@(#) $Header$ (LBL) If you have not built libpcap, do so first. See the README file in this directory for the ftp location. You will need an ANSI C compiler to build tcpdump. The configure script will abort if your compiler is not ANSI compliant. If this happens, use the GNU C compiler, available via anonymous ftp: ftp://prep.ai.mit.edu/pub/gnu/gcc.tar.gz After libpcap has been built (either install it with "make install" and "make install-incl" or make sure both the libpcap and tcpdump source trees are in the same directory), edit the BINDEST and MANDEST paths in Makefile.in and run ./configure (a shell script). "configure" will determine your system attributes and generate an appropriate Makefile from Makefile.in. Now build tcpdump by running "make". If everything builds ok, su and type "make install" (and optionally "make install-man). This will install tcpdump and the manual entry. By default, tcpdump is installed with group execute permissions. The group used depends on your os. In addition, BPF packet access is controlled by permissions to /dev/bpf0. In any case, DO NOT give untrusted users the capability of running tcpdump. Tcpdump can capture any traffic on your net, including passwords. Note that tcpdump is shipped with some systems, for example, DEC/OSF and BSD/386. Remember to remove or rename the installed binary when upgrading. If you use Linux, this version of libpcap is known to compile and run under Red Hat 4.0 with the 2.0.25 kernel. It may work with earlier 2.X versions but is guaranteed not to work with 1.X kernels. If you use OSF 4, note that that there appears to be some serious bugs with the stock C compiler. The configure code fragments that detect if the ether_header and ether_arp structs use the ether_addr struct generates warnings instead of fatal errors (?!?!) This makes configure think that the ether_arp struct is used when in fact it is not. To get around this, delete: -DETHER_HEADER_HAS_EA=1 -DETHER_ARP_HAS_EA=1 from the Makefile after running configure (and before attempting to compile tcpdump. Another workaround is to use gcc. If your system is not one which we have tested tcpdump on, you may have to modify the configure script and Makefile.in. Please send us patches for any modifications you need to make. However, we are not interested in ascii packet printer patches. We believe adding this feature would make it too easy for crackers who do not have the programming skills needed to write a password sniffer to grab clear text passwords. FILES ----- CHANGES - description of differences between releases FILES - list of files exported as part of the distribution INSTALL - this file Makefile.in - compilation rules (input to the configure script) README - description of distribution VERSION - version of this release aclocal.m4 - autoconf macros addrtoname.c - address to hostname routines addrtoname.h - address to hostname definitions appletalk.h - AppleTalk definitions atime.awk - TCP ack awk script bcopy.c - missing routine bootp.h - BOOTP definitions bpf_dump.c - bpf instruction pretty-printer routine config.guess - autoconf support config.sub - autoconf support configure - configure script (run this first) configure.in - configure script source decnet.h - DECnet definitions ethertype.h - ethernet definitions extract.h - alignment definitions fddi.h - Fiber Distributed Data Interface definitions gmt2local.c - time conversion routines gmt2local.h - time conversion prototypes igrp.h - Interior Gateway Routing Protocol definitions install-sh - BSD style install script interface.h - globals, prototypes and definitions ipx.h - IPX definitions lbl/gnuc.h - gcc macros and defines lbl/os-*.h - os dependent defines and prototypes linux-include/* - network include files missing on Linux llc.h - LLC definitions machdep.c - machine dependent routines machdep.h - machine dependent definitions makemib - mib to header script mib.h - mib definitions mkdep - construct Makefile dependency list netbios.h - NETBIOS definitions nfsfh.h - Network File System file handle definitions nfsv2.h - Network File System V2 definitions ntp.h - Network Time Protocol definitions ospf.h - Open Shortest Path First definitions packetdat.awk - TCP chunk summary awk script parsenfsfh.c - Network File System file parser routines ppp.h - Point to Point Protocol definitions print-arp.c - Address Resolution Protocol printer routines print-atalk.c - AppleTalk printer routines print-atm.c - atm printer routines print-bootp.c - BOOTP printer routines print-decnet.c - DECnet printer routines print-domain.c - Domain Name System printer routines print-egp.c - External Gateway Protocol printer routines print-ether.c - ethernet printer routines print-fddi.c - Fiber Distributed Data Interface printer routines print-gre.c - Generic Routing Encapsulation printer routines print-icmp.c - Internet Control Message Protocol printer routines print-igrp.c - Interior Gateway Routing Protocol printer routines print-ip.c - ip printer routines print-ipx.c - IPX printer routines print-isoclns.c - isoclns printer routines print-krb.c - Kerberos printer routines print-llc.c - llc printer routines print-netbios.c - netbios printer routines print-nfs.c - Network File System printer routines print-ntp.c - Network Time Protocol printer routines print-null.c - null printer routines print-ospf.c - Open Shortest Path First printer routines print-pim.c - Protocol Independent Multicast printer routines print-ppp.c - Point to Point Protocol printer routines print-raw.c - raw printer routines print-rip.c - Routing Information Protocol printer routines print-sl.c - Compressed Serial Line Internet Protocol printer routines print-snmp.c - Simple Network Management Protocol printer routines print-sunrpc.c - Sun Remote Procedure Call printer routines print-tcp.c - TCP printer routines print-tftp.c - Trivial File Transfer Protocol printer routines print-udp.c - UDP printer routines print-wb.c - white board printer routines savestr.c - savestr prototypes savestr.h - strdup() replacement send-ack.awk - unidirectional tcp send/ack awk script setsignal.c - os independent signal routines setsignal.h - os independent signal prototypes stime.awk - TCP send awk script strcasecmp.c - missing routine tcpdump.1 - manual entry tcpdump.c - main program util.c - utility routines vfprintf.c - emulation routine