Capture packets in immediate mode

--immediate-mode“ option is used to make packets are delivered to tcpdump immediately once they arrive, rather than being buffered for efficiency. This is the default behavior when printing dissected packets to the standard output and the standard output is a terminal (code is here):

  1. ......
  2. #ifdef HAVE_PCAP_SET_IMMEDIATE_MODE
  3. /*
  4. * If we're printing dissected packets to the standard output
  5. * and the standard output is a terminal, use immediate mode,
  6. * as the user's probably expecting to see packets pop up
  7. * immediately.
  8. *
  9. * XXX - set the timeout to a lower value, instead? If so,
  10. * what value would be appropriate?
  11. */
  12. if ((WFileName == NULL || print) && isatty(1))
  13. immediate_mode = 1;
  14. #endif
  15. ......

pcap_set_immediate_mode API is used to set immediate mode.