Limit capture packet count

"-c count" will limit the number of capture packets. E.g.:

# tcpdump -c 1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s25, link-type EN10MB (Ethernet), capture size 262144 bytes
16:45:56.920115 IP archlinux.ssh > 10.218.200.25.59436: Flags [P.], seq 1560371666:1560371854, ack 3724900894, win 501, length 188
1 packet captured
4 packets received by filter
0 packets dropped by kernel

tcpdump exited after only capturing 1 packet. This feature is implemented by setting cnt argument of pcap_loop function:

......
case 'c':
    cnt = atoi(optarg);
    if (cnt <= 0)
        error("invalid packet count %s", optarg);
    break;
......
status = pcap_loop(pd, cnt, callback, pcap_userdata);
......

results matching ""

    No results matching ""