Daniel Lawson wrote: > >The problem with libpcap format is that I can't read the file in > >realtime, nor delete packets. > > What do you mean by 'delete packets'. Are you wanting to actually remove > packets off the wire, or just from an offline storage of your capture?
I want to remove packets from the capture in progress that's on the hard drive. > option 2: > > You want to filter out specific traffic before storing a capture to disk. option 2 is closer to what I want, but it's not what I want. I want to remove specific traffic WHILE storing a capture to disk. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
