van@HELIOS.EE.LBL.GOV (Van Jacobson) (03/05/90)
Archive-name: tcpdump/03-Mar-90 Original-posting-by: van@HELIOS.EE.LBL.GOV (Van Jacobson) Original-subject: new version of tcpdump available Archive-site: ftp.ee.lbl.gov [128.3.254.68] Archive-files: tcpdump.tar.Z Reposted-by: emv@math.lsa.umich.edu (Edward Vielmetti) A new version of tcpdump is available for anonymous ftp from host ftp.ee.lbl.gov (128.3.254.68), file tcpdump.tar.Z. (This is a compressed Unix tar file and must be ftped in *binary* mode.) This version runs on both Sun-3s and Sun-4s (including the Sparcstation-1) and under either Sun OS3.x or 4.x. Attached is a portion of the README file describing what has changed since the last release. Enjoy. - Van Jacobson, Steve McCanne, Craig Leres Lawrence Berkeley Laboratory ------------------------- Sat Mar 3 04:45:39 PST 1990 This directory contains yet another beta release of the source for tcpdump. We are still in the middle of replacing the Sun NIT interface with an enhanced version of the CMU/Stanford packet filter that was distributed with 4.3bsd. We hope that the next version of tcpdump will run an any 4bsd system, not just Suns. Our intent is to include the new version with the 4.4bsd distribution. Major changes from the June '89 release to this release are: - Sparc architectures, including the Sparcstation-1, are now supported thanks to Steve McCanne and Craig Leres. - SunOS 4.0 is now supported thanks to Micky Liu of Columbia University (micky@cunixc.cc.columbia.edu). To compile, you need to define SUNOS4. You will also need to replace the Sun supplied /sys/OBJ/nit_if.o with the appropriate version from this distribution's SUNOS4 subdirectory: nit_if.o.sun3 (any flavor of sun3) nit_if.o.sparc (all Sun4's except for the Sparcstation-1) nit_if.o.sun4c (Sparcstation-1) These nit replacements fix a bug that makes nit essentially unusable in Sun OS 4. In addition, our sun4c nit gives you timestamps to the resolution of the SS-1 clock (1 us) rather than the lousy 20ms timestamps Sun gives you (tcpdump will print out the full timestamp resolution if it finds it's running on a SS-1). - IP options are now printed. - RIP packets are now printed (RIP printing is partly thanks to code contributed by Ken Adelman of TGV). - There's a -v flag that prints out more information than the default (e.g., it will enable printing of IP ttl, tos and id) and -q flag that prints out less (e.g., it will disable interpretation of Appletalk-in-UDP). - The grammar has undergone substantial changes (if you have an earlier version of tcpdump, you should re-read the manual entry). The syntax is more regular than the previous version and should be easier to learn and remember. The most useful change is probably the replacement of the "byte" operator by an arithmetic expression syntax that lets you filter on arbitrary fields or values in the packet. E.g., "ip[0] > 0x45" would print only packets with IP options or ST packets, "tcp[13] & 3 != 0" would print only TCP SYN and FIN packets. The most painful change is that concatenation no longer means "and" -- e.g., you have to say "host foo and port bar" instead of "host foo port bar". The up side to this down is that repeated qualifiers can be omitted, making most filter expressions shorter. E.g., you can now say "ip host foo and (bar or baz)" to look at ip traffic between hosts foo and bar or between hosts foo and baz. [The old way of saying this was "ip host foo and (ip host bar or ip host baz)".]