Daniel Lawson wrote: > >>option 2: > >>You want to filter out specific traffic before storing a capture to disk. > > > >option 2 is closer to what I want, but it's not what I want. > >I want to remove specific traffic WHILE storing a capture to disk. > > Ok, that makes more sense then. I also guess you don't know ahead of > time what traffic you wish to exclude?
That's what I mean. > ie, you wish to dynamically, as the capture is running, specify filters > that will limit which traffic is being written to disk? I want to specify filters to limit which traffic is being written to disk, but what I really want is to select packets and remove them from the capture, while capturing, so also previous packets don't take space on disk. > If you do know ahead of time some rules that you will apply to the > traffic to determine what you are going to keep or discard, it's fairly > trivial to write a program that uses libpcap directly, and set up your > own BPF filters within it. But as I said I'd like to remove already captured packets from disk while the capture is running. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
