Re: using a database to store packets

[MAURICIOMANENTS <MAURICIOMANENTS () terra es>]

Daniel Lawson wrote:
> > > option 2:
> > > You want to filter out specific traffic before storing a capture to disk.
> >
> > option 2 is closer to what I want, but it's not what I want.
> > I want to remove specific traffic WHILE storing a capture to disk.
>
> Ok, that makes more sense then. I also guess you don't know ahead of 
> time what traffic you wish to exclude?

That's what I mean.

> ie, you wish to dynamically, as the capture is running, specify filters 
> that will limit which traffic is being written to disk?

I want to specify filters to limit which traffic is being written to
disk, but what I really want is to select packets and remove them from
the capture, while capturing, so also previous packets don't take space
on disk.

> If you do know ahead of time some rules that you will apply to the 
> traffic to determine what you are going to keep or discard, it's fairly 
> trivial to write a program that uses libpcap directly, and set up your 
> own BPF filters within it.

But as I said I'd like to remove already captured packets from disk
while the capture is running.


-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.