Hi
I am trying to pipe data from a tool that generates output in pcap format
into tools which read pcap input using WinPcap (such as WinDump). This
apparently fails consistently, even though redirecting the output of the
first tool into a file and then reading that intermediate file into the
second tool works fine. As an example, a command like this:
generator | windump -r - -w test2.pcap
Results in an error message like this:
windump: pcap_loop: truncated dump file
Whereas a sequence of commands like this works fine:
generator >test1.pcap
windump -r test1.pcap -w test2.pcap
A colleague of mine looked at the WinPcap source code, however, and we think
the reason that it is failing is as under. He had fixed a similar problem
with some other tool.
Looking at pcap_open_offline()
(http://winpcap.polito.it/docs/man/html/savefile_8c-source.html#l00387), it
seems that when the input file is specified as stdin, no attempt is made to
put the file handle into binary mode, while that is done when a regular file
is opened. This can be addressed by using the setmode() function (at least
with Microsoft compilers). You can find some additional info on this on
these pages:
http://www.cs.toronto.edu/~cosmin/TA/prog/sysconf/
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vccore98/HT
ML/_crt__setmode.asp
It would certainly be nice if this problem could get fixed soon.
REPRODUCING the problem:
try
i) windump -w - | windump -r -
ii) windump -r - <file.cap
I would really appreciate if this could be fixed soon.
Thanks
Animesh Chaturvedi
==================================================================
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/[email protected]/
To unsubscribe use
mailto: [EMAIL PROTECTED]
==================================================================
