Limit capture packet count

-c count“ will limit the number of capture packets. E.g.: 

  1. # tcpdump -c 1
  2. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  3. listening on enp0s25, link-type EN10MB (Ethernet), capture size 262144 bytes
  4. 16:45:56.920115 IP archlinux.ssh > 10.218.200.25.59436: Flags [P.], seq 1560371666:1560371854, ack 3724900894, win 501, length 188
  5. 1 packet captured
  6. 4 packets received by filter
  7. 0 packets dropped by kernel

tcpdump exited after only capturing 1 packet. This feature is implemented by setting cnt argument of pcap_loop function: 

  1. ......
  2. case 'c':
  3.     cnt = atoi(optarg);
  4.     if (cnt <= 0)
  5.         error("invalid packet count %s", optarg);
  6.     break;
  7. ......
  8. status = pcap_loop(pd, cnt, callback, pcap_userdata);
  9. ......