Buffered packet

[robsontenorio]

Is there any way to make the event on('packet') buffered?

Some times a packet should be buffered before returning the full payload.

[mscdex]

There is no knowledge of application-level protocols at the packet capturing level, so you have to be prepared to buffer as needed. For TCP it's just a stream of bytes, so it's especially difficult to know when there is a "full payload."

[robsontenorio]

This question is based on a very known lib https://linux.die.net/man/8/ngrep

Some parameters(-l combined with -W) allow us to buff "stdout" in order to avoid "line by line" packet output. Its more like packet display format.

Any chance to achieve that ?

[mscdex]

I still don't understand what you're after. libpcap is already buffering up packets. Those are being delivered via the 'packet' event. ngrep's buffering of stdout has nothing to do with the packets being captured, it's merely describing how the data is delivered via local stdio.