van@LBL-CSAM.ARPA (Van Jacobson) (01/25/88)
There's a new version of tcpdump (v1.17) available for anonymous ftp from internet host lbl-rtsg.arpa (128.3.254.68), compressed tar file tcpdump.tar.Z. There are no major changes but several bug fixes and a couple of new flags. In addition to the tcpdump update, a couple of new trace analysis awk scripts have been added. This version was compiled -fswitch so it should work on Sun-3s without a 68881. And no, the source still isn't available (but will be soon I hope). - Van
larry@pdn.UUCP (Larry Swift) (01/30/88)
In article <8801250336.AA21049@lbl-csam.arpa> van@LBL-CSAM.ARPA (Van Jacobson) writes: >There's a new version of tcpdump (v1.17) available for anonymous What does tcpdump do? Sounds like it might be useful in our environment (several different machines, including Sun's, all using tcp/ip). Larry Swift UUCP: {codas,usfvax2}!pdn!larry Paradyne Corp., LF-207 Phone: (813) 530-8605 P. O. Box 2826 Largo, FL, 34649-9981
van@HELIOS.EE.LBL.GOV (Van Jacobson) (03/04/90)
A new version of tcpdump is available for anonymous ftp from host ftp.ee.lbl.gov (128.3.254.68), file tcpdump.tar.Z. (This is a compressed Unix tar file and must be ftped in *binary* mode.) This version runs on both Sun-3s and Sun-4s (including the Sparcstation-1) and under either Sun OS3.x or 4.x. Attached is a portion of the README file describing what has changed since the last release. Enjoy. - Van Jacobson, Steve McCanne, Craig Leres Lawrence Berkeley Laboratory ------------------------- Sat Mar 3 04:45:39 PST 1990 This directory contains yet another beta release of the source for tcpdump. We are still in the middle of replacing the Sun NIT interface with an enhanced version of the CMU/Stanford packet filter that was distributed with 4.3bsd. We hope that the next version of tcpdump will run an any 4bsd system, not just Suns. Our intent is to include the new version with the 4.4bsd distribution. Major changes from the June '89 release to this release are: - Sparc architectures, including the Sparcstation-1, are now supported thanks to Steve McCanne and Craig Leres. - SunOS 4.0 is now supported thanks to Micky Liu of Columbia University (micky@cunixc.cc.columbia.edu). To compile, you need to define SUNOS4. You will also need to replace the Sun supplied /sys/OBJ/nit_if.o with the appropriate version from this distribution's SUNOS4 subdirectory: nit_if.o.sun3 (any flavor of sun3) nit_if.o.sparc (all Sun4's except for the Sparcstation-1) nit_if.o.sun4c (Sparcstation-1) These nit replacements fix a bug that makes nit essentially unusable in Sun OS 4. In addition, our sun4c nit gives you timestamps to the resolution of the SS-1 clock (1 us) rather than the lousy 20ms timestamps Sun gives you (tcpdump will print out the full timestamp resolution if it finds it's running on a SS-1). - IP options are now printed. - RIP packets are now printed (RIP printing is partly thanks to code contributed by Ken Adelman of TGV). - There's a -v flag that prints out more information than the default (e.g., it will enable printing of IP ttl, tos and id) and -q flag that prints out less (e.g., it will disable interpretation of Appletalk-in-UDP). - The grammar has undergone substantial changes (if you have an earlier version of tcpdump, you should re-read the manual entry). The syntax is more regular than the previous version and should be easier to learn and remember. The most useful change is probably the replacement of the "byte" operator by an arithmetic expression syntax that lets you filter on arbitrary fields or values in the packet. E.g., "ip[0] > 0x45" would print only packets with IP options or ST packets, "tcp[13] & 3 != 0" would print only TCP SYN and FIN packets. The most painful change is that concatenation no longer means "and" -- e.g., you have to say "host foo and port bar" instead of "host foo port bar". The up side to this down is that repeated qualifiers can be omitted, making most filter expressions shorter. E.g., you can now say "ip host foo and (bar or baz)" to look at ip traffic between hosts foo and bar or between hosts foo and baz. [The old way of saying this was "ip host foo and (ip host bar or ip host baz)".]
philipp@GIPSI.GIPSI.FR (Philippe Prindeville) (03/15/90)
Van - What kind of issues/questions do you address that requires a resolution of 1 us rather than 20 ms? Regards - Craig Yeah, at 1us resolution, your position on the network cable becomes more critical than the resolution of your clock... -Philip
grr@cbmvax.commodore.com (George Robbins) (03/15/90)
In article <1990Mar12.225341.19966@ladc.bull.com> fmayhar@hermes.ladc.bull.com writes: > > For those poor benighted heathens (such as myself) without FTP, is this > available > for anonymous uucp anywhere? Or, perhaps, from some mail archive server? > I have the old version of tcpdump, gotten from uunet. It's very useful. Looks > like the new version would be even more useful, _if_ I can get my hands on it. The new version is now on uunet as: ~/networking/tcpdump.tar.Z -- George Robbins - now working for, uucp: {uunet|pyramid|rutgers}!cbmvax!grr but no way officially representing: domain: grr@cbmvax.commodore.com Commodore, Engineering Department phone: 215-431-9349 (only by moonlite)