tcpdump mailing list archives
Re: Stopping packet capture on a libpcap descriptor
From: Guy Harris <guy () alum mit edu>
Date: Mon, 28 Nov 2011 12:49:46 -0800
On Nov 17, 2011, at 2:22 AM, Fernando Gont wrote:
Basically, I have a program that does this: 1. Captures and sends some packets 2. Does something else 3. Captures and sends some packets I'd like to use the same libpcap descriptor (pcap_t *) for both Step 1 and step 2 above, but I don't want want libpcap to continue capturing packets while the program is in step 3.
I assume in the last paragraph there you said "step 2" when you meant "step 3" ("for both step 1 and step *3* above") and *vice versa* ("while the program is in step 2").
Any ideas?
About the only thing I can suggest would be that, when step 2 starts, you set the capture filter to a small BPF program that just has a "ret 0" instruction, so that the filter rejects all packets, and then set the filter to something that captures the packets you want when step 3 starts. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Stopping packet capture on a libpcap descriptor Fernando Gont (Nov 27)
- Re: Stopping packet capture on a libpcap descriptor Guy Harris (Nov 29)
- Re: Stopping packet capture on a libpcap descriptor Fernando Gont (Nov 30)
- Re: Stopping packet capture on a libpcap descriptor Guy Harris (Nov 30)
- Re: Stopping packet capture on a libpcap descriptor Fernando Gont (Nov 30)
- Re: Stopping packet capture on a libpcap descriptor Guy Harris (Nov 29)