@(#) $Header: /cvs/OpenBSD/src/usr.sbin/tcpdump/INSTALL,v 1.2 1999/07/28 20:41:34 jakob Exp $ (LBL) If you have not built libpcap, do so first. See the README file in this directory for the ftp location. You will need an ANSI C compiler to build tcpdump. The configure script will abort if your compiler is not ANSI compliant. If this happens, use the GNU C compiler, available via anonymous ftp: ftp://prep.ai.mit.edu/pub/gnu/gcc.tar.gz After libpcap has been built (either install it with "make install" and "make install-incl" or make sure both the libpcap and tcpdump source trees are in the same directory), edit the BINDEST and MANDEST paths in Makefile.in and run ./configure (a shell script). "configure" will determine your system attributes and generate an appropriate Makefile from Makefile.in. Now build tcpdump by running "make". If everything builds ok, su and type "make install" (and optionally "make install-man). This will install tcpdump and the manual entry. By default, tcpdump is installed with group execute permissions. The group used depends on your os. In addition, BPF packet access is controlled by permissions to /dev/bpf0. In any case, DO NOT give untrusted users the capability of running tcpdump. Tcpdump can capture any traffic on your net, including passwords. Note that tcpdump is shipped with some systems, for example, DEC/OSF and BSD/386. Remember to remove or rename the installed binary when upgrading. If you use Linux, this version of libpcap is known to compile and run under Red Hat 4.0 with the 2.0.25 kernel. It may work with earlier 2.X versions but is guaranteed not to work with 1.X kernels. If you use OSF 4, note that that there appears to be some serious bugs with the stock C compiler. The configure code fragments that detect if the ether_header and ether_arp structs use the ether_addr struct generates warnings instead of fatal errors (?!?!) This makes configure think that the ether_arp struct is used when in fact it is not. To get around this, delete: -DETHER_HEADER_HAS_EA=1 -DETHER_ARP_HAS_EA=1 from the Makefile after running configure (and before attempting to compile tcpdump. Another workaround is to use gcc. If your system is not one which we have tested tcpdump on, you may have to modify the configure script and Makefile.in. Please send us patches for any modifications you need to make. However, we are not interested in ascii packet printer patches. We believe adding this feature would make it too easy for crackers who do not have the programming skills needed to write a password sniffer to grab clear text passwords. FILES ----- CHANGES - description of differences between releases INSTALL - this file README - description of distribution VERSION - version of this release addrtoname.c - address to hostname routines addrtoname.h - address to hostname definitions appletalk.h - AppleTalk definitions atime.awk - TCP ack awk script bootp.h - BOOTP definitions bpf_dump.c - bpf instruction pretty-printer routine decnet.h - DECnet definitions ethertype.h - ethernet definitions extract.h - alignment definitions fddi.h - Fiber Distributed Data Interface definitions gmt2local.c - time conversion routines gmt2local.h - time conversion prototypes gnuc.h - XXX igrp.h - Interior Gateway Routing Protocol definitions interface.h - globals, prototypes and definitions ipx.h - IPX definitions llc.h - LLC definitions machdep.c - machine dependent routines machdep.h - machine dependent definitions makemib - mib to header script mib.h - mib definitions netbios.h - NETBIOS definitions nfs.h - XXX nfsfh.h - Network File System file handle definitions nfsv2.h - Network File System V2 definitions ntp.h - Network Time Protocol definitions ospf.h - Open Shortest Path First definitions packetdat.awk - TCP chunk summary awk script parsenfsfh.c - Network File System file parser routines print-arp.c - Address Resolution Protocol printer routines print-atalk.c - AppleTalk printer routines print-atm.c - atm printer routines print-bootp.c - BOOTP printer routines print-cnfp.c - Cisco NetFlow printer routines print-decnet.c - DECnet printer routines print-domain.c - Domain Name System printer routines print-egp.c - External Gateway Protocol printer routines print-enc.c - Encapsulated printer routines print-ether.c - ethernet printer routines print-fddi.c - Fiber Distributed Data Interface printer routines print-gre.c - Generic Routing Encapsulation printer routines print-icmp.c - Internet Control Message Protocol printer routines print-igrp.c - Interior Gateway Routing Protocol printer routines print-ike.c - internet key exchange (ike, isakmp/oakley) printer routines print-ip.c - ip printer routines print-ipsec.c - ipsec (esp/ah) printer routines print-ipx.c - IPX printer routines print-isoclns.c - isoclns printer routines print-krb.c - Kerberos printer routines print-llc.c - llc printer routines print-netbios.c - netbios printer routines print-nfs.c - Network File System printer routines print-ntp.c - Network Time Protocol printer routines print-null.c - null printer routines print-ospf.c - Open Shortest Path First printer routines print-pim.c - Protocol Independent Multicast printer routines print-ppp.c - Point to Point Protocol printer routines print-raw.c - raw printer routines print-rip.c - Routing Information Protocol printer routines print-skip.c - SKIP printer routines print-sl.c - Compressed Serial Line Internet Protocol printer routines print-snmp.c - Simple Network Management Protocol printer routines print-sunrpc.c - Sun Remote Procedure Call printer routines print-tcp.c - TCP printer routines print-tftp.c - Trivial File Transfer Protocol printer routines print-udp.c - UDP printer routines print-wb.c - white board printer routines radius.h - XXX savestr.c - savestr prototypes savestr.h - strdup() replacement send-ack.awk - unidirectional tcp send/ack awk script setsignal.c - os independent signal routines setsignal.h - os independent signal prototypes stime.awk - TCP send awk script tcpdump.8 - manual entry tcpdump.c - main program util.c - utility routines