Re: Stopping packet capture on a libpcap descriptor

[Guy Harris <guy () alum mit edu>]

On Nov 17, 2011, at 2:22 AM, Fernando Gont wrote:

> Basically, I have a program that does this:
>
> 1. Captures and sends some packets
> 2. Does something else
> 3. Captures and sends some packets
>
> I'd like to use the same libpcap descriptor (pcap_t *) for both Step 1
> and step 2 above, but I don't want want libpcap to continue capturing
> packets while the program is in step 3.

I assume in the last paragraph there you said "step 2" when you meant "step 3" ("for both step 1 and step *3* above") 
and *vice versa* ("while the program is in step 2").

> Any ideas?

About the only thing I can suggest would be that, when step 2 starts, you set the capture filter to a small BPF program 
that just has a "ret 0" instruction, so that the filter rejects all packets, and then set the filter to something that 
captures the packets you want when step 3 starts.

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.