As far as triggers go a while ago I checked in trigcap.c.
It's an experiment I wrote that works with capture filters as
start/stop triggers, I have not added it to the build process because
I do not know if it works on anything other than my mac.
it should not be difficult to mimic its mechanics in dumpcap.
it pcap_open_live()s a listener and a capturer (if a filter is given )
it then enters a loop pcap_dispatch()ing a listener_handler and a
capturer_handler
the listener_handler sets a "recording" flag when it matches the start
filter and sets a leave flag to end the loop when the stop filter is
matched
the capturer_handler dumps every frame it receives (after filter) if
the recording flag is set.
trigcap -w outfile -b begin -e end [-f capture] [-i iface] [-s
snaplen] [-p] [-q] [-d [-d [-d [-d]]]]
-w output file
-b filter to start capturing
-e filter to stop capturing
-f capture filter
-p promiscuous mode
-s snapshot length
-q quie
-d increase deug level
-h prints this message