All,
I've spent a fair part of the day looking at various PCAP libraries and before I commit to writing a PCAP writer I'd like to describe my scenario and solicit input.
I have a client that has asked that I provide a service that reads pcap files and writes the packets into their database of choice. The client then can query the database (datetime range) and the result should eventually be a pcap file containing the packets that matched that range criteria.
What I have found with the libraries so far is that the 'dumping', that is writing, of pcap seems to only be avaiable when associated with a specific capture device. This is not the case for my scenario.
I am using PCAP.NET to read the original pcap files and extract the packets. I store the packets into the database and then I can read the data out of the database and recreate the packets but I am not finding a way to write the results of the query into a pcap file.
The simplest case, consider a data structure of List of type Packet (so new to to actually writing to stack overflow that I don't know how to write List of T with the angle brackets not getting filtered) - do any of the available libraries support writing that structure to pcap?
Given that this does not appear to be a common scenario, I am wondering at the validity of the entire scenario. I should also point out that I have a grand total of two days of working with PCAP data, this was supposed to be a proof of concept application and therefore it is entirely possible that I am missing a piece of knowledge that makes this trivial.
Thank you for your valuable time and consideration and apologies in advance if my attempts with Google and even more time with Stack Overflow searching overlooked the obvious.
Chris
I believe that Pcap.Net's static method PacketDumpFile.Dump() gives you exactly what you need.