tcpdump-3.6.1/./ 40755 263 461 0 7227142040 11727 5ustar mcrtcpdumptcpdump-3.6.1/./CVS/ 40755 263 461 0 7227142041 12363 5ustar mcrtcpdumptcpdump-3.6.1/./CVS/Root100644 263 461 61 7227141770 13273 0ustar mcrtcpdump:pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master tcpdump-3.6.1/./CVS/Repository100644 263 461 10 7227141770 14521 0ustar mcrtcpdumptcpdump tcpdump-3.6.1/./CVS/Entries100644 263 461 22166 7227142041 14043 0ustar mcrtcpdump/.cvsignore/1.3/Sat Jan 15 00:43:16 2000//Ttcpdump_3_6rel1 /CHANGES/1.79/Wed Jan 10 20:13:58 2001//Ttcpdump_3_6rel1 /CREDITS/1.18/Wed Jan 10 05:16:06 2001//Ttcpdump_3_6rel1 /FILES/1.24/Thu Dec 21 10:43:19 2000//Ttcpdump_3_6rel1 /INSTALL/1.47/Sat Dec 16 09:07:45 2000//Ttcpdump_3_6rel1 /LICENSE/1.1/Mon Oct 9 22:38:24 2000//Ttcpdump_3_6rel1 /Makefile-devel-adds/1.1/Sat Jan 15 00:43:17 2000//Ttcpdump_3_6rel1 /Makefile.in/1.244/Thu Dec 21 10:43:20 2000//Ttcpdump_3_6rel1 /PLATFORMS/1.1/Fri Dec 8 06:59:11 2000//Ttcpdump_3_6rel1 /README/1.58/Fri Dec 8 06:59:11 2000//Ttcpdump_3_6rel1 /TODO/1.4/Wed Jan 3 19:37:18 2001//Ttcpdump_3_6rel1 /VERSION/1.4/Fri Dec 8 07:35:00 2000//Ttcpdump_3_6rel1 /acconfig.h/1.14/Tue Oct 24 00:56:48 2000//Ttcpdump_3_6rel1 /aclocal.m4/1.73/Tue Jan 2 22:18:27 2001//Ttcpdump_3_6rel1 /addrtoname.c/1.69/Sat Oct 7 05:33:25 2000//Ttcpdump_3_6rel1 /addrtoname.h/1.16/Sat Oct 30 05:11:07 1999//Ttcpdump_3_6rel1 /ah.h/1.1/Fri Oct 6 11:32:18 2000//Ttcpdump_3_6rel1 /appletalk.h/1.13/Tue Oct 3 02:54:54 2000//Ttcpdump_3_6rel1 /atime.awk/1.1.1.1/Thu Oct 7 23:47:09 1999//Ttcpdump_3_6rel1 /bootp.h/1.10/Sun Dec 3 23:42:23 2000//Ttcpdump_3_6rel1 /bpf_dump.c/1.13/Sat Dec 9 02:58:45 2000//Ttcpdump_3_6rel1 /chdlc.h/1.1/Mon Sep 18 05:11:43 2000//Ttcpdump_3_6rel1 /config.guess/1.3/Sun Dec 17 15:16:52 2000//Ttcpdump_3_6rel1 /config.h.in/1.26/Tue Jan 2 22:47:04 2001//Ttcpdump_3_6rel1 /config.sub/1.3/Sun Dec 17 15:16:52 2000//Ttcpdump_3_6rel1 /configure/1.54/Tue Jan 9 07:26:09 2001//Ttcpdump_3_6rel1 /configure.in/1.132/Tue Jan 9 07:21:53 2001//Ttcpdump_3_6rel1 /decnet.h/1.7/Tue Oct 3 02:54:55 2000//Ttcpdump_3_6rel1 /dhcp6.h/1.4/Sun Dec 17 23:07:48 2000//Ttcpdump_3_6rel1 /dhcp6opt.h/1.3/Sun Dec 17 23:07:49 2000//Ttcpdump_3_6rel1 /esp.h/1.1/Fri Oct 6 11:32:18 2000//Ttcpdump_3_6rel1 /ether.h/1.6/Mon Oct 9 03:24:24 2000//Ttcpdump_3_6rel1 /ethertype.h/1.12/Sat Sep 23 08:03:30 2000//Ttcpdump_3_6rel1 /extract.h/1.16/Tue Oct 3 02:54:55 2000//Ttcpdump_3_6rel1 /fddi.h/1.9/Mon Oct 9 02:59:39 2000//Ttcpdump_3_6rel1 /gmt2local.c/1.4/Tue Jul 11 00:49:02 2000//Ttcpdump_3_6rel1 /gmt2local.h/1.2.1.1/Thu Oct 7 23:47:10 1999//Ttcpdump_3_6rel1 /icmp6.h/1.4/Sun Dec 17 23:13:32 2000//Ttcpdump_3_6rel1 /igrp.h/1.4/Sun Dec 17 23:07:49 2000//Ttcpdump_3_6rel1 /install-sh/1.1.1.1/Thu Oct 7 23:47:10 1999//Ttcpdump_3_6rel1 /interface.h/1.149/Tue Jan 2 22:47:06 2001//Ttcpdump_3_6rel1 /ip.h/1.7/Tue Oct 3 09:17:40 2000//Ttcpdump_3_6rel1 /ip6.h/1.3/Sun Dec 17 23:07:48 2000//Ttcpdump_3_6rel1 /ipsec_doi.h/1.4/Wed Oct 4 03:00:29 2000//Ttcpdump_3_6rel1 /ipx.h/1.2/Tue Oct 3 02:54:56 2000//Ttcpdump_3_6rel1 /isakmp.h/1.7/Tue Oct 3 05:16:38 2000//Ttcpdump_3_6rel1 /l2tp.h/1.4/Sun Dec 17 23:07:49 2000//Ttcpdump_3_6rel1 /lane.h/1.3/Tue Oct 3 02:54:56 2000//Ttcpdump_3_6rel1 /llc.h/1.8/Mon Dec 18 07:55:36 2000//Ttcpdump_3_6rel1 /machdep.c/1.6/Mon Jan 17 06:24:23 2000//Ttcpdump_3_6rel1 /machdep.h/1.2/Mon Jan 17 06:24:24 2000//Ttcpdump_3_6rel1 /makemib/1.2/Sun Nov 21 17:24:15 1999//Ttcpdump_3_6rel1 /mib.h/1.2/Sun Oct 17 21:37:11 1999//Ttcpdump_3_6rel1 /mkdep/1.1.1.1/Thu Oct 7 23:47:10 1999//Ttcpdump_3_6rel1 /nameser.h/1.5/Thu Dec 28 20:30:41 2000//Ttcpdump_3_6rel1 /netbios.h/1.1.1.1/Thu Oct 7 23:47:10 1999//Ttcpdump_3_6rel1 /nfs.h/1.4/Sat Jul 29 08:05:04 2000//Ttcpdump_3_6rel1 /nfsfh.h/1.9/Thu Jun 1 01:16:36 2000//Ttcpdump_3_6rel1 /ntp.h/1.4/Tue Oct 3 02:54:57 2000//Ttcpdump_3_6rel1 /oakley.h/1.1/Sat Oct 30 05:11:10 1999//Ttcpdump_3_6rel1 /ospf.h/1.3/Sun Dec 17 23:07:50 2000//Ttcpdump_3_6rel1 /ospf6.h/1.3/Sun Dec 17 23:07:50 2000//Ttcpdump_3_6rel1 /packetdat.awk/1.1.1.1/Thu Oct 7 23:47:11 1999//Ttcpdump_3_6rel1 /parsenfsfh.c/1.18/Sat Jul 1 03:39:00 2000//Ttcpdump_3_6rel1 /ppp.h/1.11/Mon Oct 9 01:53:19 2000//Ttcpdump_3_6rel1 /print-ah.c/1.14/Tue Dec 12 09:58:40 2000//Ttcpdump_3_6rel1 /print-arp.c/1.49/Tue Oct 10 05:05:07 2000//Ttcpdump_3_6rel1 /print-ascii.c/1.6/Sat Jan 29 16:47:46 2000//Ttcpdump_3_6rel1 /print-atalk.c/1.64/Mon Oct 30 06:22:14 2000//Ttcpdump_3_6rel1 /print-atm.c/1.20/Fri Dec 22 22:45:09 2000//Ttcpdump_3_6rel1 /print-bgp.c/1.21/Tue Dec 5 05:48:35 2000//Ttcpdump_3_6rel1 /print-bootp.c/1.56/Mon Dec 4 00:00:08 2000//Ttcpdump_3_6rel1 /print-bxxp.c/1.3/Thu Oct 5 04:10:01 2000//Ttcpdump_3_6rel1 /print-cdp.c/1.4/Sat Jul 29 07:27:54 2000//Ttcpdump_3_6rel1 /print-chdlc.c/1.11/Mon Oct 9 01:53:19 2000//Ttcpdump_3_6rel1 /print-cip.c/1.11/Fri Dec 22 22:45:10 2000//Ttcpdump_3_6rel1 /print-cnfp.c/1.6/Sat Sep 23 08:26:32 2000//Ttcpdump_3_6rel1 /print-decnet.c/1.30/Thu Sep 28 06:42:57 2000//Ttcpdump_3_6rel1 /print-dhcp6.c/1.12/Tue Oct 24 00:56:50 2000//Ttcpdump_3_6rel1 /print-domain.c/1.64/Tue Jan 2 23:24:51 2001//Ttcpdump_3_6rel1 /print-dvmrp.c/1.20/Fri Sep 29 04:58:36 2000//Ttcpdump_3_6rel1 /print-egp.c/1.26/Fri Sep 29 04:58:36 2000//Ttcpdump_3_6rel1 /print-esp.c/1.17/Tue Dec 12 09:58:41 2000//Ttcpdump_3_6rel1 /print-ether.c/1.61/Fri Dec 22 22:45:10 2000//Ttcpdump_3_6rel1 /print-fddi.c/1.50/Sat Dec 23 20:48:13 2000//Ttcpdump_3_6rel1 /print-frag6.c/1.12/Sat Oct 7 05:53:10 2000//Ttcpdump_3_6rel1 /print-gre.c/1.9/Mon Dec 18 05:41:59 2000//Ttcpdump_3_6rel1 /print-icmp.c/1.57/Tue Oct 10 05:03:32 2000//Ttcpdump_3_6rel1 /print-icmp6.c/1.42/Wed Dec 13 07:57:05 2000//Ttcpdump_3_6rel1 /print-igmp.c/1.3/Tue Jan 9 08:01:18 2001//Ttcpdump_3_6rel1 /print-igrp.c/1.15/Fri Sep 29 04:58:40 2000//Ttcpdump_3_6rel1 /print-ip.c/1.92/Tue Jan 2 23:00:01 2001//Ttcpdump_3_6rel1 /print-ip6.c/1.16/Fri Nov 17 19:08:15 2000//Ttcpdump_3_6rel1 /print-ip6opts.c/1.8/Wed Dec 13 07:57:05 2000//Ttcpdump_3_6rel1 /print-ipcomp.c/1.13/Tue Dec 12 09:58:41 2000//Ttcpdump_3_6rel1 /print-ipx.c/1.27/Fri Sep 29 04:58:41 2000//Ttcpdump_3_6rel1 /print-isakmp.c/1.26/Tue Dec 12 09:20:26 2000//Ttcpdump_3_6rel1 /print-isoclns.c/1.22/Wed Oct 11 04:04:33 2000//Ttcpdump_3_6rel1 /print-krb.c/1.15/Fri Sep 29 04:58:42 2000//Ttcpdump_3_6rel1 /print-l2tp.c/1.8/Fri Aug 18 07:44:46 2000//Ttcpdump_3_6rel1 /print-lane.c/1.11/Fri Dec 22 22:45:11 2000//Ttcpdump_3_6rel1 /print-lcp.c/1.9/Fri Oct 6 04:23:12 2000//Ttcpdump_3_6rel1 /print-llc.c/1.32/Mon Dec 18 07:55:36 2000//Ttcpdump_3_6rel1 /print-mobile.c/1.5/Fri Sep 29 04:58:43 2000//Ttcpdump_3_6rel1 /print-netbios.c/1.17/Fri Sep 29 04:58:43 2000//Ttcpdump_3_6rel1 /print-nfs.c/1.87/Sat Oct 7 05:53:12 2000//Ttcpdump_3_6rel1 /print-ntp.c/1.31/Fri Oct 6 04:23:13 2000//Ttcpdump_3_6rel1 /print-null.c/1.40/Sat Dec 16 22:00:50 2000//Ttcpdump_3_6rel1 /print-ospf.c/1.29/Fri Sep 29 04:58:45 2000//Ttcpdump_3_6rel1 /print-ospf6.c/1.6/Fri Sep 29 04:58:45 2000//Ttcpdump_3_6rel1 /print-pim.c/1.23/Tue Oct 3 02:55:00 2000//Ttcpdump_3_6rel1 /print-ppp.c/1.58/Wed Dec 27 11:09:08 2000//Ttcpdump_3_6rel1 /print-pppoe.c/1.12/Mon Oct 9 02:59:40 2000//Ttcpdump_3_6rel1 /print-radius.c/1.5/Mon Dec 18 08:16:58 2000//Ttcpdump_3_6rel1 /print-raw.c/1.33/Fri Oct 6 04:23:13 2000//Ttcpdump_3_6rel1 /print-rip.c/1.47/Tue Oct 3 04:19:07 2000//Ttcpdump_3_6rel1 /print-ripng.c/1.7/Sat Oct 7 05:46:21 2000//Ttcpdump_3_6rel1 /print-rt6.c/1.17/Wed Dec 13 07:57:05 2000//Ttcpdump_3_6rel1 /print-rx.c/1.20/Wed Jan 10 08:12:01 2001//Ttcpdump_3_6rel1 /print-sl.c/1.56/Tue Oct 10 05:06:10 2000//Ttcpdump_3_6rel1 /print-sll.c/1.3/Sat Dec 23 20:49:34 2000//Ttcpdump_3_6rel1 /print-smb.c/1.7/Tue Dec 5 06:42:47 2000//Ttcpdump_3_6rel1 /print-snmp.c/1.44/Fri Nov 10 17:34:10 2000//Ttcpdump_3_6rel1 /print-stp.c/1.6/Fri Sep 29 04:58:50 2000//Ttcpdump_3_6rel1 /print-sunrpc.c/1.39/Sat Oct 7 05:53:13 2000//Ttcpdump_3_6rel1 /print-tcp.c/1.81/Sat Dec 23 20:55:22 2000//Ttcpdump_3_6rel1 /print-telnet.c/1.12/Fri Sep 29 04:58:51 2000//Ttcpdump_3_6rel1 /print-tftp.c/1.31/Sun Nov 21 09:37:03 1999//Ttcpdump_3_6rel1 /print-timed.c/1.1/Fri Oct 6 05:35:37 2000//Ttcpdump_3_6rel1 /print-token.c/1.11/Sat Dec 23 20:48:13 2000//Ttcpdump_3_6rel1 /print-udp.c/1.90/Sat Dec 23 20:55:22 2000//Ttcpdump_3_6rel1 /print-vjc.c/1.9/Mon Oct 9 01:53:21 2000//Ttcpdump_3_6rel1 /print-vrrp.c/1.3/Tue Oct 10 05:05:08 2000//Ttcpdump_3_6rel1 /print-wb.c/1.25/Sun Nov 21 09:37:03 1999//Ttcpdump_3_6rel1 /route6d.h/1.2/Fri Apr 28 11:14:49 2000//Ttcpdump_3_6rel1 /rx.h/1.3/Tue Oct 3 02:55:02 2000//Ttcpdump_3_6rel1 /savestr.c/1.6/Tue Jul 11 00:49:02 2000//Ttcpdump_3_6rel1 /savestr.h/1.1.1.1/Thu Oct 7 23:47:12 1999//Ttcpdump_3_6rel1 /send-ack.awk/1.1.1.1/Thu Oct 7 23:47:12 1999//Ttcpdump_3_6rel1 /setsignal.c/1.7/Tue Jul 11 00:49:03 2000//Ttcpdump_3_6rel1 /setsignal.h/1.2.1.1/Thu Oct 7 23:47:13 1999//Ttcpdump_3_6rel1 /slcompress.h/1.2/Mon Oct 9 02:03:44 2000//Ttcpdump_3_6rel1 /slip.h/1.1/Mon Oct 9 01:53:21 2000//Ttcpdump_3_6rel1 /sll.h/1.4/Sat Dec 23 07:52:11 2000//Ttcpdump_3_6rel1 /smb.h/1.3/Sun Dec 17 23:07:50 2000//Ttcpdump_3_6rel1 /smbutil.c/1.12/Mon Dec 4 00:35:45 2000//Ttcpdump_3_6rel1 /stime.awk/1.1.1.1/Thu Oct 7 23:47:13 1999//Ttcpdump_3_6rel1 /strcasecmp.c/1.3/Sun Jan 9 21:34:21 2000//Ttcpdump_3_6rel1 /tcp.h/1.7/Tue Oct 3 09:17:41 2000//Ttcpdump_3_6rel1 /tcpdump.1/1.92/Wed Jan 3 17:35:34 2001//Ttcpdump_3_6rel1 /tcpdump.c/1.158/Thu Dec 21 10:43:24 2000//Ttcpdump_3_6rel1 /timed.h/1.3/Sun Dec 17 23:07:51 2000//Ttcpdump_3_6rel1 /token.h/1.3/Tue Oct 3 02:55:03 2000//Ttcpdump_3_6rel1 /udp.h/1.2/Tue Oct 3 02:55:03 2000//Ttcpdump_3_6rel1 /util.c/1.69/Tue Jul 11 00:49:03 2000//Ttcpdump_3_6rel1 /vfprintf.c/1.4/Sat Jul 1 03:39:12 2000//Ttcpdump_3_6rel1 D/lbl//// D/missing//// tcpdump-3.6.1/./CVS/Tag100644 263 461 21 7227142031 13046 0ustar mcrtcpdumpNtcpdump_3_6rel1 tcpdump-3.6.1/./lbl/ 40755 263 461 0 7227142033 12502 5ustar mcrtcpdumptcpdump-3.6.1/./lbl/CVS/ 40755 263 461 0 7227142033 13135 5ustar mcrtcpdumptcpdump-3.6.1/./lbl/CVS/Root100644 263 461 61 7227142032 14034 0ustar mcrtcpdump:pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master tcpdump-3.6.1/./lbl/CVS/Repository100644 263 461 14 7227142032 15266 0ustar mcrtcpdumptcpdump/lbl tcpdump-3.6.1/./lbl/CVS/Entries100644 263 461 304 7227142033 14543 0ustar mcrtcpdump/os-solaris2.h/1.19/Wed Oct 11 04:02:15 2000//Ttcpdump_3_6rel1 /os-sunos4.h/1.32.1.1/Thu Oct 7 23:47:13 1999//Ttcpdump_3_6rel1 /os-ultrix4.h/1.19.1.1/Thu Oct 7 23:47:13 1999//Ttcpdump_3_6rel1 D tcpdump-3.6.1/./lbl/CVS/Tag100644 263 461 21 7227142033 13621 0ustar mcrtcpdumpNtcpdump_3_6rel1 tcpdump-3.6.1/./lbl/os-solaris2.h100644 263 461 2765 7170763107 15147 0ustar mcrtcpdump/* * Copyright (c) 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: /tcpdump/master/tcpdump/lbl/os-solaris2.h,v 1.19 2000/10/11 04:02:15 guy Exp $ (LBL) */ /* Prototypes missing in SunOS 5 */ #if defined(_STDIO_H) && defined(HAVE_SETLINEBUF) int setlinebuf(FILE *); #endif char *strerror(int); int snprintf(char *, size_t, const char *, ...); int strcasecmp(const char *, const char *); tcpdump-3.6.1/./lbl/os-sunos4.h100644 263 461 14175 6777230401 14660 0ustar mcrtcpdump/* * Copyright (c) 1989, 1990, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: /tcpdump/master/tcpdump/lbl/os-sunos4.h,v 1.32.1.1 1999/10/07 23:47:13 mcr Exp $ (LBL) */ /* Prototypes missing in SunOS 4 */ #ifdef FILE int _filbuf(FILE *); int _flsbuf(u_char, FILE *); int fclose(FILE *); int fflush(FILE *); int fgetc(FILE *); int fprintf(FILE *, const char *, ...); int fputc(int, FILE *); int fputs(const char *, FILE *); u_int fread(void *, u_int, u_int, FILE *); int fseek(FILE *, long, int); u_int fwrite(const void *, u_int, u_int, FILE *); int pclose(FILE *); void rewind(FILE *); void setbuf(FILE *, char *); int setlinebuf(FILE *); int ungetc(int, FILE *); int vfprintf(FILE *, const char *, ...); int vprintf(const char *, ...); #endif #if __GNUC__ <= 1 int read(int, char *, u_int); int write(int, char *, u_int); #endif long a64l(const char *); #ifdef __STDC__ struct sockaddr; #endif int accept(int, struct sockaddr *, int *); int bind(int, struct sockaddr *, int); int bcmp(const void *, const void *, u_int); void bcopy(const void *, void *, u_int); void bzero(void *, int); int chroot(const char *); int close(int); void closelog(void); int connect(int, struct sockaddr *, int); char *crypt(const char *, const char *); int daemon(int, int); int fchmod(int, int); int fchown(int, int, int); void endgrent(void); void endpwent(void); void endservent(void); #ifdef __STDC__ struct ether_addr; #endif struct ether_addr *ether_aton(const char *); int flock(int, int); #ifdef __STDC__ struct stat; #endif int fstat(int, struct stat *); #ifdef __STDC__ struct statfs; #endif int fstatfs(int, struct statfs *); int fsync(int); #ifdef __STDC__ struct timeb; #endif int ftime(struct timeb *); int ftruncate(int, off_t); int getdtablesize(void); long gethostid(void); int gethostname(char *, int); int getopt(int, char * const *, const char *); int getpagesize(void); char *getpass(char *); int getpeername(int, struct sockaddr *, int *); int getpriority(int, int); #ifdef __STDC__ struct rlimit; #endif int getrlimit(int, struct rlimit *); int getsockname(int, struct sockaddr *, int *); int getsockopt(int, int, int, char *, int *); #ifdef __STDC__ struct timeval; struct timezone; #endif int gettimeofday(struct timeval *, struct timezone *); char *getusershell(void); char *getwd(char *); int initgroups(const char *, int); int ioctl(int, int, caddr_t); int iruserok(u_long, int, char *, char *); int isatty(int); int killpg(int, int); int listen(int, int); #ifdef __STDC__ struct utmp; #endif void login(struct utmp *); int logout(const char *); off_t lseek(int, off_t, int); int lstat(const char *, struct stat *); int mkstemp(char *); char *mktemp(char *); int munmap(caddr_t, int); void openlog(const char *, int, int); void perror(const char *); int printf(const char *, ...); int puts(const char *); long random(void); int readlink(const char *, char *, int); #ifdef __STDC__ struct iovec; #endif int readv(int, struct iovec *, int); int recv(int, char *, u_int, int); int recvfrom(int, char *, u_int, int, struct sockaddr *, int *); int rename(const char *, const char *); int rcmd(char **, u_short, char *, char *, char *, int *); int rresvport(int *); int send(int, char *, u_int, int); int sendto(int, char *, u_int, int, struct sockaddr *, int); int setenv(const char *, const char *, int); int seteuid(int); int setpriority(int, int, int); int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); int setpgrp(int, int); void setpwent(void); int setrlimit(int, struct rlimit *); void setservent(int); int setsockopt(int, int, int, char *, int); int shutdown(int, int); int sigblock(int); void (*signal (int, void (*) (int))) (int); int sigpause(int); int sigsetmask(int); #ifdef __STDC__ struct sigvec; #endif int sigvec(int, struct sigvec *, struct sigvec*); int snprintf(char *, size_t, const char *, ...); int socket(int, int, int); int socketpair(int, int, int, int *); int symlink(const char *, const char *); void srandom(int); int sscanf(char *, const char *, ...); int stat(const char *, struct stat *); int statfs(char *, struct statfs *); char *strerror(int); int strcasecmp(const char *, const char *); #ifdef __STDC__ struct tm; #endif int strftime(char *, int, char *, struct tm *); int strncasecmp(const char *, const char *, int); long strtol(const char *, char **, int); void sync(void); void syslog(int, const char *, ...); int system(const char *); long tell(int); time_t time(time_t *); char *timezone(int, int); int tolower(int); int toupper(int); int truncate(char *, off_t); void unsetenv(const char *); int vfork(void); int vsprintf(char *, const char *, ...); int writev(int, struct iovec *, int); #ifdef __STDC__ struct rusage; #endif int utimes(const char *, struct timeval *); #if __GNUC__ <= 1 int wait(int *); pid_t wait3(int *, int, struct rusage *); #endif /* Ugly signal hacking */ #ifdef SIG_ERR #undef SIG_ERR #define SIG_ERR (void (*)(int))-1 #undef SIG_DFL #define SIG_DFL (void (*)(int))0 #undef SIG_IGN #define SIG_IGN (void (*)(int))1 #ifdef KERNEL #undef SIG_CATCH #define SIG_CATCH (void (*)(int))2 #endif #undef SIG_HOLD #define SIG_HOLD (void (*)(int))3 #endif tcpdump-3.6.1/./lbl/os-ultrix4.h100644 263 461 3357 6777230401 15020 0ustar mcrtcpdump/* * Copyright (c) 1990, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: /tcpdump/master/tcpdump/lbl/os-ultrix4.h,v 1.19.1.1 1999/10/07 23:47:13 mcr Exp $ (LBL) */ /* Prototypes missing in Ultrix 4 */ int bcmp(const char *, const char *, u_int); void bcopy(const void *, void *, u_int); void bzero(void *, u_int); void endservent(void); int getopt(int, char * const *, const char *); #ifdef __STDC__ struct timeval; struct timezone; #endif int gettimeofday(struct timeval *, struct timezone *); int ioctl(int, int, caddr_t); int pfopen(char *, int); int setlinebuf(FILE *); int socket(int, int, int); int strcasecmp(const char *, const char *); tcpdump-3.6.1/./.cvsignore100644 263 461 166 7037741244 14021 0ustar mcrtcpdumpversion.c Makefile Makefile-devel.in config.status config.log config.cache config.h .devel stamp-h stamp-h.in tcpdump tcpdump-3.6.1/./CHANGES100644 263 461 50127 7227141206 13047 0ustar mcrtcpdump$Header: /tcpdump/master/tcpdump/CHANGES,v 1.79 2001/01/10 20:13:58 mcr Exp $ Tuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release Cleaned up documentation. Promisc mode fixes for Linux IPsec changes/cleanups. Alignment fixes for picky architectures Removed dependency on native headers for packet dissectors. Removed Linux specific headers that were shipped libpcap changes provide for exchanging capture files between systems. Save files now have well known PACKET_ values instead of depending upon system dependant mappings of DLT_* types. Support for computing/checking IP and UDP/TCP checksums. Updated autoconf stock files. IPv6 improvements: dhcp (draft-15), mobile-ip6, ppp, ospf6, Added dissector support for: ISOCLNS, Token Ring, IGMPv3, bxxp, timed, vrrp, radius, chdlc, cnfp, cdp, IEEE802.1d, raw-AppleTalk Added filtering support for: VLANs, ESIS, ISIS Improvements to: print-telnet, IPTalk, bootp/dhcp, ECN, PPP, L2TP, PPPoE HP-UX 11.0 -- find the right dlpi device. Solaris 8 - IPv6 works Linux - Added support for an "any" device to capture on all interfaces Security fixes: buffer overrun audit done. Strcpy replaced with strlcpy, sprintf replaced with snprintf. Look for lex problems, and warn about them. v3.5 Fri Jan 28 18:00:00 PST 2000 Bill Fenner - switch to config.h for autoconf - unify RCSID strings - Updated PIMv1, PIMv2, DVMRP, IGMP parsers, add Cisco Auto-RP parser - Really fix the RIP printer - Fix MAC address -> name translation. - some -Wall -Wformat fixes - update makemib to parse much of SMIv2 - Print TCP sequence # with -vv even if you normally wouldn't - Print as much of IP/TCP/UDP headers as possible even if truncated. itojun@iijlab.net - -X will make a ascii dump. from netbsd. - telnet command sequence decoder (ff xx xx). from netbsd. - print-bgp.c: improve options printing. ugly code exists for unaligned option parsing (need some fix). - const poisoning in SMB decoder. - -Wall -Werror clean checks. - bring in KAME IPv6/IPsec decoding code. Assar Westerlund - SNMPv2 and SNMPv3 printer - If compiled with libsmi, tcpdump can load MIBs on the fly to decode SNMP packets. - Incorporate NFS parsing code from NetBSD. Adds support for nfsv3. - portability fixes - permit building in different directories. Ken Hornstein - bring in code at /afs/transarc.com/public/afs-contrib/tools/tcpdump for parsing AFS3 packets Andrew Tridgell - SMB printing code Love - print-rx.c: add code for printing MakeDir and StoreStatus. Also change date format to the right one. Michael C. Richardson - Created tcpdump.org repository v3.4 Sat Jul 25 12:40:55 PDT 1998 - Hardwire Linux slip support since it's too hard to detect. - Redo configuration of "network" libraries (-lsocket and -lnsl) to deal with IRIX. Thanks to John Hawkinson (jhawk@mit.edu) - Added -a which tries to translate network and broadcast addresses to names. Suggested by Rob van Nieuwkerk (robn@verdi.et.tudelft.nl) - Added a configure option to disable gcc. - Added a "raw" packet printer. - Not having an interface address is no longer fatal. Requested by John Hawkinson. - Rework signal setup to accommodate Linux. - OSPF truncation check fix. Also display the type of OSPF packets using MD5 authentication. Thanks to Brian Wellington (bwelling@tis.com) - Fix truncation check bugs in the Kerberos printer. Reported by Ezra Peisach (epeisach@mit.edu) - Don't catch SIGHUP when invoked with nohup(1). Thanks to Dave Plonka (plonka@mfa.com) - Specify full install target as a way of detecting if install directory does not exist. Thanks to Dave Plonka. - Bit-swap FDDI addresses for BSD/OS too. Thanks to Paul Vixie (paul@vix.com) - Fix off-by-one bug when testing size of ethernet packets. Thanks to Marty Leisner (leisner@sdsp.mc.xerox.com) - Add a local autoconf macro to check for routines in libraries; the autoconf version is broken (it only puts the library name in the cache variable name). Thanks to John Hawkinson. - Add a local autoconf macro to check for types; the autoconf version is broken (it uses grep instead of actually compiling a code fragment). - Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header formats. - Extend OSF ip header workaround to versions 1 and 2. - Fix some signed problems in the nfs printer. As reported by David Sacerdote (davids@silence.secnet.com) - Detect group wheel and use it as the default since BSD/OS' install can't hack numeric groups. Reported by David Sacerdote. - AIX needs special loader options. Thanks to Jonathan I. Kamens (jik@cam.ov.com) - Fixed the nfs printer to print port numbers in decimal. Thanks to Kent Vander Velden (graphix@iastate.edu) - Find installed libpcap in /usr/local/lib when not using gcc. - Disallow network masks with non-network bits set. - Attempt to detect "egcs" versions of gcc. - Add missing closing double quotes when displaying bootp strings. Reported by Viet-Trung Luu (vluu@picard.math.uwaterloo.ca) v3.3 Sat Nov 30 20:56:27 PST 1996 - Added Linux support. - GRE encapsulated packet printer thanks to John Hawkinson (jhawk@mit.edu) - Rewrite gmt2local() to avoid problematic os dependencies. - Suppress nfs truncation message on errors. - Add missing m4 quoting in AC_LBL_UNALIGNED_ACCESS autoconf macro. Reported by Joachim Ott (ott@ardala.han.de) - Enable "ip_hl vs. ip_vhl" workaround for OSF4 too. - Print arp hardware type in host order. Thanks to Onno van der Linden (onno@simplex.nl) - Avoid solaris compiler warnings. Thanks to Bruce Barnett (barnett@grymoire.crd.ge.com) - Fix rip printer to not print one more route than is actually in the packet. Thanks to Jean-Luc Richier (Jean-Luc.Richier@imag.fr) and Bill Fenner (fenner@parc.xerox.com) - Use autoconf endian detection since BYTE_ORDER isn't defined on all systems. - Fix dvmrp printer truncation checks and add a dvmrp probe printer. Thanks to Danny J. Mitzel (mitzel@ipsilon.com) - Rewrite ospf printer to improve truncation checks. - Don't parse tcp options past the EOL. As noted by David Sacerdote (davids@secnet.com). Also, check tcp options to make sure they ar actually in the tcp header (in addition to the normal truncation checks). Fix the SACK code to print the N blocks (instead of the first block N times). - Don't say really small UDP packets are truncated just because they aren't big enough to be a RPC. As noted by David Sacerdote. v3.2.1 Sun Jul 14 03:02:26 PDT 1996 - Added rfc1716 icmp codes as suggested by Martin Fredriksson (martin@msp.se) - Print mtu for icmp unreach need frag packets. Thanks to John Hawkinson (jhawk@mit.edu) - Decode icmp router discovery messages. Thanks to Jeffrey Honig (jch@bsdi.com) - Added a printer entry for DLT_IEEE802 as suggested by Tak Kushida (kushida@trl.ibm.co.jp) - Check igmp checksum if possible. Thanks to John Hawkinson. - Made changes for SINIX. Thanks to Andrej Borsenkow (borsenkow.msk@sni.de) - Use autoconf's idea of the top level directory in install targets. Thanks to John Hawkinson. - Avoid infinite loop in tcp options printing code. Thanks to Jeffrey Mogul (mogul@pa.dec.com) - Avoid using -lsocket in IRIX 5.2 and earlier since it breaks snoop. Thanks to John Hawkinson. - Added some more packet truncation checks. - On systems that have it, use sigset() instead of signal() since signal() has different semantics on these systems. - Fixed some more alignment problems on the alpha. - Add code to massage unprintable characters in the domain and ipx printers. Thanks to John Hawkinson. - Added explicit netmask support. Thanks to Steve Nuchia (steve@research.oknet.com) - Add "sca" keyword (for DEC cluster services) as suggested by Terry Kennedy (terry@spcvxa.spc.edu) - Add "atalk" keyword as suggested by John Hawkinson. - Added an igrp printer. Thanks to Francis Dupont (francis.dupont@inria.fr) - Print IPX net numbers in hex a la Novell Netware. Thanks to Terry Kennedy (terry@spcvxa.spc.edu) - Fixed snmp extended tag field parsing bug. Thanks to Pascal Hennequin (pascal.hennequin@hugo.int-evry.fr) - Added some ETHERTYPEs missing on some systems. - Added truncated packet macros and various checks. - Fixed endian problems with the DECnet printer. - Use $CC when checking gcc version. Thanks to Carl Lindberg (carl_lindberg@blacksmith.com) - Fixes for AIX (although this system is not yet supported). Thanks to John Hawkinson. - Fix bugs in the autoconf misaligned accesses code fragment. - Include sys/param.h to get BYTE_ORDER in a few places. Thanks to Pavlin Ivanov Radoslavov (pavlin@cs.titech.ac.jp) v3.2 Sun Jun 23 02:28:10 PDT 1996 - Print new icmp unreachable codes as suggested by Martin Fredriksson (martin@msp.se). Also print code value when unknown for icmp redirect and time exceeded. - Fix an alignment endian bug in getname(). Thanks to John Hawkinson. - Define "new" domain record types if not found in arpa/nameserv.h. Resulted from a suggestion from John Hawkinson (jhawk@mit.edu). Also fixed an endian bug when printing mx record and added some new record types. - Added RIP V2 support. Thanks to Jeffrey Honig (jch@bsdi.com) - Added T/TCP options printing. As suggested by Richard Stevens (rstevens@noao.edu) - Use autoconf to detect architectures that can't handle misaligned accesses. v3.1 Thu Jun 13 20:59:32 PDT 1996 - Changed u_int32/int32 to u_int32_t/int32_t to be consistent with bsd and bind (as suggested by Charles Hannum). - Port to GNU autoconf. - Add support for printing DVMRP and PIM traffic thanks to Havard Eidnes (Havard.Eidnes@runit.sintef.no). - Fix AppleTalk, IPX and DECnet byte order problems due to wrong endian define being referenced. Reported by Terry Kennedy. - Minor fixes to the man page thanks to Mark Andrews. - Endian fixes to RTP and vat packet dumpers, thanks to Bruce Mah (bmah@cs.berkeley.edu). - Added support for new dns types, thanks to Rainer Orth. - Fixed tftp_print() to print the block number for ACKs. - Document -dd and -ddd. Resulted from a bug report from Charlie Slater (cslater@imatek.com). - Check return status from malloc/calloc/etc. - Check return status from pcap_loop() so we can print an error and exit with a bad status if there were problems. - Bail if ip option length is <= 0. Resulted from a bug report from Darren Reed (darrenr@vitruvius.arbld.unimelb.edu.au). - Print out a little more information for sun rpc packets. - Add suport for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu). - Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were wrong on little endian machines). - Fixed alignment bug in ipx_decode(). Thanks to Matt Crawford (crawdad@fnal.gov). - Fix ntp_print() to not print garbage when the stratum is "unspecified." Thanks to Deus Ex Machina (root@belle.bork.com). - Rewrote tcp options printer code to check for truncation. Added selective acknowledgment case. - Fixed an endian bug in the ospf printer. Thanks to Jeffrey C Honig (jch@bsdi.com) - Fix rip printer to handle 4.4 BSD sockaddr struct which only uses one octet for the sa_family member. Thanks to Yoshitaka Tokugawa (toku@dit.co.jp) - Don't checksum ip header if we don't have all of it. Thanks to John Hawkinson (jhawk@mit.edu). - Print out hostnames if possible in egp printer. Thanks to Jeffrey Honig (jhc@bsdi.com) v3.1a1 Wed May 3 19:21:11 PDT 1995 - Include time.h when SVR4 is defined to avoid problems under Solaris 2.3. - Fix etheraddr_string() in the ETHER_SERVICE to return the saved strings, not the local buffer. Thanks to Stefan Petri (petri@ibr.cs.tu-bs.de). - Detect when pcap raises the snaplen (e.g. with snit). Print a warning that the selected value was not used. Thanks to Pascal Hennequin (Pascal.Hennequin@hugo.int-evry.fr). - Add a truncated packet test to print-nfs.c. Thanks to Pascal Hennequin. - BYTEORDER -> BYTE_ORDER Thanks to Terry Kennedy (terry@spcvxa.spc.edu). v3.0.3 Sun Oct 1 18:35:00 GMT 1995 - Although there never was a 3.0.3 release, the linux boys cleverly "released" one in late 1995. v3.0.2 Thu Apr 20 21:28:16 PDT 1995 - Change configuration to not use gcc v2 flags with gcc v1. - Redo gmt2local() so that it works under BSDI (which seems to return an empty timezone struct from gettimeofday()). Based on report from Terry Kennedy (terry@spcvxa.spc.edu). - Change configure to recognize IP[0-9]* as "mips" SGI hardware. Based on report from Mark Andrews (mandrews@alias.com). - Don't pass cc flags to gcc. Resulted from a bug report from Rainer Orth (ro@techfak.uni-bielefeld.de). - Fixed printout of connection id for uncompressed tcp slip packets. Resulted from a bug report from Richard Stevens (rstevens@noao.edu). - Hack around deficiency in Ultrix's make. - Add ETHERTYPE_TRAIL define which is missing from irix5. v3.0.1 Wed Aug 31 22:42:26 PDT 1994 - Fix problems with gcc2 vs. malloc() and read() prototypes under SunOS 4. v3.0 Mon Jun 20 19:23:27 PDT 1994 - Added support for printing tcp option timestamps thanks to Mark Andrews (mandrews@alias.com). - Reorganize protocol dumpers to take const pointers to packets so they never change the contents (i.e., they used to do endian conversions in place). Previously, whenever more than one pass was taken over the packet, the packet contents would be dumped incorrectly (i.e., the output form -x would be wrong on little endian machines because the protocol dumpers would modify the data). Thanks to Charles Hannum (mycroft@gnu.ai.mit.edu) for reporting this problem. - Added support for decnet protocol dumping thanks to Jeff Mogul (mogul@pa.dec.com). - Fix bug that caused length of packet to be incorrectly printed (off by ether header size) for unknown ethernet types thanks to Greg Miller (gmiller@kayak.mitre.org). - Added support for IPX protocol dumping thanks to Brad Parker (brad@fcr.com). - Added check to verify IP header checksum under -v thanks to Brad Parker (brad@fcr.com). - Move packet capture code to new libpcap library (which is packaged separately). - Prototype everything and assume an ansi compiler. - print-arp.c: Print hardware ethernet addresses if they're not what we expect. - print-bootp.c: Decode the cmu vendor field. Add RFC1497 tags. Many helpful suggestions from Gordon Ross (gwr@jericho.mc.com). - print-fddi.c: Improvements. Thanks to Jeffrey Mogul (mogul@pa.dec.com). - print-icmp.c: Byte swap netmask before printing. Thanks to Richard Stevens (rstevens@noao.edu). Print icmp type when unknown. - print-ip.c: Print the inner ip datagram of ip-in-ip encapsulated packets. By default, only the inner packet is dumped, appended with the token "(encap)". Under -v, both the inner and output packets are dumped (on the same line). Note that the filter applies to the original packet, not the encapsulated packet. So if you run tcpdump on a net with an IP Multicast tunnel, you cannot filter out the datagrams using the conventional syntax. (You can filter away all the ip-in-ip traffic with "not ip proto 4".) - print-nfs.c: Keep pending rpc's in circular table. Add generic nfs header and remove os dependences. Thanks to Jeffrey Mogul. - print-ospf.c: Improvements. Thanks to Jeffrey Mogul. - tcpdump.c: Add -T flag allows interpretation of "vat", "wb", "rpc" (sunrpc) and rtp packets. Added "inbound" and "outbound" keywords Add && and || operators v2.2.1 Tue Jun 6 17:57:22 PDT 1992 - Fix bug with -c flag. v2.2 Fri May 22 17:19:41 PDT 1992 - savefile.c: Remove hack that shouldn't have been exported. Add truncate checks. - Added the 'icmp' keyword. For example, 'icmp[0] != 8 and icmp[0] != 0' matches non-echo/reply ICMP packets. - Many improvements to filter code optimizer. - Added 'multicast' keyword and extended the 'broadcast' keyword can now be so that protocol qualifications are allowed. For example, "ip broadcast" and "ether multicast" are valid filters. - Added support for monitoring the loopback interface (i.e. 'tcpdump -i lo'). Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) contributed the kernel patches to netinet/if_loop.c. - Added support for the Ungermann-Bass Ethernet on IBM/PC-RTs running AOS. Contact Jeffrey Honig (jch@MITCHELL.CIT.CORNELL.EDU) for the diffs. - Added EGP and OSPF printers, thanks to Jeffrey Honig. v2.1 Tue Jan 28 11:00:14 PST 1992 - Internal release (never publically exported). v2.0.1 Sun Jan 26 21:10:10 PDT - Various byte ordering fixes. - Add truncation checks. - inet.c: Support BSD style SIOCGIFCONF. - nametoaddr.c: Handle multi addresses for single host. - optimize.c: Rewritten. - pcap-bpf.c: don't choke when we get ptraced. only set promiscuous for broadcast nets. - print-atal.c: Fix an alignment bug (thanks to stanonik@nprdc.navy.mil) Add missing printf() argument. - print-bootp.c: First attempt at decoding the vendor buffer. - print-domain.c: Fix truncation checks. - print-icmp.c: Calculate length of packets from the ip header. - print-ip.c: Print frag id in decimal (so it's easier to match up with non-frags). Add support for ospf, egp and igmp. - print-nfs.c: Lots of changes. - print-ntp.c: Make some verbose output depend on -v. - print-snmp.c: New version from John LoVerso. - print-tcp.c: Print rfc1072 tcp options. - tcpdump.c: Print "0x" prefix for %x formats. Always print 6 digits (microseconds) worth of precision. Fix uid bugs. - A packet dumper has been added (thanks to Jeff Mogul of DECWRL). With this option, you can create an architecture independent binary trace file in real time, without the overhead of the packet printer. At a later time, the packets can be filtered (again) and printed. - BSD is supported. You must have BPF in your kernel. Since the filtering is now done in the kernel, fewer packets are dropped. In fact, with BPF and the packet dumper option, a measly Sun 3/50 can keep up with a busy network. - Compressed SLIP packets can now be dumped, provided you use our SLIP software and BPF. These packets are dumped as any other IP packet; the compressed headers are dumped with the '-e' option. - Machines with little-endian byte ordering are supported (thanks to Jeff Mogul). - Ultrix 4.0 is supported (also thanks to Jeff Mogul). - IBM RT and Stanford Enetfilter support has been added by Rayan Zachariassen . Tcpdump has been tested under both the vanilla Enetfilter interface, and the extended interface (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter. - TFTP packets are now printed (requests only). - BOOTP packets are now printed. - SNMP packets are now printed. (thanks to John LoVerso of Xylogics). - Sparc architectures, including the Sparcstation-1, are now supported thanks to Steve McCanne and Craig Leres. - SunOS 4 is now supported thanks to Micky Liu of Columbia University (micky@cunixc.cc.columbia.edu). - IP options are now printed. - RIP packets are now printed. - There's a -v flag that prints out more information than the default (e.g., it will enable printing of IP ttl, tos and id) and -q flag that prints out less (e.g., it will disable interpretation of AppleTalk-in-UDP). - The grammar has undergone substantial changes (if you have an earlier version of tcpdump, you should re-read the manual entry). The most useful change is the addition of an expression syntax that lets you filter on arbitrary fields or values in the packet. E.g., "ip[0] > 0x45" would print only packets with IP options, "tcp[13] & 3 != 0" would print only TCP SYN and FIN packets. The most painful change is that concatenation no longer means "and" -- e.g., you have to say "host foo and port bar" instead of "host foo port bar". The up side to this down is that repeated qualifiers can be omitted, making most filter expressions shorter. E.g., you can now say "ip host foo and (bar or baz)" to look at ip traffic between hosts foo and bar or between hosts foo and baz. [The old way of saying this was "ip host foo and (ip host bar or ip host baz)".] v2.0 Sun Jan 13 12:20:40 PST 1991 - Initial public release. @(#) $Header: /tcpdump/master/tcpdump/CHANGES,v 1.79 2001/01/10 20:13:58 mcr Exp $ (LBL) tcpdump-3.6.1/./CREDITS100644 263 461 4102 7226770026 13053 0ustar mcrtcpdumpThis file lists people who have contributed to tcpdump: The current maintainers: Bill Fenner Assar Westerlund Alexey Kuznetsov Jun-ichiro itojun Hagino Guy Harris Torsten Landschoff Michael Richardson Ken Hornstein Additional people who have contributed patches: Alfredo Andres Andrew Tridgell Arkadiusz Miskiewicz Chris G. Demetriou Craig Rodrigues Daniel Hagerty Francisco Matias Cuenca-Acuna Frank Volf Gert Doering Gilbert Ramirez Jr. Gisle Vanem JINMEI Tatuya Jefferson Ogata Jeffrey Hutzelman Juergen Schoenwaelder Ken Hornstein Kevin Steves Larry Lile Lennert Buytenhek Love Hörnquist-Åstrand Marko Kiiskila Michael Shalayeff Michael T. Stolarchuk Monroe Williams Motonori Shindo Olaf Kirch Onno van der Linden Pascal Hennequin Pasvorn Boonmark Pekka Savola Peter Jeremy Rafal Maszkowski Rick Jones Roderick Schertler Sebastian Krahmer Timo Koskiahde Tony Li Wilbert de Graaf Kris Kennaway Ben Smithurst The original LBL crew: Steve McCanne Craig Leres Van Jacobson tcpdump-3.6.1/./FILES100644 263 461 3650 7220357307 12624 0ustar mcrtcpdumpCHANGES CREDITS FILES INSTALL LICENSE Makefile.in README VERSION acconfig.h aclocal.m4 addrtoname.c addrtoname.h ah.h appletalk.h atime.awk bootp.h chdlc.h config.guess config.h.in config.sub configure configure.in decnet.h dhcp6.h dhcp6opt.h esp.h ether.h ethertype.h extract.h fddi.h gmt2local.c gmt2local.h igrp.h install-sh interface.h ip.h ipsec_doi.h ipx.h isakmp.h l2tp.h lane.h lbl/os-solaris2.h lbl/os-sunos4.h lbl/os-ultrix4.h llc.h machdep.c machdep.h makemib mib.h missing/addrinfo.h missing/addrsize.h missing/bittypes.h missing/getaddrinfo.c missing/getnameinfo.c missing/inet_aton.c missing/inet_ntop.c missing/inet_pton.c missing/resolv6.h missing/resolv_ext.h missing/snprintf.c missing/sockstorage.h missing/strlcat.c missing/strlcpy.c mkdep nameser.h netbios.h nfs.h nfsfh.h ntp.h oakley.h ospf.h ospf6.h packetdat.awk parsenfsfh.c ppp.h print-ah.c print-arp.c print-ascii.c print-atalk.c print-atm.c print-bgp.c print-bootp.c print-bxxp.c print-cdp.c print-chdlc.c print-cip.c print-cnfp.c print-decnet.c print-dhcp6.c print-domain.c print-dvmrp.c print-egp.c print-esp.c print-ether.c print-fddi.c print-frag6.c print-gre.c print-icmp.c print-icmp6.c print-igmp.c print-igrp.c print-ip.c print-ip6.c print-ip6opts.c print-ipcomp.c print-ipx.c print-isakmp.c print-isoclns.c print-krb.c print-l2tp.c print-lane.c print-lcp.c print-llc.c print-mobile.c print-netbios.c print-nfs.c print-ntp.c print-null.c print-ospf.c print-ospf6.c print-pim.c print-ppp.c print-pppoe.c print-radius.c print-raw.c print-rip.c print-ripng.c print-rt6.c print-rx.c print-sl.c print-sll.c print-smb.c print-snmp.c print-stp.c print-sunrpc.c print-tcp.c print-telnet.c print-tftp.c print-timed.c print-token.c print-udp.c print-vjc.c print-vrrp.c print-wb.c route6d.h rx.h savestr.c savestr.h send-ack.awk setsignal.c setsignal.h slip.h slcompress.h sll.h smb.h smbutil.c stime.awk strcasecmp.c tcp.h tcpdump.1 tcpdump.c timed.h token.h udp.h util.c vfprintf.c tcpdump-3.6.1/./INSTALL100644 263 461 16620 7216630341 13106 0ustar mcrtcpdump@(#) $Header: /tcpdump/master/tcpdump/INSTALL,v 1.47 2000/12/16 09:07:45 guy Exp $ (LBL) If you have not built libpcap, do so first. See the README file in this directory for the ftp location. You will need an ANSI C compiler to build tcpdump. The configure script will abort if your compiler is not ANSI compliant. If this happens, use the GNU C compiler, available via anonymous ftp: ftp://ftp.gnu.org/pub/gnu/gcc/ After libpcap has been built (either install it with "make install" or make sure both the libpcap and tcpdump source trees are in the same directory), run ./configure (a shell script). "configure" will determine your system attributes and generate an appropriate Makefile from Makefile.in. Now build tcpdump by running "make". If everything builds ok, su and type "make install". This will install tcpdump and the manual entry. By default, tcpdump is installed with group execute permissions. The group used depends on your os. In addition, BPF packet access is controlled by permissions to /dev/bpf0. In any case, DO NOT give untrusted users the capability of running tcpdump. Tcpdump can capture any traffic on your net, including passwords. Note that most systems ship tcpdump, but usually an older version. Remember to remove or rename the installed binary when upgrading. If you use Linux, this version of libpcap is known to compile and run with 2.0.25 and more modern, and 2.2.x kernels. It is guaranteed not to work with 1.X kernels. If your system is not one which we have tested tcpdump on, you may have to modify the configure script and Makefile.in. Please send us patches for any modifications you need to make. Please see "PLATFORMS" for notes about tested platforms. FILES ----- CHANGES - description of differences between releases CREDITS - people that have helped tcpdump along FILES - list of files exported as part of the distribution INSTALL - this file Makefile.in - compilation rules (input to the configure script) README - description of distribution VERSION - version of this release acconfig.h - autoconf input aclocal.m4 - autoconf macros addrtoname.c - address to hostname routines addrtoname.h - address to hostname definitions appletalk.h - AppleTalk definitions atime.awk - TCP ack awk script bootp.h - BOOTP definitions config.guess - autoconf support config.h.in - autoconf input config.sub - autoconf support configure - configure script (run this first) configure.in - configure script source decnet.h - DECnet definitions dhcp6.h - IPv6 DHCP definitions dhcp6opt.h - IPv6 DHCP options ethertype.h - ethernet definitions extract.h - alignment definitions fddi.h - Fiber Distributed Data Interface definitions gmt2local.c - time conversion routines gmt2local.h - time conversion prototypes igrp.h - Interior Gateway Routing Protocol definitions install-sh - BSD style install script interface.h - globals, prototypes and definitions ipsec_doi.h - ISAKMP packet definitions - RFC2407 ipx.h - IPX definitions isakmp.h - ISAKMP packet definitions - RFC2408 l2tp.h - lane.h - lbl/gnuc.h - gcc macros and defines lbl/os-*.h - os dependent defines and prototypes llc.h - LLC definitions machdep.c - machine dependent routines machdep.h - machine dependent definitions makemib - mib to header script mib.h - mib definitions missing/* - replacements for missing library functions mkdep - construct Makefile dependency list nameser.h - DNS definitions netbios.h - NETBIOS definitions nfs.h - Network File System V2 definitions nfsfh.h - Network File System file handle definitions ntp.h - Network Time Protocol definitions oakley.h - ISAKMP packet definitions - RFC2409 ospf.h - Open Shortest Path First definitions ospf6.h - IPv6 Open Shortest Path First definitions packetdat.awk - TCP chunk summary awk script parsenfsfh.c - Network File System file parser routines ppp.h - Point to Point Protocol definitions print-ah.c - IPSEC Authentication Header printer routines print-arp.c - Address Resolution Protocol printer routines print-ascii.c - ASCII packet dump routines print-atalk.c - AppleTalk printer routines print-atm.c - atm printer routines print-bgp.c - Border Gateway Protocol printer routines print-bootp.c - BOOTP and IPv4 DHCP printer routines print-chdlc.c - CHDLC printer routines print-cip.c - Classical-IP over ATM routines print-cnfp.c - Cisco NetFlow printer routines print-decnet.c - DECnet printer routines print-dhcp6.c - IPv6 DHCP printer routines print-domain.c - Domain Name System printer routines print-dvmrp.c - Distance Vector Multicast Routing Protocol printer routines print-egp.c - External Gateway Protocol printer routines print-esp.c - IPSEC Encapsulating Security Payload printer routines print-ether.c - ethernet printer routines print-fddi.c - Fiber Distributed Data Interface printer routines print-frag6.c - IPv6 fragmentation header printer routines print-gre.c - Generic Routing Encapsulation printer routines print-icmp.c - Internet Control Message Protocol printer routines print-icmp6.c - IPv6 Internet Control Message Protocol printer routines print-igrp.c - Interior Gateway Routing Protocol printer routines print-ip.c - ip printer routines print-ip6.c - IPv6 printer routines print-ip6opts.c - IPv6 header option printer routines print-ipcomp.c - IP Payload Compression Protocol printer routines print-ipx.c - IPX printer routines print-isakmp.c - Internet Security Association and Key Management Protocol print-isoclns.c - isoclns printer routines print-krb.c - Kerberos printer routines print-l2tp.c - Layer Two Tunneling Protocol printer routines print-lane.c - print-lcp.c - print-llc.c - llc printer routines print-mobile.c - IPv4 mobility printer routines print-netbios.c - netbios printer routines print-nfs.c - Network File System printer routines print-ntp.c - Network Time Protocol printer routines print-null.c - null printer routines print-ospf.c - Open Shortest Path First printer routines print-ospf6.c - IPv6 Open Shortest Path First printer routines print-pim.c - Protocol Independent Multicast printer routines print-ppp.c - Point to Point Protocol printer routines print-pppoe.c - print-raw.c - raw printer routines print-rip.c - Routing Information Protocol printer routines print-ripng.c - IPv6 Routing Information Protocol printer routines print-rt6.c - IPv6 routing header printer routines print-rx.c - AFS RX printer routines print-sl.c - Compressed Serial Line Internet Protocol printer routines print-smb.c - SMB (samba) printer routines print-snmp.c - Simple Network Management Protocol printer routines print-stp.c - IEEE 802.1d spanning tree protocol printer routines print-sunrpc.c - Sun Remote Procedure Call printer routines print-tcp.c - TCP printer routines print-telnet.c - Telnet option printer routines print-tftp.c - Trivial File Transfer Protocol printer routines print-token.c - Token Ring printer routines print-udp.c - UDP printer routines print-vjc.c - PPP Van Jacovson compression (RFC1144) printer routines print-vrrp.c - Virtual Router Redundancy Protocol print-wb.c - white board printer routines route6d.h - packet definition for IPv6 Routing Information Protocol rx.h - savestr.c - strdup() replacement savestr.h - savestr prototypes send-ack.awk - unidirectional tcp send/ack awk script setsignal.c - os independent signal routines setsignal.h - os independent signal prototypes smb.h - smbutil.c - stime.awk - TCP send awk script strcasecmp.c - missing routine tcpdump.1 - manual entry tcpdump.c - main program util.c - utility routines vfprintf.c - emulation routine tcpdump-3.6.1/./LICENSE100644 263 461 1551 7170444340 13040 0ustar mcrtcpdumpLicense: BSD Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. tcpdump-3.6.1/./Makefile-devel-adds100644 263 461 1133 7037741245 15503 0ustar mcrtcpdump# # Auto-regenerate configure script or Makefile when things change. # From autoconf.info . Works best with GNU Make. # ${srcdir}/configure: configure.in cd ${srcdir} && autoconf # autoheader might not change config.h.in, so touch a stamp file. ${srcdir}/config.h.in: ${srcdir}/stamp-h.in ${srcdir}/stamp-h.in: configure.in acconfig.h cd ${srcdir} && autoheader echo timestamp > ${srcdir}/stamp-h.in config.h: stamp-h stamp-h: ${srcdir}/config.h.in config.status ./config.status Makefile: Makefile.in config.status ./config.status config.status: ${srcdir}/configure ./config.status --recheck tcpdump-3.6.1/./Makefile.in100644 263 461 14533 7220357310 14120 0ustar mcrtcpdump# Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that: (1) source code distributions # retain the above copyright notice and this paragraph in its entirety, (2) # distributions including binary code include the above copyright notice and # this paragraph in its entirety in the documentation or other materials # provided with the distribution, and (3) all advertising materials mentioning # features or use of this software display the following acknowledgement: # ``This product includes software developed by the University of California, # Lawrence Berkeley Laboratory and its contributors.'' Neither the name of # the University nor the names of its contributors may be used to endorse # or promote products derived from this software without specific prior # written permission. # THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # # @(#) $Header: /tcpdump/master/tcpdump/Makefile.in,v 1.244 2000/12/21 10:43:20 guy Exp $ (LBL) # # Various configurable paths (remember to edit Makefile.in, not Makefile) # # Top level hierarchy prefix = @prefix@ exec_prefix = @exec_prefix@ # Pathname of directory to install the binary sbindir = @sbindir@ # Pathname of directory to install the man page mandir = @mandir@ # VPATH srcdir = @srcdir@ VPATH = @srcdir@ # # You shouldn't need to edit anything below here. # CC = @CC@ PROG = tcpdump CCOPT = @V_CCOPT@ INCLS = -I. @V_INCLS@ DEFS = @DEFS@ # Standard CFLAGS CFLAGS = $(CCOPT) $(DEFS) $(INCLS) # Standard LDFLAGS LDFLAGS = @LDFLAGS@ # Standard LIBS LIBS = @LIBS@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_DATA = @INSTALL_DATA@ # Explicitly define compilation rule since SunOS 4's make doesn't like gcc. # Also, gcc does not remove the .o before forking 'as', which can be a # problem if you don't own the file but can write to the directory. .c.o: @rm -f $@ $(CC) $(CFLAGS) -c $(srcdir)/$*.c CSRC = tcpdump.c \ print-arp.c print-atalk.c print-atm.c print-bootp.c \ print-decnet.c print-domain.c print-dvmrp.c print-egp.c \ print-ether.c print-fddi.c print-gre.c print-icmp.c print-igmp.c \ print-igrp.c print-ip.c print-ipx.c print-isoclns.c print-krb.c \ print-llc.c print-nfs.c print-ntp.c print-null.c print-ospf.c \ print-pim.c print-ppp.c print-raw.c print-rip.c print-sl.c \ print-snmp.c print-stp.c print-sunrpc.c print-tcp.c print-tftp.c \ print-udp.c print-wb.c addrtoname.c gmt2local.c machdep.c \ parsenfsfh.c util.c savestr.c setsignal.c \ print-esp.c print-ah.c print-vjc.c print-isakmp.c print-chdlc.c \ print-ipcomp.c print-mobile.c print-l2tp.c print-bgp.c print-rx.c \ print-lane.c print-cip.c print-pppoe.c print-lcp.c \ print-smb.c smbutil.c print-ascii.c print-telnet.c print-cnfp.c \ print-vrrp.c print-cdp.c print-token.c print-bxxp.c print-timed.c \ print-radius.c print-sll.c LOCALSRC = @LOCALSRC@ GENSRC = version.c LIBOBJS = @LIBOBJS@ SRC = $(CSRC) $(GENSRC) $(LOCALSRC) # We would like to say "OBJ = $(SRC:.c=.o)" but Ultrix's make cannot # hack the extra indirection OBJ = $(CSRC:.c=.o) $(GENSRC:.c=.o) $(LOCALSRC:.c=.o) $(LIBOBJS) HDR = addrtoname.h appletalk.h bootp.h decnet.h \ ethertype.h extract.h fddi.h gmt2local.h igrp.h interface.h \ ipx.h llc.h machdep.h mib.h nfsfh.h nfsv2.h ntp.h ospf.h \ savestr.c setsignal.h \ gnuc.h ipsec_doi.h isakmp.h l2tp.h nameser.h \ netbios.h oakley.h ospf6.h ppp.h route6d.h TAGHDR = \ /usr/include/arpa/tftp.h \ /usr/include/net/if_arp.h \ /usr/include/net/slip.h \ /usr/include/netinet/if_ether.h \ /usr/include/netinet/in.h \ /usr/include/netinet/ip_icmp.h \ /usr/include/netinet/tcp.h \ /usr/include/netinet/udp.h \ /usr/include/protocols/routed.h TAGFILES = $(SRC) $(HDR) $(TAGHDR) CLEANFILES = $(PROG) $(OBJ) $(GENSRC) all: $(PROG) $(PROG): $(OBJ) @V_PCAPDEP@ @rm -f $@ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJ) $(LIBS) getnameinfo.o: $(srcdir)/missing/getnameinfo.c $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/getnameinfo.c getaddrinfo.o: $(srcdir)/missing/getaddrinfo.c $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/getaddrinfo.c inet_pton.o: $(srcdir)/missing/inet_pton.c $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/inet_pton.c inet_ntop.o: $(srcdir)/missing/inet_ntop.c $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/inet_ntop.c inet_aton.o: $(srcdir)/missing/inet_aton.c $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/inet_aton.c snprintf.o: $(srcdir)/missing/snprintf.c $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/snprintf.c strlcat.o: $(srcdir)/missing/strlcat.c $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/strlcat.c strlcpy.o: $(srcdir)/missing/strlcpy.c $(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/strlcpy.c version.o: version.c $(CC) $(CFLAGS) -c version.c version.c: $(srcdir)/VERSION @rm -f $@ sed -e 's/.*/char version[] = "&";/' $(srcdir)/VERSION > $@ install: [ -d $(DESTDIR)$(sbindir) ] || \ (mkdir -p $(DESTDIR)$(sbindir); chmod 755 $(DESTDIR)$(sbindir)) $(INSTALL_PROGRAM) $(PROG) $(DESTDIR)$(sbindir)/$(PROG) [ -d $(DESTDIR)$(mandir)/man1 ] || \ (mkdir -p $(DESTDIR)$(mandir)/man1; chmod 755 $(DESTDIR)$(mandir)/man1) $(INSTALL_DATA) $(srcdir)/$(PROG).1 $(DESTDIR)$(mandir)/man1/$(PROG).1 uninstall: rm -f $(DESTDIR)$(sbindir)/$(PROG) rm -f $(DESTDIR)$(mandir)/man1/$(PROG).1 lint: $(GENSRC) lint -hbxn $(SRC) | \ grep -v 'struct/union .* never defined' | \ grep -v 'possible pointer alignment problem' clean: rm -f $(CLEANFILES) distclean: rm -f $(CLEANFILES) Makefile config.cache config.log config.status \ config.h gnuc.h os-proto.h stamp-h stamp-h.in tags: $(TAGFILES) ctags -wtd $(TAGFILES) tar: @cwd=`pwd` ; dir=`basename $$cwd` ; name=$(PROG)-`cat VERSION` ; \ list="" ; tar="tar chf" ; \ for i in `cat FILES` ; do list="$$list $$name/$$i" ; done; \ echo \ "rm -f ../$$name; ln -s $$dir ../$$name" ; \ rm -f ../$$name; ln -s $$dir ../$$name ; \ echo \ "(cd .. ; $$tar - [lots of files]) | compress > /tmp/$$name.tar.Z" ; \ (cd .. ; $$tar - $$list) | compress > /tmp/$$name.tar.Z ; \ echo \ "rm -f ../$$name" ; \ rm -f ../$$name depend: $(GENSRC) ${srcdir}/mkdep -c $(CC) $(DEFS) $(INCLS) $(SRC) tcpdump-3.6.1/./PLATFORMS100644 263 461 177 7214103277 13310 0ustar mcrtcpdump== Tested platforms == NetBSD 1.5/i386 (mcr - 2000/12/8) --- RedHat Linux 6.1/i386 (assar) FreeBSD 2.2.8/i386 (itojun) tcpdump-3.6.1/./README100644 263 461 22442 7214103277 12735 0ustar mcrtcpdump@(#) $Header: /tcpdump/master/tcpdump/README,v 1.58 2000/12/08 06:59:11 mcr Exp $ (LBL) TCPDUMP 3.6 Now maintained by "The Tcpdump Group" See www.tcpdump.org Please send inquiries/comments/reports to tcpdump-workers@tcpdump.org Anonymous CVS is available via: cvs -d cvs.tcpdump.org:/tcpdump/master login (password "anoncvs") cvs -d cvs.tcpdump.org:/tcpdump/master checkout tcpdump Version 3.6 of TCPDUMP can be retrived with the CVS tag "tcpdump_3_6": cvs -d cvs.tcpdump.org:/tcpdump/master checkout -r tcpdump_3_6 tcpdump Please send patches against the master copy to patches@tcpdump.org. formerly from Lawrence Berkeley National Laboratory Network Research Group ftp://ftp.ee.lbl.gov/tcpdump.tar.Z (3.4) This directory contains source code for tcpdump, a tool for network monitoring and data acquisition. This software was originally developed by the Network Research Group at the Lawrence Berkeley National Laboratory. The original distribution is available via anonymous ftp to ftp.ee.lbl.gov, in tcpdump.tar.Z. More recent development is performed at tcpdump.org, http://www.tcpdump.org/ Tcpdump uses libpcap, a system-independent interface for user-level packet capture. Before building tcpdump, you must first retrieve and build libpcap, also originally from LBL and now being maintained by tcpdump.org; see http://www.tcpdump.org/ . Once libpcap is built (either install it or make sure it's in ../libpcap), you can build tcpdump using the procedure in the INSTALL file. The program is loosely based on SMI's "etherfind" although none of the etherfind code remains. It was originally written by Van Jacobson as part of an ongoing research project to investigate and improve tcp and internet gateway performance. The parts of the program originally taken from Sun's etherfind were later re-written by Steven McCanne of LBL. To insure that there would be no vestige of proprietary code in tcpdump, Steve wrote these pieces from the specification given by the manual entry, with no access to the source of tcpdump or etherfind. Over the past few years, tcpdump has been steadily improved by the excellent contributions from the Internet community (just browse through the CHANGES file). We are grateful for all the input. Richard Stevens gives an excellent treatment of the Internet protocols in his book ``TCP/IP Illustrated, Volume 1''. If you want to learn more about tcpdump and how to interpret its output, pick up this book. Some tools for viewing and analyzing tcpdump trace files are available from the Internet Traffic Archive: http://www.acm.org/sigcomm/ITA/ Another tool that tcpdump users might find useful is tcpslice: ftp://ftp.ee.lbl.gov/tcpslice.tar.Z It is a program that can be used to extract portions of tcpdump binary trace files. See the above distribution for further details and documentation. Problems, bugs, questions, desirable enhancements, etc. should be sent to the address "tcpdump-workers@tcpdump.org". Source code contributions, etc. should be sent to the email address "patches@tcpdump.org". Current versions can be found at www.tcpdump.org - The TCPdump team original text by: Steve McCanne, Craig Leres, Van Jacobson ------------------------------------- This directory also contains some short awk programs intended as examples of ways to reduce tcpdump data when you're tracking particular network problems: send-ack.awk Simplifies the tcpdump trace for an ftp (or other unidirectional tcp transfer). Since we assume that one host only sends and the other only acks, all address information is left off and we just note if the packet is a "send" or an "ack". There is one output line per line of the original trace. Field 1 is the packet time in decimal seconds, relative to the start of the conversation. Field 2 is delta-time from last packet. Field 3 is packet type/direction. "Send" means data going from sender to receiver, "ack" means an ack going from the receiver to the sender. A preceding "*" indicates that the data is a retransmission. A preceding "-" indicates a hole in the sequence space (i.e., missing packet(s)), a "#" means an odd-size (not max seg size) packet. Field 4 has the packet flags (same format as raw trace). Field 5 is the sequence number (start seq. num for sender, next expected seq number for acks). The number in parens following an ack is the delta-time from the first send of the packet to the ack. A number in parens following a send is the delta-time from the first send of the packet to the current send (on duplicate packets only). Duplicate sends or acks have a number in square brackets showing the number of duplicates so far. Here is a short sample from near the start of an ftp: 3.00 0.20 send . 512 3.20 0.20 ack . 1024 (0.20) 3.20 0.00 send P 1024 3.40 0.20 ack . 1536 (0.20) 3.80 0.40 * send . 0 (3.80) [2] 3.82 0.02 * ack . 1536 (0.62) [2] Three seconds into the conversation, bytes 512 through 1023 were sent. 200ms later they were acked. Shortly thereafter bytes 1024-1535 were sent and again acked after 200ms. Then, for no apparent reason, 0-511 is retransmitted, 3.8 seconds after its initial send (the round trip time for this ftp was 1sec, +-500ms). Since the receiver is expecting 1536, 1536 is re-acked when 0 arrives. packetdat.awk Computes chunk summary data for an ftp (or similar unidirectional tcp transfer). [A "chunk" refers to a chunk of the sequence space -- essentially the packet sequence number divided by the max segment size.] A summary line is printed showing the number of chunks, the number of packets it took to send that many chunks (if there are no lost or duplicated packets, the number of packets should equal the number of chunks) and the number of acks. Following the summary line is one line of information per chunk. The line contains eight fields: 1 - the chunk number 2 - the start sequence number for this chunk 3 - time of first send 4 - time of last send 5 - time of first ack 6 - time of last ack 7 - number of times chunk was sent 8 - number of times chunk was acked (all times are in decimal seconds, relative to the start of the conversation.) As an example, here is the first part of the output for an ftp trace: # 134 chunks. 536 packets sent. 508 acks. 1 1 0.00 5.80 0.20 0.20 4 1 2 513 0.28 6.20 0.40 0.40 4 1 3 1025 1.16 6.32 1.20 1.20 4 1 4 1561 1.86 15.00 2.00 2.00 6 1 5 2049 2.16 15.44 2.20 2.20 5 1 6 2585 2.64 16.44 2.80 2.80 5 1 7 3073 3.00 16.66 3.20 3.20 4 1 8 3609 3.20 17.24 3.40 5.82 4 11 9 4097 6.02 6.58 6.20 6.80 2 5 This says that 134 chunks were transferred (about 70K since the average packet size was 512 bytes). It took 536 packets to transfer the data (i.e., on the average each chunk was transmitted four times). Looking at, say, chunk 4, we see it represents the 512 bytes of sequence space from 1561 to 2048. It was first sent 1.86 seconds into the conversation. It was last sent 15 seconds into the conversation and was sent a total of 6 times (i.e., it was retransmitted every 2 seconds on the average). It was acked once, 140ms after it first arrived. stime.awk atime.awk Output one line per send or ack, respectively, in the form