Comment by Guy Harris for You would have to structure the InputStream data so that it could be divided into packets. For example, if you're writing raw packet data to the stream, before each packet you would write a number giving the size of the packet, in bytes.Then, when reading the stream and writing a pcap file, you would read the number first, and then read that number of bytes of packet data. You would also have to ensure, in each iteration of the loop, the buffer would have to have exactly that number of bytes, so that dumper.dumpRaw knows how many bytes are in the packet.This probably means that you should allocate the packet buffer separately, for every packet, and allocate it so that it's exactly the size of the packet data.Without doing that, your code will NOT work.

> I changed my code to write to the file only the amount of data that has been read from the stream in that iteration, which I feel would be okay since only one packet is sent at a time. If you're reading from a TCP socket, there is *no* guarantee that a single read will read a single TCP segment received from the remote host. > Right now wireshark opens the capture without errors but everything appears as an ethernet frame. The `PcapNetworkInterface` you got from `Pcaps.getDevByAddress` is, on Linux, probably going to have "Ethernet" as its link-layer header type (that's the link-layer header type for the loopback interface on Linux). That's what you used to create the `PcapDumper`, so that's the link-layer header type it will have. > How does wireshark or libpcap decode the packet protocol when sniffing directly from the interface? The OS indicates what the link-layer header is, and libpcap gets that information from the OS and maps it to a `DLT_` value for that link-layer header type; that gets written to the file, which is how tcpdump/Wireshark/etc. determine it. How is the socket from which you're getting packets created? If it's a TCP socket, there probably *isn't* a link-layer header type that you can use to write the packets to a file.