pcap_dump file not opened by Wireshark

Question

I am trying to save the output of this file in libpcap format and although the file does get saved and the right data is written into it, Wireshark is unable to open it. Anyone see what I am missing here ? Thanks.

   // opening the device here to listen
   handle = pcap_open_live( dev, BUFSIZ, 1, 1000, errbuf );
   unsigned int dlt = DLT_EN10MB;
   pcap_set_datalink(handle,dlt );


  FILE *filename;
  filename = fopen("/workarea/capture","a+");

  pcap_dumper_t * dump = NULL;

 // opens the file
 dump = pcap_dump_open( handle, (const char *)filename );

 pcap_loop(handle,-1,my_callback,(unsigned char *)filename);

 return (0);
}


 void my_callback(u_char *dump,const struct pcap_pkthdr* pkthdr,const u_char *packet)
  {
    unsigned int i=0;
    pcap_dump(dump,pkthdr,packet);

  }

Answer 1

Your call to pcap_dump_open does not seem correct. It is passing a FILE* pointer but should be passing a file name. Use pcap_dump_fopen for a FILE pointer. Or continue using pcap_dump_open but simply pass the file name to it.