com</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Thursday, March 30, 2006 5:49
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Winpcap-users] Problem with
tutorial SAVEDUMP.EXE</DIV>
<DIV><BR></DIV>
<DIV>
<P><BR><BR></P>
<DIV>
<P>Thanks you very much for your explications.</P>
<P>I can now capture packets and save them in a "filename.cap" and after I can
read theses packets with "readfile_ex.exe".</P>
<P>But I try to do in the same time, the capture with the visualisation on the
screen and the save in a "filename.cap". Is it possible?<BR><BR>When I just do
the capture and visualisation I start the capture with<EM><STRONG>
pcap_loop(adhandle, 0, packet_handler, NULL); </STRONG></EM>and when I capture
to a "filename.cap" I start the capture with <STRONG><EM>pcap_loop(adhandle,
0, packet_handler, (unsigned char *)dumpfile);</EM></STRONG></P>
<P>It's possible to make twice in the same time?</P>
<P>Thanks you very much</P>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #a0c6e5 2px solid; MARGIN-RIGHT: 0px"><FONT
style="FONT-SIZE: 11px; FONT-FAMILY: tahoma,sans-serif">
<HR color=#a0c6e5 SIZE=1>
From: <I>"Sunil Vajir" <sunil.vajir@cacetech.com></I><BR>Reply-To:
<I>winpcap-users@winpcap.org</I><BR>To:
<I><winpcap-users@winpcap.org></I><BR>Subject: <I>Re: [Winpcap-users]
Problem with tutorial SAVEDUMP.EXE</I><BR>Date: <I>Thu, 23 Mar 2006 08:32:07
-0800</I><BR><BR>
<META content="Microsoft SafeHTML" name=Generator>
<STYLE></STYLE>
<DIV><FONT face=Arial size=2>Benjamin,</FONT></DIV>
<DIV><FONT face=Arial size=2>The executable savedump.exe expects the user to
specify a "file name" where all the packets should be saved.</FONT></DIV>
<DIV><FONT face=Arial size=2>The easiest way would be to use the command
prompt, goto the debug directory (or the directory where savedump.exe is
sitting) and type</FONT></DIV>
<DIV><FONT face=Arial size=2>savedump.exe tempfile.cap</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Once you do that, it asks for the
interface that you want to capture the packets from, select the interface
and from that point all the packets coming from that interface will be saved
to tempfile.cap</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>The same thing is true for readfile_ex i.e. it
also expects the user to specify the file name.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>regards ... </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=benjamin.amaudric@hotmail.fr
href="mailto:benjamin.amaudric@hotmail.fr">Benjamin Amaudric</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Thursday, March 23, 2006 4:25
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [Winpcap-users] Problem with
tutorial SAVEDUMP.EXE</DIV>
<DIV><BR></DIV>
<DIV>
<DIV class=RTE>Hi,</DIV>
<DIV class=RTE> </DIV>
<DIV class=RTE>I don't understand the result when I execute the program of
<STRONG><EM>savedump.dsw</EM></STRONG>. The build is ok and I have the
folowing result: <EM><STRONG>.....Savedump.exe filename Press any
key to continue </STRONG></EM></DIV>
<DIV class=RTE> </DIV>
<DIV class=RTE>In which file my capture is save?</DIV>
<DIV class=RTE> </DIV>
<DIV class=RTE>I try to compile
<STRONG><EM>readfile_ex.dsw</EM></STRONG> but I have the same
result!!!</DIV>
<DIV class=RTE> </DIV>
<DIV class=RTE>Can you explain me How can I save Capture and How can I
read the packet from a DumpFile</DIV>
<DIV class=RTE> </DIV>
<DIV class=RTE>Thanks</DIV></DIV><BR clear=all>
<HR>
Retrouvez tout en un clin d'oeil <A
href="http://g.msn.com/8HMBFRFR/2743??PS=47575">avec Windows Desktop
Search !</A>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE><BR>
<P>>_______________________________________________<BR>>Winpcap-users
mailing
list<BR>>Winpcap-users@winpcap.org<BR>>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR>
<P></FONT></P></BLOCKQUOTE></DIV></DIV><BR clear=all>
<HR>
MSN Messenger <A href="http://g.msn.com/8HMBFRFR/2755??PS=47575" target=_top>:
dialoguez gratuitement de PC à PC !</A> </BLOCKQUOTE></BODY></HTML>