Answer by Guy Harris for I'm trying to build a transparent proxy in Java with the ability to record data that passed through to be viewed later in wireshark.I was able to get the proxy working correctly with this snippet private static final int BUFFER_SIZE = 8192; ... public void run() { PcapHandle handle = null; PcapDumper dumper; try { InetAddress addr = InetAddress.getByName("localhost"); PcapNetworkInterface nif = Pcaps.getDevByAddress(addr); int snapLen = 65536; PcapNetworkInterface.PromiscuousMode mode = PcapNetworkInterface.PromiscuousMode.PROMISCUOUS; int timeout = 10; handle = nif.openLive(snapLen, mode, timeout); dumper = handle.dumpOpen("cap.pcap"); byte[] buffer = new byte[BUFFER_SIZE]; try { while (true) { int bytesRead = mInputStream.read(buffer); if (bytesRead == -1) break; // End of stream is reached --> exit mOutputStream.write(buffer, 0, bytesRead); dumper.dumpRaw(Arrays.copyOfRange(buffer, 0, bytesRead)); mOutputStream.flush(); } } catch (IOException e) { // Read/write failed --> connection is broken } dumper.close(); } catch (PcapNativeException e) { e.printStackTrace(); } catch (UnknownHostException e) { e.printStackTrace(); } catch (NotOpenException e) { e.printStackTrace(); } } As you may notice I'm using Pcap4J to store raw bytes into a pcap file. The saving of the bytes works well but when I try to open it on wireshark it shows this message:ErrorAnd every packet shows as malformed. Ideally I would be seeing TCP and CQL (Cassandra) packets.Can anyone tell me what I'm doing wrong here?

You would have to structure the InputStream data so that it could be divided into packets. For example, if you're writing raw packet data to the stream, before each packet you would write a number giving the size of the packet, in bytes. Then, when *reading* the stream and writing a pcap file, you would read the number first, and then read that number of bytes of packet data. You would also have to ensure, in each iteration of the loop, the `buffer` would have to have exactly that number of bytes, so that `dumper.dumpRaw` knows how many bytes are in the packet. This probably means that you should allocate the packet buffer separately, for every packet, and allocate it so that it's *exactly* the size of the packet data. Without doing that, your code will ***NOT*** work.