tcpdump_3_5rel2/./ 40755 263 461 0 7133256477 12537 5ustar mcrtcpdumptcpdump_3_5rel2/./CVS/ 40755 263 461 0 7133256506 13163 5ustar mcrtcpdumptcpdump_3_5rel2/./CVS/Root100644 263 461 61 7133256341 14060 0ustar mcrtcpdump:pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master tcpdump_3_5rel2/./CVS/Repository100644 263 461 10 7133256341 15306 0ustar mcrtcpdumptcpdump tcpdump_3_5rel2/./CVS/Entries100644 263 461 17154 7133256506 14644 0ustar mcrtcpdump/.cvsignore/1.2/Sun Nov 21 09:36:43 1999//Ttcpdump_3_5rel2 /CHANGES/1.63.2.1/Thu Jan 27 23:18:19 2000//Ttcpdump_3_5rel2 /FILES/1.1.1.1/Thu Oct 7 23:47:09 1999//Ttcpdump_3_5rel2 /INSTALL/1.36.1.1.2.3/Sun Jan 30 17:29:29 2000//Ttcpdump_3_5rel2 /Makefile.in/1.219/Wed Dec 22 15:44:09 1999//Ttcpdump_3_5rel2 /README/1.54.1.1.2.2/Thu Jul 13 05:53:46 2000//Ttcpdump_3_5rel2 /VERSION/1.1.1.1.2.1/Sun Jan 30 00:10:41 2000//Ttcpdump_3_5rel2 /acconfig.h/1.2.2.1/Tue Jan 25 18:39:02 2000//Ttcpdump_3_5rel2 /aclocal.m4/1.67.2.1/Tue Jan 25 18:39:02 2000//Ttcpdump_3_5rel2 /addrtoname.c/1.64.2.1/Sun Feb 6 11:00:20 2000//Ttcpdump_3_5rel2 /addrtoname.h/1.16/Sat Oct 30 05:11:07 1999//Ttcpdump_3_5rel2 /appletalk.h/1.12.1.1/Thu Oct 7 23:47:09 1999//Ttcpdump_3_5rel2 /atime.awk/1.1.1.1/Thu Oct 7 23:47:09 1999//Ttcpdump_3_5rel2 /bootp.h/1.8/Sun Oct 17 23:35:46 1999//Ttcpdump_3_5rel2 /bpf_dump.c/1.10/Sun Nov 21 09:36:44 1999//Ttcpdump_3_5rel2 /config.guess/1.1.1.1/Thu Oct 7 23:47:09 1999//Ttcpdump_3_5rel2 /config.h.in/1.3.2.1/Tue Jan 25 18:39:34 2000//Ttcpdump_3_5rel2 /config.sub/1.1.1.1/Thu Oct 7 23:47:10 1999//Ttcpdump_3_5rel2 /configure/1.12.2.3/Tue Jan 25 18:39:34 2000//Ttcpdump_3_5rel2 /configure.in/1.87.2.4/Tue Jan 25 18:39:02 2000//Ttcpdump_3_5rel2 /decnet.h/1.6.1.1/Thu Oct 7 23:47:10 1999//Ttcpdump_3_5rel2 /dhcp6.h/1.1/Sat Oct 30 05:11:08 1999//Ttcpdump_3_5rel2 /dhcp6opt.h/1.1/Sat Oct 30 05:11:08 1999//Ttcpdump_3_5rel2 /ethertype.h/1.7.2.1/Sat Jan 29 22:00:12 2000//Ttcpdump_3_5rel2 /extract.h/1.15.1.1/Thu Oct 7 23:47:10 1999//Ttcpdump_3_5rel2 /fddi.h/1.8.1.1/Thu Oct 7 23:47:10 1999//Ttcpdump_3_5rel2 /gmt2local.c/1.3/Sun Nov 21 09:36:47 1999//Ttcpdump_3_5rel2 /gmt2local.h/1.2.1.1/Thu Oct 7 23:47:10 1999//Ttcpdump_3_5rel2 /igrp.h/1.2/Wed Nov 17 04:14:50 1999//Ttcpdump_3_5rel2 /install-sh/1.1.1.1/Thu Oct 7 23:47:10 1999//Ttcpdump_3_5rel2 /interface.h/1.118/Wed Dec 22 15:44:09 1999//Ttcpdump_3_5rel2 /ipsec_doi.h/1.1/Sat Oct 30 05:11:09 1999//Ttcpdump_3_5rel2 /ipx.h/1.1.1.1/Thu Oct 7 23:47:10 1999//Ttcpdump_3_5rel2 /isakmp.h/1.4.2.1/Fri Jan 14 19:19:56 2000//Ttcpdump_3_5rel2 /l2tp.h/1.1/Sat Oct 30 05:11:09 1999//Ttcpdump_3_5rel2 /lane.h/1.2/Sun Nov 21 16:35:11 1999//Ttcpdump_3_5rel2 /llc.h/1.6.1.1/Thu Oct 7 23:47:10 1999//Ttcpdump_3_5rel2 /machdep.c/1.5/Sun Nov 21 09:36:47 1999//Ttcpdump_3_5rel2 /machdep.h/1.1.1.1/Thu Oct 7 23:47:10 1999//Ttcpdump_3_5rel2 /makemib/1.2/Sun Nov 21 17:24:15 1999//Ttcpdump_3_5rel2 /mib.h/1.2/Sun Oct 17 21:37:11 1999//Ttcpdump_3_5rel2 /mkdep/1.1.1.1/Thu Oct 7 23:47:10 1999//Ttcpdump_3_5rel2 /netbios.h/1.1.1.1/Thu Oct 7 23:47:10 1999//Ttcpdump_3_5rel2 /nfs.h/1.2/Sun Nov 21 16:32:55 1999//Ttcpdump_3_5rel2 /nfsfh.h/1.8/Wed Dec 15 06:49:05 1999//Ttcpdump_3_5rel2 /ntp.h/1.3.1.1/Thu Oct 7 23:47:11 1999//Ttcpdump_3_5rel2 /oakley.h/1.1/Sat Oct 30 05:11:10 1999//Ttcpdump_3_5rel2 /ospf.h/1.1.1.1/Thu Oct 7 23:47:11 1999//Ttcpdump_3_5rel2 /ospf6.h/1.1/Sat Oct 30 05:11:10 1999//Ttcpdump_3_5rel2 /packetdat.awk/1.1.1.1/Thu Oct 7 23:47:11 1999//Ttcpdump_3_5rel2 /parsenfsfh.c/1.16/Sun Nov 21 09:36:47 1999//Ttcpdump_3_5rel2 /ppp.h/1.8/Sun Nov 21 03:43:56 1999//Ttcpdump_3_5rel2 /print-ah.c/1.5/Wed Dec 15 08:10:17 1999//Ttcpdump_3_5rel2 /print-arp.c/1.44/Sun Nov 21 09:36:48 1999//Ttcpdump_3_5rel2 /print-ascii.c/1.2.2.2/Tue Jan 11 06:58:23 2000//Ttcpdump_3_5rel2 /print-atalk.c/1.51/Sun Nov 21 09:36:48 1999//Ttcpdump_3_5rel2 /print-atm.c/1.12/Sun Nov 21 09:36:48 1999//Ttcpdump_3_5rel2 /print-bgp.c/1.9.2.2/Tue Jan 25 18:32:53 2000//Ttcpdump_3_5rel2 /print-bootp.c/1.48/Sun Nov 21 09:36:49 1999//Ttcpdump_3_5rel2 /print-chdlc.c/1.2/Sun Nov 21 09:36:49 1999//Ttcpdump_3_5rel2 /print-cip.c/1.2/Sun Nov 21 09:36:49 1999//Ttcpdump_3_5rel2 /print-decnet.c/1.27/Sun Nov 21 09:36:50 1999//Ttcpdump_3_5rel2 /print-dhcp6.c/1.3/Wed Dec 22 06:27:20 1999//Ttcpdump_3_5rel2 /print-domain.c/1.42/Sun Nov 21 09:36:50 1999//Ttcpdump_3_5rel2 /print-dvmrp.c/1.17/Mon Nov 22 04:30:34 1999//Ttcpdump_3_5rel2 /print-egp.c/1.24/Sun Nov 21 09:36:51 1999//Ttcpdump_3_5rel2 /print-esp.c/1.5/Wed Dec 15 08:10:18 1999//Ttcpdump_3_5rel2 /print-ether.c/1.48/Sun Nov 21 09:36:51 1999//Ttcpdump_3_5rel2 /print-fddi.c/1.40/Tue Dec 14 16:49:02 1999//Ttcpdump_3_5rel2 /print-frag6.c/1.3.2.1/Tue Jan 11 06:58:24 2000//Ttcpdump_3_5rel2 /print-gre.c/1.6/Sun Nov 21 09:36:52 1999//Ttcpdump_3_5rel2 /print-icmp.c/1.43/Mon Nov 22 04:28:21 1999//Ttcpdump_3_5rel2 /print-icmp6.c/1.2.2.1/Tue Jan 11 06:58:24 2000//Ttcpdump_3_5rel2 /print-igrp.c/1.11/Sun Nov 21 09:36:53 1999//Ttcpdump_3_5rel2 /print-ip.c/1.79/Wed Dec 22 06:27:21 1999//Ttcpdump_3_5rel2 /print-ip6.c/1.2.2.1/Tue Jan 11 06:58:25 2000//Ttcpdump_3_5rel2 /print-ip6opts.c/1.2.2.1/Tue Jan 11 06:58:25 2000//Ttcpdump_3_5rel2 /print-ipcomp.c/1.2.2.2/Tue Jan 25 18:31:10 2000//Ttcpdump_3_5rel2 /print-ipx.c/1.22/Sun Nov 21 09:36:54 1999//Ttcpdump_3_5rel2 /print-isakmp.c/1.8.2.1/Fri Jan 14 19:19:56 2000//Ttcpdump_3_5rel2 /print-isoclns.c/1.16/Sun Nov 21 09:36:55 1999//Ttcpdump_3_5rel2 /print-krb.c/1.12/Sun Nov 21 09:36:55 1999//Ttcpdump_3_5rel2 /print-l2tp.c/1.6/Wed Dec 22 06:27:21 1999//Ttcpdump_3_5rel2 /print-lane.c/1.2/Sun Nov 21 09:36:56 1999//Ttcpdump_3_5rel2 /print-lcp.c/1.3/Wed Dec 15 07:55:42 1999//Ttcpdump_3_5rel2 /print-llc.c/1.27/Wed Dec 22 06:27:21 1999//Ttcpdump_3_5rel2 /print-mobile.c/1.2.2.1/Tue Jan 11 06:58:26 2000//Ttcpdump_3_5rel2 /print-netbios.c/1.13/Sun Nov 21 09:36:57 1999//Ttcpdump_3_5rel2 /print-nfs.c/1.69/Wed Dec 15 06:57:25 1999//Ttcpdump_3_5rel2 /print-ntp.c/1.27/Sun Nov 21 09:36:57 1999//Ttcpdump_3_5rel2 /print-null.c/1.30/Wed Dec 22 06:27:21 1999//Ttcpdump_3_5rel2 /print-ospf.c/1.27/Sun Nov 21 09:36:58 1999//Ttcpdump_3_5rel2 /print-ospf6.c/1.2/Sun Nov 21 09:36:58 1999//Ttcpdump_3_5rel2 /print-pim.c/1.15.2.1/Tue Jan 25 18:29:05 2000//Ttcpdump_3_5rel2 /print-ppp.c/1.33.2.1/Sat Jan 29 07:31:17 2000//Ttcpdump_3_5rel2 /print-pppoe.c/1.3/Wed Dec 15 00:23:06 1999//Ttcpdump_3_5rel2 /print-raw.c/1.25/Sun Nov 21 09:37:00 1999//Ttcpdump_3_5rel2 /print-rip.c/1.40/Mon Nov 22 04:24:28 1999//Ttcpdump_3_5rel2 /print-ripng.c/1.2.2.1/Tue Jan 11 06:58:26 2000//Ttcpdump_3_5rel2 /print-rt6.c/1.3.2.1/Tue Jan 11 06:58:26 2000//Ttcpdump_3_5rel2 /print-rx.c/1.5.2.1/Tue Jan 11 06:58:27 2000//Ttcpdump_3_5rel2 /print-sl.c/1.46/Sun Nov 21 12:38:24 1999//Ttcpdump_3_5rel2 /print-smb.c/1.3.2.1/Tue Jan 11 06:58:27 2000//Ttcpdump_3_5rel2 /print-snmp.c/1.39/Wed Dec 22 06:27:22 1999//Ttcpdump_3_5rel2 /print-sunrpc.c/1.29/Sun Nov 21 09:37:02 1999//Ttcpdump_3_5rel2 /print-tcp.c/1.63/Wed Dec 22 15:44:10 1999//Ttcpdump_3_5rel2 /print-telnet.c/1.2.2.2/Tue Jan 11 06:58:28 2000//Ttcpdump_3_5rel2 /print-tftp.c/1.31/Sun Nov 21 09:37:03 1999//Ttcpdump_3_5rel2 /print-udp.c/1.70/Wed Dec 22 06:27:23 1999//Ttcpdump_3_5rel2 /print-vjc.c/1.2.2.1/Tue Jan 11 06:58:28 2000//Ttcpdump_3_5rel2 /print-wb.c/1.25/Sun Nov 21 09:37:03 1999//Ttcpdump_3_5rel2 /route6d.h/1.1/Sat Oct 30 05:11:22 1999//Ttcpdump_3_5rel2 /rx.h/1.1/Wed Nov 17 05:45:58 1999//Ttcpdump_3_5rel2 /savestr.c/1.4/Sun Nov 21 09:37:04 1999//Ttcpdump_3_5rel2 /savestr.h/1.1.1.1/Thu Oct 7 23:47:12 1999//Ttcpdump_3_5rel2 /send-ack.awk/1.1.1.1/Thu Oct 7 23:47:12 1999//Ttcpdump_3_5rel2 /setsignal.c/1.5/Sun Nov 21 09:37:04 1999//Ttcpdump_3_5rel2 /setsignal.h/1.2.1.1/Thu Oct 7 23:47:13 1999//Ttcpdump_3_5rel2 /smb.h/1.2/Wed Dec 22 06:27:23 1999//Ttcpdump_3_5rel2 /smbutil.c/1.4.2.1/Tue Jan 11 06:58:28 2000//Ttcpdump_3_5rel2 /stime.awk/1.1.1.1/Thu Oct 7 23:47:13 1999//Ttcpdump_3_5rel2 /strcasecmp.c/1.2.2.2/Sun Jan 30 00:24:59 2000//Ttcpdump_3_5rel2 /tcpdump.1/1.72.2.3/Thu Jul 13 05:53:47 2000//Ttcpdump_3_5rel2 /tcpdump.c/1.138.2.1/Tue Jan 11 07:34:00 2000//Ttcpdump_3_5rel2 /util.c/1.62/Wed Dec 15 06:58:03 1999//Ttcpdump_3_5rel2 /vfprintf.c/1.3/Sun Nov 21 09:37:05 1999//Ttcpdump_3_5rel2 D/lbl//// D/linux-include//// D/missing//// tcpdump_3_5rel2/./CVS/Tag100644 263 461 21 7133256460 13646 0ustar mcrtcpdumpNtcpdump_3_5rel2 tcpdump_3_5rel2/./lbl/ 40755 263 461 0 7133256465 13305 5ustar mcrtcpdumptcpdump_3_5rel2/./lbl/CVS/ 40755 263 461 0 7133256465 13740 5ustar mcrtcpdumptcpdump_3_5rel2/./lbl/CVS/Root100644 263 461 61 7133256462 14635 0ustar mcrtcpdump:pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master tcpdump_3_5rel2/./lbl/CVS/Repository100644 263 461 14 7133256462 16067 0ustar mcrtcpdumptcpdump/lbl tcpdump_3_5rel2/./lbl/CVS/Entries100644 263 461 403 7133256464 15345 0ustar mcrtcpdump/gnuc.h/1.3.1.1/Thu Oct 7 23:47:13 1999//Ttcpdump_3_5rel2 /os-solaris2.h/1.18.1.1/Thu Oct 7 23:47:13 1999//Ttcpdump_3_5rel2 /os-sunos4.h/1.32.1.1/Thu Oct 7 23:47:13 1999//Ttcpdump_3_5rel2 /os-ultrix4.h/1.19.1.1/Thu Oct 7 23:47:13 1999//Ttcpdump_3_5rel2 D tcpdump_3_5rel2/./lbl/CVS/Tag100644 263 461 21 7133256464 14423 0ustar mcrtcpdumpNtcpdump_3_5rel2 tcpdump_3_5rel2/./lbl/os-sunos4.h100644 263 461 14175 6777230401 15450 0ustar mcrtcpdump/* * Copyright (c) 1989, 1990, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: /tcpdump/master/tcpdump/lbl/os-sunos4.h,v 1.32.1.1 1999/10/07 23:47:13 mcr Exp $ (LBL) */ /* Prototypes missing in SunOS 4 */ #ifdef FILE int _filbuf(FILE *); int _flsbuf(u_char, FILE *); int fclose(FILE *); int fflush(FILE *); int fgetc(FILE *); int fprintf(FILE *, const char *, ...); int fputc(int, FILE *); int fputs(const char *, FILE *); u_int fread(void *, u_int, u_int, FILE *); int fseek(FILE *, long, int); u_int fwrite(const void *, u_int, u_int, FILE *); int pclose(FILE *); void rewind(FILE *); void setbuf(FILE *, char *); int setlinebuf(FILE *); int ungetc(int, FILE *); int vfprintf(FILE *, const char *, ...); int vprintf(const char *, ...); #endif #if __GNUC__ <= 1 int read(int, char *, u_int); int write(int, char *, u_int); #endif long a64l(const char *); #ifdef __STDC__ struct sockaddr; #endif int accept(int, struct sockaddr *, int *); int bind(int, struct sockaddr *, int); int bcmp(const void *, const void *, u_int); void bcopy(const void *, void *, u_int); void bzero(void *, int); int chroot(const char *); int close(int); void closelog(void); int connect(int, struct sockaddr *, int); char *crypt(const char *, const char *); int daemon(int, int); int fchmod(int, int); int fchown(int, int, int); void endgrent(void); void endpwent(void); void endservent(void); #ifdef __STDC__ struct ether_addr; #endif struct ether_addr *ether_aton(const char *); int flock(int, int); #ifdef __STDC__ struct stat; #endif int fstat(int, struct stat *); #ifdef __STDC__ struct statfs; #endif int fstatfs(int, struct statfs *); int fsync(int); #ifdef __STDC__ struct timeb; #endif int ftime(struct timeb *); int ftruncate(int, off_t); int getdtablesize(void); long gethostid(void); int gethostname(char *, int); int getopt(int, char * const *, const char *); int getpagesize(void); char *getpass(char *); int getpeername(int, struct sockaddr *, int *); int getpriority(int, int); #ifdef __STDC__ struct rlimit; #endif int getrlimit(int, struct rlimit *); int getsockname(int, struct sockaddr *, int *); int getsockopt(int, int, int, char *, int *); #ifdef __STDC__ struct timeval; struct timezone; #endif int gettimeofday(struct timeval *, struct timezone *); char *getusershell(void); char *getwd(char *); int initgroups(const char *, int); int ioctl(int, int, caddr_t); int iruserok(u_long, int, char *, char *); int isatty(int); int killpg(int, int); int listen(int, int); #ifdef __STDC__ struct utmp; #endif void login(struct utmp *); int logout(const char *); off_t lseek(int, off_t, int); int lstat(const char *, struct stat *); int mkstemp(char *); char *mktemp(char *); int munmap(caddr_t, int); void openlog(const char *, int, int); void perror(const char *); int printf(const char *, ...); int puts(const char *); long random(void); int readlink(const char *, char *, int); #ifdef __STDC__ struct iovec; #endif int readv(int, struct iovec *, int); int recv(int, char *, u_int, int); int recvfrom(int, char *, u_int, int, struct sockaddr *, int *); int rename(const char *, const char *); int rcmd(char **, u_short, char *, char *, char *, int *); int rresvport(int *); int send(int, char *, u_int, int); int sendto(int, char *, u_int, int, struct sockaddr *, int); int setenv(const char *, const char *, int); int seteuid(int); int setpriority(int, int, int); int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); int setpgrp(int, int); void setpwent(void); int setrlimit(int, struct rlimit *); void setservent(int); int setsockopt(int, int, int, char *, int); int shutdown(int, int); int sigblock(int); void (*signal (int, void (*) (int))) (int); int sigpause(int); int sigsetmask(int); #ifdef __STDC__ struct sigvec; #endif int sigvec(int, struct sigvec *, struct sigvec*); int snprintf(char *, size_t, const char *, ...); int socket(int, int, int); int socketpair(int, int, int, int *); int symlink(const char *, const char *); void srandom(int); int sscanf(char *, const char *, ...); int stat(const char *, struct stat *); int statfs(char *, struct statfs *); char *strerror(int); int strcasecmp(const char *, const char *); #ifdef __STDC__ struct tm; #endif int strftime(char *, int, char *, struct tm *); int strncasecmp(const char *, const char *, int); long strtol(const char *, char **, int); void sync(void); void syslog(int, const char *, ...); int system(const char *); long tell(int); time_t time(time_t *); char *timezone(int, int); int tolower(int); int toupper(int); int truncate(char *, off_t); void unsetenv(const char *); int vfork(void); int vsprintf(char *, const char *, ...); int writev(int, struct iovec *, int); #ifdef __STDC__ struct rusage; #endif int utimes(const char *, struct timeval *); #if __GNUC__ <= 1 int wait(int *); pid_t wait3(int *, int, struct rusage *); #endif /* Ugly signal hacking */ #ifdef SIG_ERR #undef SIG_ERR #define SIG_ERR (void (*)(int))-1 #undef SIG_DFL #define SIG_DFL (void (*)(int))0 #undef SIG_IGN #define SIG_IGN (void (*)(int))1 #ifdef KERNEL #undef SIG_CATCH #define SIG_CATCH (void (*)(int))2 #endif #undef SIG_HOLD #define SIG_HOLD (void (*)(int))3 #endif tcpdump_3_5rel2/./lbl/gnuc.h100644 263 461 1361 6777230401 14503 0ustar mcrtcpdump/* @(#) $Header: /tcpdump/master/tcpdump/lbl/Attic/gnuc.h,v 1.3.1.1 1999/10/07 23:47:13 mcr Exp $ (LBL) */ /* Define __P() macro, if necessary */ #ifndef __P #if __STDC__ #define __P(protos) protos #else #define __P(protos) () #endif #endif /* inline foo */ #ifdef __GNUC__ #define inline __inline #else #define inline #endif /* * Handle new and old "dead" routine prototypes * * For example: * * __dead void foo(void) __attribute__((volatile)); * */ #ifdef __GNUC__ #ifndef __dead #define __dead volatile #endif #if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) #ifndef __attribute__ #define __attribute__(args) #endif #endif #else #ifndef __dead #define __dead #endif #ifndef __attribute__ #define __attribute__(args) #endif #endif tcpdump_3_5rel2/./lbl/os-solaris2.h100644 263 461 4234 6777230401 15726 0ustar mcrtcpdump/* * Copyright (c) 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: /tcpdump/master/tcpdump/lbl/os-solaris2.h,v 1.18.1.1 1999/10/07 23:47:13 mcr Exp $ (LBL) */ /* Prototypes missing in SunOS 5 */ int daemon(int, int); int dn_expand(const u_char *, const u_char *, const u_char *, char *, int); int dn_skipname(const u_char *, const u_char *); int flock(int, int); int getdtablesize(void); int gethostname(char *, int); int getpagesize(void); char *getusershell(void); char *getwd(char *); int iruserok(u_int, int, char *, char *); #ifdef __STDC__ struct utmp; void login(struct utmp *); #endif int logout(const char *); int res_query(const char *, int, int, u_char *, int); int setenv(const char *, const char *, int); #if defined(_STDIO_H) && defined(HAVE_SETLINEBUF) int setlinebuf(FILE *); #endif int sigblock(int); int sigsetmask(int); char *strerror(int); int snprintf(char *, size_t, const char *, ...); int strcasecmp(const char *, const char *); void unsetenv(const char *); #ifdef __STDC__ struct timeval; #endif int utimes(const char *, struct timeval *); tcpdump_3_5rel2/./lbl/os-ultrix4.h100644 263 461 3357 6777230401 15610 0ustar mcrtcpdump/* * Copyright (c) 1990, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: /tcpdump/master/tcpdump/lbl/os-ultrix4.h,v 1.19.1.1 1999/10/07 23:47:13 mcr Exp $ (LBL) */ /* Prototypes missing in Ultrix 4 */ int bcmp(const char *, const char *, u_int); void bcopy(const void *, void *, u_int); void bzero(void *, u_int); void endservent(void); int getopt(int, char * const *, const char *); #ifdef __STDC__ struct timeval; struct timezone; #endif int gettimeofday(struct timeval *, struct timezone *); int ioctl(int, int, caddr_t); int pfopen(char *, int); int setlinebuf(FILE *); int socket(int, int, int); int strcasecmp(const char *, const char *); tcpdump_3_5rel2/./.cvsignore100644 263 461 121 7015736453 14602 0ustar mcrtcpdumpversion.c Makefile config.status config.log config.cache config.h .devel tcpdump tcpdump_3_5rel2/./CHANGES100644 263 461 45522 7044151073 13642 0ustar mcrtcpdumpv3.5 Fri Jan 28 18:00:00 PST 2000 Bill Fenner - switch to config.h for autoconf - unify RCSID strings - Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser - Really fix the RIP printer - Fix MAC address -> name translation. - some -Wall -Wformat fixes - update makemib to parse much of SMIv2 - Print TCP sequence # with -vv even if you normally wouldn't - Print as much of IP/TCP/UDP headers as possible even if truncated. itojun@iijlab.net - -X will make a ascii dump. from netbsd. - telnet command sequence decoder (ff xx xx). from netbsd. - print-bgp.c: improve options printing. ugly code exists for unaligned option parsing (need some fix). - const poisoning in SMB decoder. - -Wall -Werror clean checks. - bring in KAME IPv6/IPsec decoding code. Assar Westerlund - SNMPv2 and SNMPv3 printer - If compiled with libsmi, tcpdump can load MIBs on the fly to decode SNMP packets. - Incorporate NFS parsing code from NetBSD. Adds support for nfsv3. - portability fixes - permit building in different directories. Ken Hornstein - bring in code at /afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing AFS3 packets Andrew Tridgell - SMB printing code Love - print-rx.c: add code for printing MakeDir and StoreStatus. Also change date format to the right one. Michael C. Richardson - Created tcpdump.org repository v3.4 Sat Jul 25 12:40:55 PDT 1998 - Hardwire Linux slip support since it's too hard to detect. - Redo configuration of "network" libraries (-lsocket and -lnsl) to deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu) - Added -a which tries to translate network and broadcast addresses to names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl) - Added a configure option to disable gcc. - Added a "raw" packet printer. - Not having an interface address is no longer fatal. Requested by John Hawkinson. - Rework signal setup to accommodate Linux. - OSPF truncation check fix. Also display the type of OSPF packets using MD5 authentication. Thanks to Brian Wellington (bwelling@tis.com) - Fix truncation check bugs in the Kerberos printer. Reported by Ezra Peisach (epeisach@mit.edu) - Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka (plonka@mfa.com) - Specify full install target as a way of detecting if install directory does not exist. Thanks to Dave Plonka. - Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie (paul@vix.com) - Fix off-by-one bug when testing size of ethernet packets. Thanks to Marty Leisner (leisner@sdsp.mc.xerox.com) - Add a local autoconf macro to check for routines in libraries; the autoconf version is broken (it only puts the library name in the cache variable name). Thanks to John Hawkinson. - Add a local autoconf macro to check for types; the autoconf version is broken (it uses grep instead of actually compiling a code fragment). - Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header formats. - Extend OSF ip header workaround to versions 1 and 2. - Fix some signed problems in the nfs printer. As reported by David Sacerdote (davids@silence.secnet.com) - Detect group wheel and use it as the default since BSD/OS' install can't hack numeric groups. Reported by David Sacerdote. - AIX needs special loader options. Thanks to Jonathan I. Kamens (jik@cam.ov.com) - Fixed the nfs printer to print port numbers in decimal. Thanks to Kent Vander Velden (graphix@iastate.edu) - Find installed libpcap in /usr/local/lib when not using gcc. - Disallow network masks with non-network bits set. - Attempt to detect "egcs" versions of gcc. - Add missing closing double quotes when displaying bootp strings. Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca) v3.3 Sat Nov 30 20:56:27 PST 1996 - Added Linux support. - GRE encapsulated packet printer thanks to John Hawkinson (jhawk@mit.edu) - Rewrite gmt2local() to avoid problematic os dependencies. - Suppress nfs truncation message on errors. - Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro. Reported by Joachim Ott (ott@ardala.han.de) - Enable "ip_hl vs. ip_vhl" workaround for OSF4 too. - Print arp hardware type in host order. Thanks to Onno van der Linden (onno@simplex.nl) - Avoid solaris compiler warnings. Thanks to Bruce Barnett (barnett@grymoire.crd.ge.com) - Fix rip printer to not print one more route than is actually in the packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and Bill Fenner (fenner@parc.xerox.com) - Use autoconf endian detection since BYTE_ORDER isn't defined on all systems. - Fix dvmrp printer truncation checks and add a dvmrp probe printer. Thanks to Danny J. Mitzel (mitzel@ipsilon.com) - Rewrite ospf printer to improve truncation checks. - Don't parse tcp options past the EOL. As noted by David Sacerdote (davids@secnet.com). Also, check tcp options to make sure they ar actually in the tcp header (in addition to the normal truncation checks). Fix the SACK code to print the N blocks (instead of the first block N times). - Don't say really small UDP packets are truncated just because they aren't big enough to be a RPC. As noted by David Sacerdote. v3.2.1 Sun Jul 14 03:02:26 PDT 1996 - Added rfc1716 icmp codes as suggested by Martin Fredriksson (martin@msp.se) - Print mtu for icmp unreach need frag packets. Thanks to John Hawkinson (jhawk@mit.edu) - Decode icmp router discovery messages. Thanks to Jeffrey Honig (jch@bsdi.com) - Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida (kushida@trl.ibm.co.jp) - Check igmp checksum if possible. Thanks to John Hawkinson. - Made changes for SINIX. Thanks to Andrej Borsenkow (borsenkow.msk@sni.de) - Use autoconf's idea of the top level directory in install targets. Thanks to John Hawkinson. - Avoid infinite loop in tcp options printing code. Thanks to Jeffrey Mogul (mogul@pa.dec.com) - Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop. Thanks to John Hawkinson. - Added some more packet truncation checks. - On systems that have it, use sigset() instead of signal() since signal() has different semantics on these systems. - Fixed some more alignment problems on the alpha. - Add code to massage unprintable characters in the domain and ipx printers. Thanks to John Hawkinson. - Added explicit netmask support. Thanks to Steve Nuchia (steve@research.oknet.com) - Add "sca" keyword (for DEC cluster services) as suggested by Terry Kennedy (terry@spcvxa.spc.edu) - Add "atalk" keyword as suggested by John Hawkinson. - Added an igrp printer. Thanks to Francis Dupont (francis.dupont@inria.fr) - Print IPX net numbers in hex a la Novell Netware. Thanks to Terry Kennedy (terry@spcvxa.spc.edu) - Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin (pascal.hennequin@hugo.int-evry.fr) - Added some ETHERTYPEs missing on some systems. - Added truncated packet macros and various checks. - Fixed endian problems with the DECnet printer. - Use $CC when checking gcc version. Thanks to Carl Lindberg (carl_lindberg@blacksmith.com) - Fixes for AIX (although this system is not yet supported). Thanks to John Hawkinson. - Fix bugs in the autoconf misaligned accesses code fragment. - Include sys/param.h to get BYTE_ORDER in a few places. Thanks to Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp) v3.2 Sun Jun 23 02:28:10 PDT 1996 - Print new icmp unreachable codes as suggested by Martin Fredriksson (martin@msp.se). Also print code value when unknown for icmp redirect and time exceeded. - Fix an alignment endian bug in getname(). Thanks to John Hawkinson. - Define "new" domain record types if not found in arpa/nameserv.h. Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also fixed an endian bug when printing mx record and added some new record types. - Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com) - Added T/TCP options printing. As suggested by Richard Stevens (rstevens@noao.edu) - Use autoconf to detect architectures that can't handle misaligned accesses. v3.1 Thu Jun 13 20:59:32 PDT 1996 - Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd and bind (as suggested by Charles Hannum). - Port to GNU autoconf. - Add support for printing DVMRP and PIM traffic thanks to Havard Eidnes (Havard.Eidnes@runit.sintef.no). - Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian define being referenced. Reported by Terry Kennedy. - Minor fixes to the man page thanks to Mark Andrews. - Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah (bmah@cs.berkeley.edu). - Added support for new dns types, thanks to Rainer Orth. - Fixed tftp_print() to print the block number for ACKs. - Document -dd and -ddd. Resulted from a bug report from Charlie Slater (cslater@imatek.com). - Check return status from malloc/calloc/etc. - Check return status from pcap_loop() so we can print an error and exit with a bad status if there were problems. - Bail if ip option length is <= 0. Resulted from a bug report from Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au). - Print out a little more information for sun rpc packets. - Add suport for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu). - Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were wrong on little endian machines). - Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford (crawdad@fnal.gov). - Fix ntp_print() to not print garbage when the stratum is "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com). - Rewrote tcp options printer code to check for truncation. Added selective acknowledgment case. - Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig (jch@bsdi.com) - Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one octet for the sa_family member. Thanks to Yoshitaka Tokugawa (toku@dit.co.jp) - Don't checksum ip header if we don't have all of it. Thanks to John Hawkinson (jhawk@mit.edu). - Print out hostnames if possible in egp printer. Thanks to Jeffrey Honig (jhc@bsdi.com) v3.1a1 Wed May 3 19:21:11 PDT 1995 - Include time.h when SVR4 is defined to avoid problems under Solaris 2.3. - Fix etheraddr_string() in the ETHER_SERVICE to return the saved strings, not the local buffer. Thanks to Stefan Petri (petri@ibr.cs.tu-bs.de). - Detect when pcap raises the snaplen (e.g. with snit). Print a warning that the selected value was not used. Thanks to Pascal Hennequin (Pascal.Hennequin@hugo.int-evry.fr). - Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin. - BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu). v3.0.3 Sun Oct 1 18:35:00 GMT 1995 - Although there never was a 3.0.3 release, the linux boys cleverly "released" one in late 1995. v3.0.2 Thu Apr 20 21:28:16 PDT 1995 - Change configuration to not use gcc v2 flags with gcc v1. - Redo gmt2local() so that it works under BSDI (which seems to return an empty timezone struct from gettimeofday()). Based on report from Terry Kennedy (terry@spcvxa.spc.edu). - Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based on report from Mark Andrews (mandrews@alias.com). - Don't pass cc flags to gcc. Resulted from a bug report from Rainer Orth (ro@techfak.uni-bielefeld.de). - Fixed printout of connection id for uncompressed tcp slip packets. Resulted from a bug report from Richard Stevens (rstevens@noao.edu). - Hack around deficiency in Ultrix's make. - Add ETHERTYPE_TRAIL define which is missing from irix5. v3.0.1 Wed Aug 31 22:42:26 PDT 1994 - Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4. v3.0 Mon Jun 20 19:23:27 PDT 1994 - Added support for printing tcp option timestamps thanks to Mark Andrews (mandrews@alias.com). - Reorganize protocol dumpers to take const pointers to packets so they never change the contents (i.e., they used to do endian conversions in place). Previously, whenever more than one pass was taken over the packet, the packet contents would be dumped incorrectly (i.e., the output form -x would be wrong on little endian machines because the protocol dumpers would modify the data). Thanks to Charles Hannum (mycroft@gnu.ai.mit.edu) for reporting this problem. - Added support for decnet protocol dumping thanks to Jeff Mogul (mogul@pa.dec.com). - Fix bug that caused length of packet to be incorrectly printed (off by ether header size) for unknown ethernet types thanks to Greg Miller (gmiller@kayak.mitre.org). - Added support for IPX protocol dumping thanks to Brad Parker (brad@fcr.com). - Added check to verify IP header checksum under -v thanks to Brad Parker (brad@fcr.com). - Move packet capture code to new libpcap library (which is packaged separately). - Prototype everything and assume an ansi compiler. - print-arp.c: Print hardware ethernet addresses if they're not what we expect. - print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags. Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com). - print-fddi.c: Improvements. Thanks to Jeffrey Mogul (mogul@pa.dec.com). - print-icmp.c: Byte swap netmask before printing. Thanks to Richard Stevens (rstevens@noao.edu). Print icmp type when unknown. - print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets. By default, only the inner packet is dumped, appended with the token "(encap)". Under -v, both the inner and output packets are dumped (on the same line). Note that the filter applies to the original packet, not the encapsulated packet. So if you run tcpdump on a net with an IP Multicast tunnel, you cannot filter out the datagrams using the conventional syntax. (You can filter away all the ip-in-ip traffic with "not ip proto 4".) - print-nfs.c: Keep pending rpc's in circular table. Add generic nfs header and remove os dependences. Thanks to Jeffrey Mogul. - print-ospf.c: Improvements. Thanks to Jeffrey Mogul. - tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc" (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords Add && and || operators v2.2.1 Tue Jun 6 17:57:22 PDT 1992 - Fix bug with -c flag. v2.2 Fri May 22 17:19:41 PDT 1992 - savefile.c: Remove hack that shouldn't have been exported. Add truncate checks. - Added the 'icmp' keyword. For example, 'icmp[0] != 8 and icmp[0] != 0' matches non-echo/reply ICMP packets. - Many improvements to filter code optimizer. - Added 'multicast' keyword and extended the 'broadcast' keyword can now be so that protocol qualifications are allowed. For example, "ip broadcast" and "ether multicast" are valid filters. - Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo'). Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel patches to netinet/if_loop.c. - Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS. Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs. - Added EGP and OSPF printers, thanks to Jeffrey Honig. v2.1 Tue Jan 28 11:00:14 PST 1992 - Internal release (never publically exported). v2.0.1 Sun Jan 26 21:10:10 PDT - Various byte ordering fixes. - Add truncation checks. - inet.c: Support BSD style SIOCGIFCONF. - nametoaddr.c: Handle multi addresses for single host. - optimize.c: Rewritten. - pcap-bpf.c: don't choke when we get ptraced. only set promiscuous for broadcast nets. - print-atal.c: Fix an alignment bug (thanks to stanonik@nprdc.navy.mil) Add missing printf() argument. - print-bootp.c: First attempt at decoding the vendor buffer. - print-domain.c: Fix truncation checks. - print-icmp.c: Calculate length of packets from the ip header. - print-ip.c: Print frag id in decimal (so it's easier to match up with non-frags). Add support for ospf, egp and igmp. - print-nfs.c: Lots of changes. - print-ntp.c: Make some verbose output depend on -v. - print-snmp.c: New version from John LoVerso. - print-tcp.c: Print rfc1072 tcp options. - tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits (microseconds) worth of precision. Fix uid bugs. - A packet dumper has been added (thanks to Jeff Mogul of DECWRL). With this option, you can create an architecture independent binary trace file in real time, without the overhead of the packet printer. At a later time, the packets can be filtered (again) and printed. - BSD is supported. You must have BPF in your kernel. Since the filtering is now done in the kernel, fewer packets are dropped. In fact, with BPF and the packet dumper option, a measly Sun 3/50 can keep up with a busy network. - Compressed SLIP packets can now be dumped, provided you use our SLIP software and BPF. These packets are dumped as any other IP packet; the compressed headers are dumped with the '-e' option. - Machines with little-endian byte ordering are supported (thanks to Jeff Mogul). - Ultrix 4.0 is supported (also thanks to Jeff Mogul). - IBM RT and Stanford Enetfilter support has been added by Rayan Zachariassen . Tcpdump has been tested under both the vanilla Enetfilter interface, and the extended interface (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter. - TFTP packets are now printed (requests only). - BOOTP packets are now printed. - SNMP packets are now printed. (thanks to John LoVerso of Xylogics). - Sparc architectures, including the Sparcstation-1, are now supported thanks to Steve McCanne and Craig Leres. - SunOS 4 is now supported thanks to Micky Liu of Columbia University (micky@cunixc.cc.columbia.edu). - IP options are now printed. - RIP packets are now printed. - There's a -v flag that prints out more information than the default (e.g., it will enable printing of IP ttl, tos and id) and -q flag that prints out less (e.g., it will disable interpretation of AppleTalk-in-UDP). - The grammar has undergone substantial changes (if you have an earlier version of tcpdump, you should re-read the manual entry). The most useful change is the addition of an expression syntax that lets you filter on arbitrary fields or values in the packet. E.g., "ip[0] > 0x45" would print only packets with IP options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN packets. The most painful change is that concatenation no longer means "and" -- e.g., you have to say "host foo and port bar" instead of "host foo port bar". The up side to this down is that repeated qualifiers can be omitted, making most filter expressions shorter. E.g., you can now say "ip host foo and (bar or baz)" to look at ip traffic between hosts foo and bar or between hosts foo and baz. [The old way of saying this was "ip host foo and (ip host bar or ip host baz)".] v2.0 Sun Jan 13 12:20:40 PST 1991 - Initial public release. @(#) $Header: /tcpdump/master/tcpdump/CHANGES,v 1.63.2.1 2000/01/27 23:18:19 fenner Exp $ (LBL) tcpdump_3_5rel2/./FILES100644 263 461 2562 6777230375 13430 0ustar mcrtcpdumpCHANGES FILES INSTALL Makefile.in README VERSION aclocal.m4 addrtoname.c addrtoname.h appletalk.h atime.awk bootp.h bpf_dump.c config.guess config.sub configure configure.in decnet.h ethertype.h extract.h fddi.h gmt2local.c gmt2local.h igrp.h install-sh interface.h ipx.h lbl/gnuc.h lbl/os-solaris2.h lbl/os-sunos4.h lbl/os-ultrix4.h linux-include/net/slcompress.h linux-include/net/slip.h linux-include/netinet/if_ether.h linux-include/netinet/in_systm.h linux-include/netinet/ip.h linux-include/netinet/ip_icmp.h linux-include/netinet/ip_var.h linux-include/netinet/tcp.h linux-include/netinet/tcp_var.h linux-include/netinet/tcpip.h linux-include/netinet/udp.h linux-include/netinet/udp_var.h linux-include/sys/mbuf.h llc.h machdep.c machdep.h makemib mib.h mkdep netbios.h nfsfh.h nfsv2.h ntp.h ospf.h packetdat.awk parsenfsfh.c ppp.h print-arp.c print-atalk.c print-atm.c print-bootp.c print-decnet.c print-domain.c print-dvmrp.c print-egp.c print-ether.c print-fddi.c print-gre.c print-icmp.c print-igrp.c print-ip.c print-ipx.c print-isoclns.c print-krb.c print-llc.c print-netbios.c print-nfs.c print-ntp.c print-null.c print-ospf.c print-pim.c print-ppp.c print-raw.c print-rip.c print-sl.c print-snmp.c print-sunrpc.c print-tcp.c print-tftp.c print-udp.c print-wb.c savestr.c savestr.h send-ack.awk setsignal.c setsignal.h stime.awk strcasecmp.c tcpdump.1 tcpdump.c util.c vfprintf.c tcpdump_3_5rel2/./INSTALL100644 263 461 17756 7045072371 13714 0ustar mcrtcpdump@(#) $Header: /tcpdump/master/tcpdump/INSTALL,v 1.36.1.1.2.3 2000/01/30 17:29:29 itojun Exp $ (LBL) If you have not built libpcap, do so first. See the README file in this directory for the ftp location. You will need an ANSI C compiler to build tcpdump. The configure script will abort if your compiler is not ANSI compliant. If this happens, use the GNU C compiler, available via anonymous ftp: ftp://prep.ai.mit.edu/pub/gnu/gcc.tar.gz After libpcap has been built (either install it with "make install" and "make install-incl" or make sure both the libpcap and tcpdump source trees are in the same directory), edit the BINDEST and MANDEST paths in Makefile.in and run ./configure (a shell script). "configure" will determine your system attributes and generate an appropriate Makefile from Makefile.in. Now build tcpdump by running "make". If everything builds ok, su and type "make install" (and optionally "make install-man). This will install tcpdump and the manual entry. By default, tcpdump is installed with group execute permissions. The group used depends on your os. In addition, BPF packet access is controlled by permissions to /dev/bpf0. In any case, DO NOT give untrusted users the capability of running tcpdump. Tcpdump can capture any traffic on your net, including passwords. Note that tcpdump is shipped with some systems, for example, DEC/OSF and BSD/386. Remember to remove or rename the installed binary when upgrading. If you use Linux, this version of libpcap is known to compile and run under Red Hat 4.0 with the 2.0.25 kernel. It may work with earlier 2.X versions but is guaranteed not to work with 1.X kernels. If you use OSF 4, note that that there appears to be some serious bugs with the stock C compiler. The configure code fragments that detect if the ether_header and ether_arp structs use the ether_addr struct generates warnings instead of fatal errors (?!?!) This makes configure think that the ether_arp struct is used when in fact it is not. To get around this, comment out: #define ETHER_HEADER_HAS_EA 1 and #define ETHER_ARP_HAS_EA 1 from config.h after running configure (and before attempting to compile tcpdump). Another workaround is to use gcc. If your system is not one which we have tested tcpdump on, you may have to modify the configure script and Makefile.in. Please send us patches for any modifications you need to make. == Tested platforms == NetBSD 1.4.1/i386 (mcr, itojun) RedHat Linux 6.1/i386 (assar) FreeBSD 2.2.8/i386 (itojun) FILES ----- CHANGES - description of differences between releases FILES - list of files exported as part of the distribution INSTALL - this file Makefile.in - compilation rules (input to the configure script) README - description of distribution README-AFS - VERSION - version of this release acconfig.h - autoconf input aclocal.m4 - autoconf macros addrtoname.c - address to hostname routines addrtoname.h - address to hostname definitions appletalk.h - AppleTalk definitions atime.awk - TCP ack awk script bootp.h - BOOTP definitions bpf_dump.c - bpf instruction pretty-printer routine config.guess - autoconf support config.h.in - autoconf input config.sub - autoconf support configure - configure script (run this first) configure.in - configure script source decnet.h - DECnet definitions dhcp6.h - IPv6 DHCP definitions dhcp6opt.h - IPv6 DHCP options ethertype.h - ethernet definitions extract.h - alignment definitions fddi.h - Fiber Distributed Data Interface definitions gmt2local.c - time conversion routines gmt2local.h - time conversion prototypes igrp.h - Interior Gateway Routing Protocol definitions install-sh - BSD style install script interface.h - globals, prototypes and definitions ipsec_doi.h - ISAKMP packet definitions - RFC2407 ipx.h - IPX definitions isakmp.h - ISAKMP packet definitions - RFC2408 l2tp.h - lane.h - lbl/gnuc.h - gcc macros and defines lbl/os-*.h - os dependent defines and prototypes linux-include/* - network include files missing on Linux llc.h - LLC definitions machdep.c - machine dependent routines machdep.h - machine dependent definitions makemib - mib to header script mib.h - mib definitions missing/* - replacements for missing library functions mkdep - construct Makefile dependency list netbios.h - NETBIOS definitions nfs.h - Network File System V2 definitions nfsfh.h - Network File System file handle definitions ntp.h - Network Time Protocol definitions oakley.h - ISAKMP packet definitions - RFC2409 ospf.h - Open Shortest Path First definitions ospf6.h - IPv6 Open Shortest Path First definitions packetdat.awk - TCP chunk summary awk script parsenfsfh.c - Network File System file parser routines ppp.h - Point to Point Protocol definitions print-ah.c - IPSEC Authentication Header printer routines print-arp.c - Address Resolution Protocol printer routines print-ascii.c - ASCII packet dump routines print-atalk.c - AppleTalk printer routines print-atm.c - atm printer routines print-bgp.c - Border Gateway Protocol printer routines print-bootp.c - BOOTP and IPv4 DHCP printer routines print-chdlc.c - CHDLC printer routines print-cip.c - print-decnet.c - DECnet printer routines print-dhcp6.c - IPv6 DHCP printer routines print-domain.c - Domain Name System printer routines print-dvmrp.c - Distance Vector Multicast Routing Protocol printer routines print-egp.c - External Gateway Protocol printer routines print-esp.c - IPSEC Encapsulating Security Payload printer routines print-ether.c - ethernet printer routines print-fddi.c - Fiber Distributed Data Interface printer routines print-frag6.c - IPv6 fragmentation header printer routines print-gre.c - Generic Routing Encapsulation printer routines print-icmp.c - Internet Control Message Protocol printer routines print-icmp6.c - IPv6 Internet Control Message Protocol printer routines print-igrp.c - Interior Gateway Routing Protocol printer routines print-ip.c - ip printer routines print-ip6.c - IPv6 printer routines print-ip6opts.c - IPv6 header option printer routines print-ipcomp.c - IP Payload Compression Protocol printer routines print-ipx.c - IPX printer routines print-isakmp.c - Internet Security Association and Key Management Protocol print-isoclns.c - isoclns printer routines print-krb.c - Kerberos printer routines print-l2tp.c - Layer Two Tunneling Protocol printer routines print-lane.c - print-lcp.c - print-llc.c - llc printer routines print-mobile.c - IPv4 mobility printer routines print-netbios.c - netbios printer routines print-nfs.c - Network File System printer routines print-ntp.c - Network Time Protocol printer routines print-null.c - null printer routines print-ospf.c - Open Shortest Path First printer routines print-ospf6.c - IPv6 Open Shortest Path First printer routines print-pim.c - Protocol Independent Multicast printer routines print-ppp.c - Point to Point Protocol printer routines print-pppoe.c - print-raw.c - raw printer routines print-rip.c - Routing Information Protocol printer routines print-ripng.c - IPv6 Routing Information Protocol printer routines print-rt6.c - IPv6 routing header printer routines print-rx.c - AFS RX printer routines print-sl.c - Compressed Serial Line Internet Protocol printer routines print-smb.c - SMB (samba) printer routines print-snmp.c - Simple Network Management Protocol printer routines print-sunrpc.c - Sun Remote Procedure Call printer routines print-tcp.c - TCP printer routines print-telnet.c - Telnet option printer routines print-tftp.c - Trivial File Transfer Protocol printer routines print-udp.c - UDP printer routines print-vjc.c - PPP Van Jacovson compression (RFC1144) printer routines print-wb.c - white board printer routines route6d.h - packet definition for IPv6 Routing Information Protocol rx.h - savestr.c - strdup() replacement savestr.h - savestr prototypes send-ack.awk - unidirectional tcp send/ack awk script setsignal.c - os independent signal routines setsignal.h - os independent signal prototypes smb.h - smbutil.c - stime.awk - TCP send awk script strcasecmp.c - missing routine tcpdump.1 - manual entry tcpdump.c - main program util.c - utility routines vfprintf.c - emulation routine tcpdump_3_5rel2/./Makefile.in100644 263 461 13434 7030170711 14704 0ustar mcrtcpdump# Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that: (1) source code distributions # retain the above copyright notice and this paragraph in its entirety, (2) # distributions including binary code include the above copyright notice and # this paragraph in its entirety in the documentation or other materials # provided with the distribution, and (3) all advertising materials mentioning # features or use of this software display the following acknowledgement: # ``This product includes software developed by the University of California, # Lawrence Berkeley Laboratory and its contributors.'' Neither the name of # the University nor the names of its contributors may be used to endorse # or promote products derived from this software without specific prior # written permission. # THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # # @(#) $Header: /tcpdump/master/tcpdump/Makefile.in,v 1.219 1999/12/22 15:44:09 itojun Exp $ (LBL) # # Various configurable paths (remember to edit Makefile.in, not Makefile) # # Top level hierarchy prefix = @prefix@ exec_prefix = @exec_prefix@ # Pathname of directory to install the binary BINDEST = @sbindir@ # Pathname of directory to install the man page MANDEST = @mandir@ # VPATH srcdir = @srcdir@ VPATH = @srcdir@ # # You shouldn't need to edit anything below here. # CC = @CC@ PROG = tcpdump CCOPT = @V_CCOPT@ INCLS = -I. @V_INCLS@ DEFS = @DEFS@ # Standard CFLAGS CFLAGS = $(CCOPT) $(DEFS) $(INCLS) # Standard LDFLAGS LDFLAGS = @LDFLAGS@ # Standard LIBS LIBS = @LIBS@ INSTALL = @INSTALL@ # Explicitly define compilation rule since SunOS 4's make doesn't like gcc. # Also, gcc does not remove the .o before forking 'as', which can be a # problem if you don't own the file but can write to the directory. .c.o: @rm -f $@ $(CC) $(CFLAGS) -c $(srcdir)/$*.c CSRC = tcpdump.c \ print-arp.c print-atalk.c print-atm.c print-bootp.c \ print-decnet.c print-domain.c print-dvmrp.c print-egp.c \ print-ether.c print-fddi.c print-gre.c print-icmp.c \ print-igrp.c print-ip.c print-ipx.c print-isoclns.c print-krb.c \ print-llc.c print-nfs.c print-ntp.c print-null.c print-ospf.c \ print-pim.c print-ppp.c print-raw.c print-rip.c print-sl.c \ print-snmp.c print-sunrpc.c print-tcp.c print-tftp.c print-udp.c \ print-wb.c addrtoname.c bpf_dump.c gmt2local.c machdep.c \ parsenfsfh.c util.c savestr.c setsignal.c \ print-esp.c print-ah.c print-vjc.c print-isakmp.c print-chdlc.c \ print-ipcomp.c print-mobile.c print-l2tp.c print-bgp.c print-rx.c \ print-lane.c print-cip.c print-pppoe.c print-lcp.c \ print-smb.c smbutil.c print-ascii.c print-telnet.c LOCALSRC = @LOCALSRC@ GENSRC = version.c LIBOBJS = @LIBOBJS@ SRC = $(CSRC) $(GENSRC) $(LOCALSRC) # We would like to say "OBJ = $(SRC:.c=.o)" but Ultrix's make cannot # hack the extra indirection OBJ = $(CSRC:.c=.o) $(GENSRC:.c=.o) $(LOCALSRC:.c=.o) @LIBOBJS@ HDR = addrtoname.h appletalk.h bootp.h decnet.h \ ethertype.h extract.h fddi.h gmt2local.h igrp.h interface.h \ ipx.h llc.h machdep.h mib.h nfsfh.h nfsv2.h ntp.h ospf.h \ savestr.c setsignal.h \ gnuc.h ipsec_doi.h isakmp.h l2tp.h netbios.h oakley.h ospf6.h ppp.h \ route6d.h TAGHDR = \ /usr/include/arpa/tftp.h \ /usr/include/net/if_arp.h \ /usr/include/net/slip.h \ /usr/include/netinet/if_ether.h \ /usr/include/netinet/in.h \ /usr/include/netinet/ip_icmp.h \ /usr/include/netinet/tcp.h \ /usr/include/netinet/udp.h \ /usr/include/protocols/routed.h TAGFILES = $(SRC) $(HDR) $(TAGHDR) CLEANFILES = $(PROG) $(OBJ) $(GENSRC) all: $(PROG) $(PROG): $(OBJ) @V_PCAPDEP@ @rm -f $@ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJ) $(LIBS) getnameinfo.o: $(srcdir)/missing/getnameinfo.c $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/getnameinfo.c getaddrinfo.o: $(srcdir)/missing/getaddrinfo.c $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/getaddrinfo.c inet_pton.o: $(srcdir)/missing/inet_pton.c $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/inet_pton.c inet_ntop.o: $(srcdir)/missing/inet_ntop.c $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/inet_ntop.c inet_aton.o: $(srcdir)/missing/inet_aton.c $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/inet_aton.c version.o: version.c $(CC) $(CFLAGS) -c version.c version.c: $(srcdir)/VERSION @rm -f $@ sed -e 's/.*/char version[] = "&";/' $(srcdir)/VERSION > $@ install: force [ -d $(DESTDIR)$(BINDEST) ] || mkdir -p $(DESTDIR)$(BINDEST) $(INSTALL) -m 550 -o bin -g @V_GROUP@ $(PROG) \ $(DESTDIR)$(BINDEST)/$(PROG) install-man: force [ -d $(DESTDIR)$(MANDEST)/man1 ] || mkdir -p $(DESTDIR)$(MANDEST)/man1 $(INSTALL) -m 444 -o bin -g bin $(srcdir)/$(PROG).1 \ $(DESTDIR)$(MANDEST)/man1/$(PROG).1 lint: $(GENSRC) force lint -hbxn $(SRC) | \ grep -v 'struct/union .* never defined' | \ grep -v 'possible pointer alignment problem' clean: rm -f $(CLEANFILES) distclean: rm -f $(CLEANFILES) Makefile config.cache config.log config.status \ config.h gnuc.h os-proto.h tags: $(TAGFILES) ctags -wtd $(TAGFILES) tar: force @cwd=`pwd` ; dir=`basename $$cwd` ; name=$(PROG)-`cat VERSION` ; \ list="" ; tar="tar chFFf" ; \ for i in `cat FILES` ; do list="$$list $$name/$$i" ; done; \ echo \ "rm -f ../$$name; ln -s $$dir ../$$name" ; \ rm -f ../$$name; ln -s $$dir ../$$name ; \ echo \ "(cd .. ; $$tar - [lots of files]) | compress > /tmp/$$name.tar.Z" ; \ (cd .. ; $$tar - $$list) | compress > /tmp/$$name.tar.Z ; \ echo \ "rm -f ../$$name" ; \ rm -f ../$$name force: /tmp depend: $(GENSRC) force ./mkdep -c $(CC) $(DEFS) $(INCLS) $(SRC) tcpdump_3_5rel2/./README100644 263 461 21615 7133254552 13531 0ustar mcrtcpdump@(#) $Header: /tcpdump/master/tcpdump/README,v 1.54.1.1.2.2 2000/07/13 05:53:46 guy Exp $ (LBL) TCPDUMP 3.5 Now maintained by "The Tcpdump Group" Send patches to patches@tcpdump.org See www.tcpdump.org formerly from Lawrence Berkeley National Laboratory Network Research Group ftp://ftp.ee.lbl.gov/tcpdump.tar.Z This directory contains source code for tcpdump, a tool for network monitoring and data acquisition. This software was originally developed by the Network Research Group at the Lawrence Berkeley National Laboratory. The original distribution is available via anonymous ftp to ftp.ee.lbl.gov, in tcpdump.tar.Z. More recent development is performed at tcpdump.org, http://www.tcpdump.org/ Tcpdump uses libpcap, a system-independent interface for user-level packet capture. Before building tcpdump, you must first retrieve and build libpcap, also originally from LBL and now being maintained by tcpdump.org; see http://www.tcpdump.org/ . Once libpcap is built (either install it or make sure it's in ../libpcap), you can build tcpdump using the procedure in the INSTALL file. The program is loosely based on SMI's "etherfind" although none of the etherfind code remains. It was originally written by Van Jacobson as part of an ongoing research project to investigate and improve tcp and internet gateway performance. The parts of the program originally taken from Sun's etherfind were later re-written by Steven McCanne of LBL. To insure that there would be no vestige of proprietary code in tcpdump, Steve wrote these pieces from the specification given by the manual entry, with no access to the source of tcpdump or etherfind. Over the past few years, tcpdump has been steadily improved by the excellent contributions from the Internet community (just browse through the CHANGES file). We are grateful for all the input. Richard Stevens gives an excellent treatment of the Internet protocols in his book ``TCP/IP Illustrated, Volume 1''. If you want to learn more about tcpdump and how to interpret its output, pick up this book. Some tools for viewing and analyzing tcpdump trace files are available from the Internet Traffic Archive: http://www.acm.org/sigcomm/ITA/ Another tool that tcpdump users might find useful is tcpslice: ftp://ftp.ee.lbl.gov/tcpslice.tar.Z It is a program that can be used to extract portions of tcpdump binary trace files. See the above distribution for further details and documentation. Problems, bugs, questions, desirable enhancements, etc. should be sent to the address "tcpdump-workers@tcpdump.org" Source code contributions, etc., should be sent to the email address "patches@tcpdump.org" Current versions can be found at www.tcpdump.org - The TCPdump team original text by: Steve McCanne, Craig Leres, Van Jacobson ------------------------------------- This directory also contains some short awk programs intended as examples of ways to reduce tcpdump data when you're tracking particular network problems: send-ack.awk Simplifies the tcpdump trace for an ftp (or other unidirectional tcp transfer). Since we assume that one host only sends and the other only acks, all address information is left off and we just note if the packet is a "send" or an "ack". There is one output line per line of the original trace. Field 1 is the packet time in decimal seconds, relative to the start of the conversation. Field 2 is delta-time from last packet. Field 3 is packet type/direction. "Send" means data going from sender to receiver, "ack" means an ack going from the receiver to the sender. A preceding "*" indicates that the data is a retransmission. A preceding "-" indicates a hole in the sequence space (i.e., missing packet(s)), a "#" means an odd-size (not max seg size) packet. Field 4 has the packet flags (same format as raw trace). Field 5 is the sequence number (start seq. num for sender, next expected seq number for acks). The number in parens following an ack is the delta-time from the first send of the packet to the ack. A number in parens following a send is the delta-time from the first send of the packet to the current send (on duplicate packets only). Duplicate sends or acks have a number in square brackets showing the number of duplicates so far. Here is a short sample from near the start of an ftp: 3.00 0.20 send . 512 3.20 0.20 ack . 1024 (0.20) 3.20 0.00 send P 1024 3.40 0.20 ack . 1536 (0.20) 3.80 0.40 * send . 0 (3.80) [2] 3.82 0.02 * ack . 1536 (0.62) [2] Three seconds into the conversation, bytes 512 through 1023 were sent. 200ms later they were acked. Shortly thereafter bytes 1024-1535 were sent and again acked after 200ms. Then, for no apparent reason, 0-511 is retransmitted, 3.8 seconds after its initial send (the round trip time for this ftp was 1sec, +-500ms). Since the receiver is expecting 1536, 1536 is re-acked when 0 arrives. packetdat.awk Computes chunk summary data for an ftp (or similar unidirectional tcp transfer). [A "chunk" refers to a chunk of the sequence space -- essentially the packet sequence number divided by the max segment size.] A summary line is printed showing the number of chunks, the number of packets it took to send that many chunks (if there are no lost or duplicated packets, the number of packets should equal the number of chunks) and the number of acks. Following the summary line is one line of information per chunk. The line contains eight fields: 1 - the chunk number 2 - the start sequence number for this chunk 3 - time of first send 4 - time of last send 5 - time of first ack 6 - time of last ack 7 - number of times chunk was sent 8 - number of times chunk was acked (all times are in decimal seconds, relative to the start of the conversation.) As an example, here is the first part of the output for an ftp trace: # 134 chunks. 536 packets sent. 508 acks. 1 1 0.00 5.80 0.20 0.20 4 1 2 513 0.28 6.20 0.40 0.40 4 1 3 1025 1.16 6.32 1.20 1.20 4 1 4 1561 1.86 15.00 2.00 2.00 6 1 5 2049 2.16 15.44 2.20 2.20 5 1 6 2585 2.64 16.44 2.80 2.80 5 1 7 3073 3.00 16.66 3.20 3.20 4 1 8 3609 3.20 17.24 3.40 5.82 4 11 9 4097 6.02 6.58 6.20 6.80 2 5 This says that 134 chunks were transferred (about 70K since the average packet size was 512 bytes). It took 536 packets to transfer the data (i.e., on the average each chunk was transmitted four times). Looking at, say, chunk 4, we see it represents the 512 bytes of sequence space from 1561 to 2048. It was first sent 1.86 seconds into the conversation. It was last sent 15 seconds into the conversation and was sent a total of 6 times (i.e., it was retransmitted every 2 seconds on the average). It was acked once, 140ms after it first arrived. stime.awk atime.awk Output one line per send or ack, respectively, in the form