From 46886af1b25d943dac792714f6905a58b8256b21 Mon Sep 17 00:00:00 2001
From: Omar Santos <santosomar@gmail.com>
Date: Thu, 12 Jan 2023 13:40:14 -0500
Subject: [PATCH] Update another_scapy_sniffer_walkthrough.md

---
 .../another_scapy_sniffer_walkthrough.md       | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/programming_and_scripting_for_cybersecurity/recon_scripts/another_scapy_sniffer_walkthrough.md b/programming_and_scripting_for_cybersecurity/recon_scripts/another_scapy_sniffer_walkthrough.md
index c2d01c2..f81a5ed 100644
--- a/programming_and_scripting_for_cybersecurity/recon_scripts/another_scapy_sniffer_walkthrough.md
+++ b/programming_and_scripting_for_cybersecurity/recon_scripts/another_scapy_sniffer_walkthrough.md
@@ -21,3 +21,21 @@ sniff(prn=packet_callback, filter="tcp and host 10.1.1.2 and port 80", count=1)
 ```
 It's important to note that capturing packets may require root/admin permissions.
 
+## Saving to a pcap file
+
+Here is a modified version of the script that saves the captured packets to a pcap file:
+
+```
+from scapy.all import *
+
+# Define a callback function
+def packet_callback(packet):
+    print(packet.show())
+    wrpcap("captured_packets.pcap", packet, append=True)
+
+# Use the sniff() function to capture packets
+sniff(prn=packet_callback, filter="tcp", count=1)
+
+```
+
+This script uses the `wrpcap()` function from Scapy to save the captured packets to a `pcap` file named "captured_packets.pcap". The `append=True` argument is used to append the packets to the file instead of overwriting it.