PCAP 库功能(写入新的 PCAP 文件) [英] PCAP Library Capabilities (writing new PCAP files)

问题描述

我被卡住了.

我使用 PCAP.NET 读取 .PCAP 文件并将数据包写入数据库.现在我可以查询数据库并取回与约束匹配的数据包.我需要一种将结果写入新的 .PCAP 文件的方法.

I have used PCAP.NET to read .PCAP files and write the packets into a database. Now I can query the database and get packets back that match the constraints. I need a way to write the results to a new .PCAP file.

问题是，据我所知，生成新 PCAP 文件的唯一方法是通过 DumpFile，它只能通过本身绑定到 PacketDevice 的 PacketCommunicator 进行初始化.

The problem is that, as far as I can tell, the only way to generate a new PCAP file is via the DumpFile which can only be initialized via a PacketCommunicator that is itself tied to a PacketDevice.

可以在这里看到一个例子:http://pcapdotnet.codeplex.com/wikipage?title=Pcap.Net%20Tutorial%20-%20Handling%20offline%20dump%20files&referringTitle=Pcap.Net%20User%20指南

an example can be seen here: http://pcapdotnet.codeplex.com/wikipage?title=Pcap.Net%20Tutorial%20-%20Handling%20offline%20dump%20files&referringTitle=Pcap.Net%20User%20Guide

很好，但在这种情况下我没有设备.

Well and good, but in this scenario I don't have a device.

我应该为此目的推出自己的 PCAP 编写器吗?

Should I roll my own PCAP writer just for this purpose?

我是否遗漏了一些明显的东西?

Have I missed something obvious?

如何将这些数据包放入新的 PCAP 文件中?

How can I get these packets into a new PCAP file?

我确信我忽略了一些简单的事情...... PCAP 对我来说是一个新领域，我感觉很不舒服.工作中的 Unix 人员表明，winpcap 和 pcap.net 所基于的 libpcap 提供了直接写入 pcap 文件的能力.该功能未在库中公开吗?

I am convinced that I have overlooked something simple... PCAP is new territory for me and I'm feeling very out of sorts. The Unix folks at work indicate that libpcap which winpcap and therefore pcap.net are based upon provides the ability to write directly to a pcap file. Is the functionality not exposed in the library?

非常感谢推荐.

谢谢，

克里斯

附言这是对我在此处提出的原始问题的修订:.NET 编写 PCAP 文件

P.S. This is a revision to my original question asked here: .NET writing PCAP files

推荐答案

在 Pcap.Net 用户指南，处理脱机转储文件"页面 有一个使用 PacketDumpFile 类写出转储文件的示例.我没有看到任何 Pcap.Net 参考手册；回答这个问题，用户阅读Pcap.Net源代码.

In the Pcap.Net User Guide, the "Handling offline dump files" page has an example using the PacketDumpFile class to write out a dump file. I'm not seeing any Pcap.Net reference manual; to answer this question, the user read the Pcap.Net source code.

这篇关于PCAP 库功能(写入新的 PCAP 文件)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！