Guy Harris <guy@...> writes:
>
>
> However, if you convert pcap-ng to pcap with the command
>
> tcpdump -r file.pcapng -w file.pcap
>
> on a system with libpcap 1.1.0 or later, the APIs used are
>
> pcap_open_offline(), to open the input file;
>
> pcap_loop(), to read the packets;
>
> pcap_close(), to close the input file;
>
> pcap_dump_open(), to open the output file;
>
> pcap_dump(), to write to the output file;
>
> pcap_dump_close(), to close the output file.
>
Thank you for the prompt response.
If you could tolerate a couple more newbie questions.....
I'm assuming that the meat of the .pcapng to .pcap conversion is done in the
pcap_handler callback for pcap_offline_read(). Is this correct ?
If so, how/where does the callback function for pcap_offline_read() get pre-
assigned?
Much appreciated for your time in this matter.
Cheers,
Albert
