As far as triggers go a while ago I checked in trigcap.c. It's an experiment I wrote that works with capture filters as start/stop triggers, I have not added it to the build process because I do not know if it works on anything other than my mac. it should not be difficult to mimic its mechanics in dumpcap.
it pcap_open_live()s a listener and a capturer (if a filter is given ) it then enters a loop pcap_dispatch()ing a listener_handler and a capturer_handler the listener_handler sets a "recording" flag when it matches the start filter and sets a leave flag to end the loop when the stop filter is matched the capturer_handler dumps every frame it receives (after filter) if the recording flag is set. trigcap -w outfile -b begin -e end [-f capture] [-i iface] [-s snaplen] [-p] [-q] [-d [-d [-d [-d]]]] -w output file -b filter to start capturing -e filter to stop capturing -f capture filter -p promiscuous mode -s snapshot length -q quie -d increase deug level -h prints this message _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
