tcpdump@ee.lbl.gov (01/15/91)
A new release of tcpdump, 2.0, is now available for anonymous ftp from
ftp.ee.lbl.gov. This version should run on almost any BSD (or BSD-like)
system, not just on Suns. It has been tested on:
- Sun OS 3.x & 4.x on Sun-3s & Sun-4s
- HP 9000/3xx's running Utah's 4.3BSD.
- Ultrix on Vaxes & DECstations (Ultrix support courtesy of Jeff
Mogul of DECWRL)
- IBM RT's (enetfilter support courtesy of Rayan Zachariassen of CA*Net).
In addition, this release includes a new, portable, kernel packet
capture/filter system, the Berkeley Packet Filter (BPF). BPF is similar
to the `enet' filter distributed with 4.3BSD but is substantially more
efficient. It is also a (vastly more efficient) alternative to the
`Streams' NIT abortion in Sun OS 4 that, unlike NIT, lets you monitor your
own outbound traffic. Both tcpdump and BPF are available via anonymous
ftp from ftp.ee.lbl.gov (128.3.254.68), in the compressed tarchive
tcpdump-2.0.tar.Z. (Remember to set binary mode.)
Here is a teaser from the README:
- A packet dumper has been added (thanks to Jeff Mogul of DECWRL). With
this option, you can create an architecture independent binary trace file
in real time, without the overhead of the packet printer. At a later
time, the packets can be filtered (again) and printed.
- BSD is supported. You must install BPF in your kernel. Since the
filtering is now done in the kernel, fewer packets are dropped. In fact,
with BPF and the packet dumper option, a measly Sun 3/50 can keep up with
a busy network.
- Compressed SLIP packets can now be dumped, provided you use our (soon to
be released) SLIP software and BPF. These packets are dumped as any other
IP packet; the compressed headers are dumped with the '-e' option.
- Tcpdump is smarter about choosing an interface. Without '-i', the
system interface list is searched for the lowest numbered, "interesting"
network interface.
- Machines with little-endian byte ordering are supported (thanks to Jeff
Mogul).
- Ultrix is supported (also thanks to Jeff Mogul).
- IBM RT and Stanford Enetfilter support has been added by Rayan
Zachariassen <rayan@canet.ca>. Tcpdump has been tested under both the
vanilla enetfilter interface, and the extended interface present in the
MERIT version of the enetfilter.
- TFTP packets are now printed (requests only).
- BOOTP packets are now printed.
- SNMP packets are now printed (thanks to John LoVerso of Xylogics).
Problems, bugs, questions, desirable enhancements, etc., should be sent to
the email address "tcpdump@ee.lbl.gov". We welcome all such feedback.
- Steve McCanne (mccanne@ee.lbl.gov)
Craig Leres (leres@ee.lbl.gov)
Van Jacobson (van@ee.lbl.gov)