1 To build libpcap, run "./configure" (a shell script). The configure 2 script will determine your system attributes and generate an 3 appropriate Makefile from Makefile.in. Next run "make". If everything 4 goes well you can su to root and run "make install". However, you need 5 not install libpcap if you just want to build tcpdump; just make sure 6 the tcpdump and libpcap directory trees have the same parent 7 directory. 8 9 If configure says: 10 11 configure: warning: cannot determine packet capture interface 12 configure: warning: (see INSTALL for more info) 13 14 then your system either does not support packet capture or your system 15 does support packet capture but libpcap does not support that 16 particular type. (If you have HP-UX, see below.) If your system uses a 17 packet capture not supported by libpcap, please send us patches; don't 18 forget to include an autoconf fragment suitable for use in 19 configure.in. 20 21 It is possible to override the default packet capture type, although 22 the circumstance where this works are limited. For example if you have 23 installed bpf under SunOS 4 and wish to build a snit libpcap: 24 25 ./configure --with-pcap=snit 26 27 Another example is to force a supported packet capture type in the case 28 where the configure scripts fails to detect it. 29 30 You will need an ANSI C compiler to build libpcap. The configure script 31 will abort if your compiler is not ANSI compliant. If this happens, use 32 the generally available GNU C compiler (GCC). 33 34 If you use flex, you must use version 2.4.6 or higher. The configure 35 script automatically detects the version of flex and will not use it 36 unless it is new enough. You can use "flex -V" to see what version you 37 have (unless it's really old). The current version of flex is available 38 at flex.sourceforge.net and often comes packaged by means of the OS. 39 As of this writing, the current version is 2.5.37. 40 41 If you use bison, you must use flex (and visa versa). The configure 42 script automatically falls back to lex and yacc if both flex and bison 43 are not found. 44 45 Sometimes the stock C compiler does not interact well with flex and 46 bison. The list of problems includes undefined references for alloca. 47 You can get around this by installing gcc or manually disabling flex 48 and bison with: 49 50 ./configure --without-flex --without-bison 51 52 If your system only has AT&T lex, this is okay unless your libpcap 53 program uses other lex/yacc generated code. (Although it's possible to 54 map the yy* identifiers with a script, we use flex and bison so we 55 don't feel this is necessary.) 56 57 Some systems support the Berkeley Packet Filter natively; for example 58 out of the box OSF and BSD/OS have bpf. If your system does not support 59 bpf, you will need to pick up: 60 61 ftp://ftp.ee.lbl.gov/bpf-*.tar.Z 62 63 Note well: you MUST have kernel source for your operating system in 64 order to install bpf. An exception is SunOS 4; the bpf distribution 65 includes replacement kernel objects for some of the standard SunOS 4 66 network device drivers. See the bpf INSTALL document for more 67 information. 68 69 If you use Solaris, there is a bug with bufmod(7) that is fixed in 70 Solaris 2.3.2 (aka SunOS 5.3.2). Setting a snapshot length with the 71 broken bufmod(7) results in data be truncated from the FRONT of the 72 packet instead of the end. The work around is to not set a snapshot 73 length but this results in performance problems since the entire packet 74 is copied to user space. If you must run an older version of Solaris, 75 there is a patch available from Sun; ask for bugid 1149065. After 76 installing the patch, use "setenv BUFMOD_FIXED" to enable use of 77 bufmod(7). However, we recommend you run a more current release of 78 Solaris. 79 80 If you use the SPARCompiler, you must be careful to not use the 81 /usr/ucb/cc interface. If you do, you will get bogus warnings and 82 perhaps errors. Either make sure your path has /opt/SUNWspro/bin 83 before /usr/ucb or else: 84 85 setenv CC /opt/SUNWspro/bin/cc 86 87 before running configure. (You might have to do a "make distclean" 88 if you already ran configure once). 89 90 Also note that "make depend" won't work; while all of the known 91 universe uses -M, the SPARCompiler uses -xM to generate makefile 92 dependencies. 93 94 If you are trying to do packet capture with a FORE ATM card, you may or 95 may not be able to. They usually only release their driver in object 96 code so unless their driver supports packet capture, there's not much 97 libpcap can do. 98 99 If you get an error like: 100 101 tcpdump: recv_ack: bind error 0x??? 102 103 when using DLPI, look for the DL_ERROR_ACK error return values, usually 104 in /usr/include/sys/dlpi.h, and find the corresponding value. 105 106 Under {DEC OSF/1, Digital UNIX, Tru64 UNIX}, packet capture must be 107 enabled before it can be used. For instructions on how to enable packet 108 filter support, see: 109 110 ftp://ftp.digital.com/pub/Digital/dec-faq/Digital-UNIX 111 112 Look for the "How do I configure the Berkeley Packet Filter and capture 113 tcpdump traces?" item. 114 115 Once you enable packet filter support, your OSF system will support bpf 116 natively. 117 118 Under Ultrix, packet capture must be enabled before it can be used. For 119 instructions on how to enable packet filter support, see: 120 121 ftp://ftp.digital.com/pub/Digital/dec-faq/ultrix 122 123 If you use HP-UX, you must have at least version 9 and either the 124 version of cc that supports ANSI C (cc -Aa) or else use the GNU C 125 compiler. You must also buy the optional streams package. If you don't 126 have: 127 128 /usr/include/sys/dlpi.h 129 /usr/include/sys/dlpi_ext.h 130 131 then you don't have the streams package. In addition, we believe you 132 need to install the "9.X LAN and DLPI drivers cumulative" patch 133 (PHNE_6855) to make the version 9 DLPI work with libpcap. 134 135 The DLPI streams package is standard starting with HP-UX 10. 136 137 The HP implementation of DLPI is a little bit eccentric. Unlike 138 Solaris, you must attach /dev/dlpi instead of the specific /dev/* 139 network pseudo device entry in order to capture packets. The PPA is 140 based on the ifnet "index" number. Under HP-UX 9, it is necessary to 141 read /dev/kmem and the kernel symbol file (/hp-ux). Under HP-UX 10, 142 DLPI can provide information for determining the PPA. It does not seem 143 to be possible to trace the loopback interface. Unlike other DLPI 144 implementations, PHYS implies MULTI and SAP and you get an error if you 145 try to enable more than one promiscuous mode at a time. 146 147 It is impossible to capture outbound packets on HP-UX 9. To do so on 148 HP-UX 10, you will, apparently, need a late "LAN products cumulative 149 patch" (at one point, it was claimed that this would be PHNE_18173 for 150 s700/10.20; at another point, it was claimed that the required patches 151 were PHNE_20892, PHNE_20725 and PHCO_10947, or newer patches), and to do 152 so on HP-UX 11 you will, apparently, need the latest lancommon/DLPI 153 patches and the latest driver patch for the interface(s) in use on HP-UX 154 11 (at one point, it was claimed that patches PHNE_19766, PHNE_19826, 155 PHNE_20008, and PHNE_20735 did the trick). 156 157 Furthermore, on HP-UX 10, you will need to turn on a kernel switch by 158 doing 159 160 echo 'lanc_outbound_promisc_flag/W 1' | adb -w /stand/vmunix /dev/mem 161 162 You would have to arrange that this happen on reboots; the right way to 163 do that would probably be to put it into an executable script file 164 "/sbin/init.d/outbound_promisc" and making 165 "/sbin/rc2.d/S350outbound_promisc" a symbolic link to that script. 166 167 Finally, testing shows that there can't be more than one simultaneous 168 DLPI user per network interface. 169 170 If you use Linux, this version of libpcap is known to compile and run 171 under Red Hat 4.0 with the 2.0.25 kernel. It may work with earlier 2.X 172 versions but is guaranteed not to work with 1.X kernels. Running more 173 than one libpcap program at a time, on a system with a 2.0.X kernel, can 174 cause problems since promiscuous mode is implemented by twiddling the 175 interface flags from the libpcap application; the packet capture 176 mechanism in the 2.2 and later kernels doesn't have this problem. Also, 177 packet timestamps aren't very good. This appears to be due to haphazard 178 handling of the timestamp in the kernel. 179 180 Note well: there is rumoured to be a version of tcpdump floating around 181 called 3.0.3 that includes libpcap and is supposed to support Linux. 182 You should be advised that neither the Network Research Group at LBNL 183 nor the Tcpdump Group ever generated a release with this version number. 184 The LBNL Network Research Group notes with interest that a standard 185 cracker trick to get people to install trojans is to distribute bogus 186 packages that have a version number higher than the current release. 187 They also noted with annoyance that 90% of the Linux related bug reports 188 they got are due to changes made to unofficial versions of their page. 189 If you are having trouble but aren't using a version that came from 190 tcpdump.org, please try that before submitting a bug report! 191 192 On Linux, libpcap will not work if the kernel does not have the packet 193 socket option enabled; see the README.linux file for information about 194 this. 195 196 If you use AIX, you may not be able to build libpcap from this release. 197 We do not have an AIX system in house so it's impossible for us to test 198 AIX patches submitted to us. We are told that you must link against 199 /lib/pse.exp, that you must use AIX cc or a GNU C compiler newer than 200 2.7.2, and that you may need to run strload before running a libpcap 201 application. 202 203 Read the README.aix file for information on installing libpcap and 204 configuring your system to be able to support libpcap. 205 206 If you use NeXTSTEP, you will not be able to build libpcap from this 207 release. 208 209 If you use SINIX, you should be able to build libpcap from this 210 release. It is known to compile and run on SINIX-Y/N 5.42 with the C-DS 211 V1.0 or V1.1 compiler. But note that in some releases of SINIX, yacc 212 emits incorrect code; if grammar.y fails to compile, change every 213 occurence of: 214 215 #ifdef YYDEBUG 216 217 to: 218 #if YYDEBUG 219 220 Another workaround is to use flex and bison. 221 222 If you use SCO, you might have trouble building libpcap from this 223 release. We do not have a machine running SCO and have not had reports 224 of anyone successfully building on it; the current release of libpcap 225 does not compile on SCO OpenServer 5. Although SCO apparently supports 226 DLPI to some extent, the DLPI in OpenServer 5 is very non-standard, and 227 it appears that completely new code would need to be written to capture 228 network traffic. SCO do not appear to provide tcpdump binaries for 229 OpenServer 5 or OpenServer 6 as part of SCO Skunkware: 230 231 http://www.sco.com/skunkware/ 232 233 If you use UnixWare, you might be able to build libpcap from this 234 release, or you might not. We do not have a machine running UnixWare, 235 so we have not tested it; however, SCO provide packages for libpcap 236 0.6.2 and tcpdump 3.7.1 in the UnixWare 7/Open UNIX 8 part of SCO 237 Skunkware, and the source package for libpcap 0.6.2 is not changed from 238 the libpcap 0.6.2 source release, so this release of libpcap might also 239 build without changes on UnixWare 7. 240 241 If linking tcpdump fails with "Undefined: _alloca" when using bison on 242 a Sun4, your version of bison is broken. In any case version 1.16 or 243 higher is recommended (1.14 is known to cause problems 1.16 is known to 244 work). Either pick up a current version from: 245 246 ftp://ftp.gnu.org/pub/gnu/bison 247 248 or hack around it by inserting the lines: 249 250 #ifdef __GNUC__ 251 #define alloca __builtin_alloca 252 #else 253 #ifdef sparc 254 #include <alloca.h> 255 #else 256 char *alloca (); 257 #endif 258 #endif 259 260 right after the (100 line!) GNU license comment in bison.simple, remove 261 grammar.[co] and fire up make again. 262 263 If you use SunOS 4, your kernel must support streams NIT. If you run a 264 libpcap program and it dies with: 265 266 /dev/nit: No such device 267 268 You must add streams NIT support to your kernel configuration, run 269 config and boot the new kernel. 270 271 If you are running a version of SunOS earlier than 4.1, you will need 272 to replace the Sun supplied /sys/sun{3,4,4c}/OBJ/nit_if.o with the 273 appropriate version from this distribution's SUNOS4 subdirectory and 274 build a new kernel: 275 276 nit_if.o.sun3-sunos4 (any flavor of sun3) 277 nit_if.o.sun4c-sunos4.0.3c (SS1, SS1+, IPC, SLC, etc.) 278 nit_if.o.sun4-sunos4 (Sun4's not covered by 279 nit_if.o.sun4c-sunos4.0.3c) 280 281 These nit replacements fix a bug that makes nit essentially unusable in 282 pre-SunOS 4.1. In addition, our sun4c-sunos4.0.3c nit gives you 283 timestamps to the resolution of the SS-1 clock (1 us) rather than the 284 lousy 20ms timestamps Sun gives you (tcpdump will print out the full 285 timestamp resolution if it finds it's running on a SS-1). 286 287 FILES 288 ----- 289 CHANGES - description of differences between releases 290 ChmodBPF/* - Mac OS X startup item to set ownership and permissions 291 on /dev/bpf* 292 CREDITS - people that have helped libpcap along 293 INSTALL.txt - this file 294 LICENSE - the license under which tcpdump is distributed 295 Makefile.in - compilation rules (input to the configure script) 296 README - description of distribution 297 README.aix - notes on using libpcap on AIX 298 README.dag - notes on using libpcap to capture on Endace DAG devices 299 README.hpux - notes on using libpcap on HP-UX 300 README.linux - notes on using libpcap on Linux 301 README.macosx - notes on using libpcap on Mac OS X 302 README.septel - notes on using libpcap to capture on Intel/Septel devices 303 README.sita - notes on using libpcap to capture on SITA devices 304 README.tru64 - notes on using libpcap on Digital/Tru64 UNIX 305 README.Win32 - notes on using libpcap on Win32 systems (with WinPcap) 306 SUNOS4 - pre-SunOS 4.1 replacement kernel nit modules 307 VERSION - version of this release 308 acconfig.h - support for post-2.13 autoconf 309 aclocal.m4 - autoconf macros 310 arcnet.h - ARCNET definitions 311 atmuni31.h - ATM Q.2931 definitions 312 bpf/net - copy of bpf_filter.c 313 bpf_dump.c - BPF program printing routines 314 bpf_filter.c - symlink to bpf/net/bpf_filter.c 315 bpf_image.c - BPF disassembly routine 316 config.guess - autoconf support 317 config.h.in - autoconf input 318 config.sub - autoconf support 319 configure - configure script (run this first) 320 configure.in - configure script source 321 dlpisubs.c - DLPI-related functions for pcap-dlpi.c and pcap-libdlpi.c 322 dlpisubs.h - DLPI-related function declarations 323 etherent.c - /etc/ethers support routines 324 ethertype.h - Ethernet protocol types and names definitions 325 fad-getad.c - pcap_findalldevs() for systems with getifaddrs() 326 fad-gifc.c - pcap_findalldevs() for systems with only SIOCGIFLIST 327 fad-glifc.c - pcap_findalldevs() for systems with SIOCGLIFCONF 328 fad-null.c - pcap_findalldevs() for systems without capture support 329 fad-sita.c - pcap_findalldevs() for systems with SITA support 330 fad-win32.c - pcap_findalldevs() for WinPcap 331 filtertest.c - test program for BPF compiler 332 findalldevstest.c - test program for pcap_findalldevs() 333 gencode.c - BPF code generation routines 334 gencode.h - BPF code generation definitions 335 grammar.y - filter string grammar 336 ieee80211.h - 802.11 definitions 337 inet.c - network routines 338 install-sh - BSD style install script 339 lbl/os-*.h - OS-dependent defines and prototypes 340 llc.h - 802.2 LLC SAP definitions 341 missing/* - replacements for missing library functions 342 mkdep - construct Makefile dependency list 343 msdos/* - drivers for MS-DOS capture support 344 nametoaddr.c - hostname to address routines 345 nlpid.h - OSI network layer protocol identifier definitions 346 net - symlink to bpf/net 347 optimize.c - BPF optimization routines 348 pcap/bluetooth.h - public definition of DLT_BLUETOOTH_HCI_H4_WITH_PHDR header 349 pcap/bpf.h - BPF definitions 350 pcap/namedb.h - public libpcap name database definitions 351 pcap/pcap.h - public libpcap definitions 352 pcap/sll.h - public definition of DLT_LINUX_SLL header 353 pcap/usb.h - public definition of DLT_USB header 354 pcap-bpf.c - BSD Packet Filter support 355 pcap-bpf.h - header for backwards compatibility 356 pcap-bt-linux.c - Bluetooth capture support for Linux 357 pcap-bt-linux.h - Bluetooth capture support for Linux 358 pcap-dag.c - Endace DAG device capture support 359 pcap-dag.h - Endace DAG device capture support 360 pcap-dlpi.c - Data Link Provider Interface support 361 pcap-dos.c - MS-DOS capture support 362 pcap-dos.h - headers for MS-DOS capture support 363 pcap-enet.c - enet support 364 pcap-int.h - internal libpcap definitions 365 pcap-libdlpi.c - Data Link Provider Interface support for systems with libdlpi 366 pcap-linux.c - Linux packet socket support 367 pcap-namedb.h - header for backwards compatibility 368 pcap-nit.c - SunOS Network Interface Tap support 369 pcap-nit.h - SunOS Network Interface Tap definitions 370 pcap-null.c - dummy monitor support (allows offline use of libpcap) 371 pcap-pf.c - Ultrix and Digital/Tru64 UNIX Packet Filter support 372 pcap-pf.h - Ultrix and Digital/Tru64 UNIX Packet Filter definitions 373 pcap-septel.c - Intel/Septel device capture support 374 pcap-septel.h - Intel/Septel device capture support 375 pcap-sita.c - SITA device capture support 376 pcap-sita.h - SITA device capture support 377 pcap-sita.html - SITA device capture documentation 378 pcap-stdinc.h - includes and #defines for compiling on Win32 systems 379 pcap-snit.c - SunOS 4.x STREAMS-based Network Interface Tap support 380 pcap-snoop.c - IRIX Snoop network monitoring support 381 pcap-usb-linux.c - USB capture support for Linux 382 pcap-usb-linux.h - USB capture support for Linux 383 pcap-win32.c - WinPcap capture support 384 pcap.3pcap - manual entry for the library 385 pcap.c - pcap utility routines 386 pcap.h - header for backwards compatibility 387 pcap_*.3pcap - manual entries for library functions 388 pcap-filter.4 - manual entry for filter syntax 389 pcap-linktype.4 - manual entry for link-layer header types 390 ppp.h - Point to Point Protocol definitions 391 runlex.sh - wrapper for Lex/Flex 392 savefile.c - offline support 393 scanner.l - filter string scanner 394 sunatmpos.h - definitions for SunATM capturing 395 Win32 - headers and routines for building on Win32 systems 396
