diff --git a/CHANGES b/CHANGES
index 9c5e4f1a5e..4555d6f735 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+4.2.0-dev.286 | 2021-11-03 09:36:41 -0700
+
+  * GH-693: use pcap_dump_open_append where supported (Tim Wojtulewicz, Corelight)
+
 4.2.0-dev.284 | 2021-11-03 09:35:10 -0700
 
   * GH-1781: Add .git-blame-ignore-revs file (Tim Wojtulewicz, Corelight)
diff --git a/VERSION b/VERSION
index daa16e4435..0a5f1ce851 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-4.2.0-dev.284
+4.2.0-dev.286
diff --git a/cmake b/cmake
index 4d1990f0e4..f5f931637e 160000
--- a/cmake
+++ b/cmake
@@ -1 +1 @@
-Subproject commit 4d1990f0e4c273cf51ec52278add6ff256f9c889
+Subproject commit f5f931637eeabd92e672fa63fae4016a9cd547d7
diff --git a/src/iosource/pcap/Dumper.cc b/src/iosource/pcap/Dumper.cc
index 25aff8269e..3b46c5c15f 100644
--- a/src/iosource/pcap/Dumper.cc
+++ b/src/iosource/pcap/Dumper.cc
@@ -68,11 +68,15 @@ void PcapDumper::Open()
 
 	else
 		{
+#ifdef HAVE_PCAP_DUMP_OPEN_APPEND
+		dumper = pcap_dump_open_append(pd, props.path.c_str());
+#else
 		// Old file and we need to append, which, unfortunately,
 		// is not supported by libpcap. So, we have to hack a
-		// little bit, knowing that pcap_dumpter_t is, in fact,
+		// little bit, knowing that pcap_dumper_t is, in fact,
 		// a FILE ... :-(
 		dumper = (pcap_dumper_t*)fopen(props.path.c_str(), "a");
+#endif
 		if ( ! dumper )
 			{
 			Error(util::fmt("can't open dump %s: %s", props.path.c_str(), strerror(errno)));
diff --git a/testing/btest/bifs/dump_current_packet.zeek b/testing/btest/bifs/dump_current_packet.zeek
index ce177a1daf..712ffb0e4f 100644
--- a/testing/btest/bifs/dump_current_packet.zeek
+++ b/testing/btest/bifs/dump_current_packet.zeek
@@ -5,6 +5,10 @@
 # @TEST-EXEC: btest-diff 1.hex
 # @TEST-EXEC: btest-diff 2.hex
 
+# Run the same test a second time, which will try to write to an
+# existing file and shouldn't crash a sanitizer build.
+# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT
+
 # Note that the hex output will contain global pcap header information,
 # including Zeek's snaplen setting (so maybe check that out in the case
 # you are reading this message due to this test failing in the future).
diff --git a/zeek-config.h.in b/zeek-config.h.in
index 3c90bd5ceb..ff5edc8c8b 100644
--- a/zeek-config.h.in
+++ b/zeek-config.h.in
@@ -49,6 +49,9 @@
 /* Define if you have the <pcap-int.h> header file. */
 #cmakedefine HAVE_PCAP_INT_H
 
+/* Define if libpcap supports pcap_dump_open_append(). */
+#cmakedefine HAVE_PCAP_DUMP_OPEN_APPEND
+
 /* line editing & history powers */
 #cmakedefine HAVE_READLINE