How to save Ethernet frames in pcap format

Question

I am writing an application that listens to a network interface, picks some frames, edits them and then saves them to disk. Very similar to tshark and tcpdump.

My code is written in C++

However, I want to save my packets in pcap format and I cannot find a C/C++ library that accepts Ethernet frames (in memory) and saves them to .pcap file.

• Note: For the meanwhile I use hexdump and text2pcap but that's unacceptable in production

Solution Update:

#include <pcap.h>

pcap_t* p = pcap_open_dead(DLT_EN10MB, 65535);
const std::string pcap_file_name = getPcapName();
pcap_dumper_t* dumper = pcap_dump_open(p, pcap_file_name.c_str());

pcap_pkthdr h;
h.caplen = packet_len;
h.len = packet_len;

pcap_dump((u_char*)dumper, &h, packet);

pcap_dump_close(dumper);
pcap_close(p);

Answer 1

Why can't you use WinPcap / libpcap directly in C++ code? Those are C libs so you should be able to link them.

Use libpcap under unix or winpcap under windoze.