Request for feedback on terminating tcpdump capture after specified time

[Greg Steinbrecher <grs () fb com>]

The actual PR needs some cleanup/rebasing, but before doing that it was pointed out that soliciting feedback would be a 
good idea. PR here: https://github.com/the-tcpdump-group/tcpdump/pull/684


Motivation on our end was termination of captures after short periods of time -- say, grabbing 50ms of packets -- on 
high rate interfaces. The OS doesn't have enough insight into when the capture actually starts to get enough 
granularity in termination. The implementation here measures using the packet timestamps, starting with the first 
packet seen.


This feature was also requested here: https://github.com/the-tcpdump-group/tcpdump/issues/338


Thanks/Greg

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers