Hi, my task is to analyze packets in pcap files , reconstruct tcp streams and save the streams to pcap files. My codes are here: 

my $fParse = "$dirCapture"."r.pcap";
# open an existing pcap file to analyze
my $pktParse = Net::Frame::Dump::Offline->new(file => $fParse, keepTim
+estamp => 1);
$pktParse->start;

my $count = 0;
while (my $h = $pktParse->next) {
  # get each packet in the file
  my $frmSimple = Net::Frame::Simple->new(
     raw        => $h->{raw},
     firstLayer => $h->{firstLayer},
     timestamp  => $h->{timestamp},
  );

  my $len = length($h->{raw});
  #-----------> until here $len is correct
  # write this packet to pcap file
  my $w = Net::Frame::Dump::Writer->new(
     file       => "$dirMerge"."rrr.pcap",
     firstLayer => 'ETH',
     overwrite  => 1); 
  $w->start;
  $w->write({ timestamp => $h->{'timestamp'}, raw => $h->{'raw'} });
  # --------> but after here, packet length in new writing file is not
+ correct, it's only 1500 bytes, while the correct one is 1514
  $w->stop;
  $count++;
}
$pktParse->stop;

[download]

My question is:

1. does Net::Frame::Dump::Writer has length restrict when writing a packet into pcap file? if so, can I change it?

2.Net::Frame::Dump::Writer has attributes of 'overwrite', it allows us to overwrite an existing file. but I want to write multiple packets into a pcap file at one time. But I failed when using this module, does anyone know how to make it?

In reply to what's wrong with my code with Net::Frame::Dump::Writer? by wildnature

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.