-----BEGIN PGP SIGNED MESSAGE-----
I added the -P flag, which takes a positive number, and has tcpdump exit after capturing that many packets. It can be combined with the -C flag, but it doesn't cause it to cycle after that many packets, rather the two work independantly. I found I wanted this to help me with some automated tests. Index: netdissect.h =================================================================== RCS file: /tcpdump/master/tcpdump/netdissect.h,v retrieving revision 1.16 diff -u -r1.16 netdissect.h - --- netdissect.h 7 Apr 2005 00:28:17 -0000 1.16 +++ netdissect.h 4 Jun 2005 16:52:01 -0000 @@ -106,6 +106,7 @@ int ndo_Cflag; /* rotate dump files after this many bytes */ int ndo_Cflag_count; /* Keep track of which file number we're writing */ + unsigned int ndo_Pflag; /* exit after capturing this many packets */ int ndo_Wflag; /* recycle output files after this number of files */ int ndo_WflagChars; const char *ndo_dltname; Index: tcpdump.1 =================================================================== RCS file: /tcpdump/master/tcpdump/tcpdump.1,v retrieving revision 1.167 diff -u -r1.167 tcpdump.1 - --- tcpdump.1 28 Dec 2004 22:31:25 -0000 1.167 +++ tcpdump.1 4 Jun 2005 16:52:01 -0000 @@ -40,6 +40,9 @@ .B \-C .I file_size ] [ +.B \-P +.I packet_limit +] [ .B \-F .I file ] @@ -256,6 +259,10 @@ currently larger than \fIfile_size\fP and, if so, close the current savefile and open a new one. Savefiles after the first savefile will have the name specified with the +.TP +.B \-P +exit tcpdump after \fIpacket_limit\fP packets have been captured. +.TP .B \-w flag, with a number after it, starting at 1 and continuing upward. The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes, @@ -416,6 +423,9 @@ mode for some other reason; hence, `-p' cannot be used as an abbreviation for `ether host {local-hw-addr} or ether broadcast'. .TP +.B \-P +exit tcpdump after \fIpacket_limit\fP packets have been captured. +.TP .B \-q Quick (quiet?) output. Print less protocol information so output Index: tcpdump.c =================================================================== RCS file: /tcpdump/master/tcpdump/tcpdump.c,v retrieving revision 1.253 diff -u -r1.253 tcpdump.c - --- tcpdump.c 27 Jan 2005 18:30:36 -0000 1.253 +++ tcpdump.c 4 Jun 2005 16:52:01 -0000 @@ -496,6 +496,16 @@ error("invalid file size %s", optarg); break; + case 'P': + { + int packet_limit = atoi(optarg); + if(packet_limit <= 0) + error("invalid packet count %s", optarg); + + gndo->ndo_Pflag = packet_limit; + break; + } + case 'd': ++dflag; break; @@ -1041,8 +1051,12 @@ */ info(1); } + if (status == -2 && gndo->ndo_Pflag>0) { + (void)fprintf(stderr, "%s: terminated with fewer than %d packets: %s\n", + program_name, gndo->ndo_Pflag, pcap_geterr(pd)); + } pcap_close(pd); - - exit(status == -1 ? 1 : 0); + exit(status < 0 ? 1 : 0); } /* make a clean exit on interrupts */ @@ -1162,11 +1176,18 @@ --infodelay; if (infoprint) info(0); + + if(gndo->ndo_Pflag > 0 && packets_captured > gndo->ndo_Pflag) { + pcap_breakloop(dump_info->pd); + } } static void dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) { + struct dump_info *dump_info; + dump_info = (struct dump_info *)user; + ++packets_captured; ++infodelay; @@ -1180,6 +1201,10 @@ --infodelay; if (infoprint) info(0); + + if(gndo->ndo_Pflag > 0 && packets_captured > gndo->ndo_Pflag) { + pcap_breakloop(dump_info->pd); + } } static void -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQqHZ/YqHRg3pndX9AQEIyAQArNajMP2mMiytc45I4g3Do3D5qtd3kHuB al97Hng4+uifV7GLnfwJqfDdKvU1GdhHaMFUFFtu+xCAFjKOMx2cVJp0CEC78pm9 SjFosP1N69NPbWkDUPjmb2cnf/K2DbeeFNSfNBis0b++LnJwetCPxDijgsM2g+r6 tct/5xH2eTc= =mAQZ -----END PGP SIGNATURE----- - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.