Commit Graph

32 Commits

Author SHA1 Message Date
guy
bf6db141f6 Document the "any" interface, and note that captures on it won't be done
in promiscuous mode.
2001-01-18 04:37:23 +00:00
guy
5cf045f4df "pcap-dlpi.c" opens the DLPI devices read/write, not read-only, so, on
Solaris, you need read/write access to the network pseudo-devices.
2001-01-17 18:53:20 +00:00
guy
cc97f2bc98 The filter expression "ether proto ipx" now checks for all four count
'em four different types of IPX frames on Ethernet.
2001-01-15 00:36:51 +00:00
guy
9043a59512 I lied - we *do* dissect IPX frames, it turns out.
Update the description of "ether proto" to explain all the stuff we do
to check for IPX frames.
2001-01-14 21:04:45 +00:00
guy
6953cdcf51 Document the new "ipx" argument to "ether proto". 2001-01-14 08:13:09 +00:00
guy
f669fdec18 Document the new "stp" protocol type in filter expressions.
Make the explanation of the "ether <proto>" expression more completely
explain the various cases.
2001-01-14 05:03:42 +00:00
mcr
c34f321a4d adjusted date field 2001-01-03 17:35:34 +00:00
guy
86eb0bec35 Clean up promiscuous mode, when using SOCK_PACKET, as best we can;
remember which pcap_t's were opened (with SOCK_PACKET) in promiscuous
mode on interfaces not already in promiscuous mode, turn promiscuous
mode off when closing such a pcap_t, and arrange that, when the program
exits, all pcap_t's of that sort not already closed have their
interfaces taken out of promiscuous mode.  (It's not sufficient to do
this on exit - applications may close a pcap_t without exiting, e.g.
Ethereal.)

This won't always work right (if somebody else requests promiscuous mode
after it's opened by libpcap, we'll turn promiscuous mode off when we
close the pcap_t, and if the program doesn't exit cleanly, it won't
clean up the interfaces), but neither of those problems are fixable -
the only way to get things to work correctly is to use PF_PACKET
sockets, which requires a 2.2 or later kernel.

On a 2.0[.x] kernel, when doing a "recvfrom()" on a SOCK_PACKET socket
to read a captured packet, don't pass a byte count value based on the
snapshot length - "recvfrom()" won't return the actual packet length if
you do that.  (2.2 and later kernels will return the actual packet
length if MSG_TRUNC is passed in.)

Update the documentation to reflect improved Appletalk support.
2000-12-16 10:57:26 +00:00
guy
492bf6fb3f "iso" is *not* a qualifier that restricts address or port matches to a
particular protocol.

Document the new "clnp" ISO protocol type.

Formatting nits.
2000-10-28 10:23:38 +00:00
guy
696899dbee Tony Li's changes, from FreeBSD, to support filtering for OSI packets
and for ESIS and ISIS packets.

Don't describe "atalk", "aarp", "lat", "sca", "moprc", or "mopdl" as
qualifiers that restrict address or port matches to a particular
protocol, as they aren't.

"iso", however, is a qualifier that applies to "proto", at least, and
can take a number or "esis" or "isis" as arguments; "esis" and "isis"
are short for "iso proto esis" and "iso proto isis".

Update the enumeration of the protocols that can be the target of "ip
proto" to reflect current reality.

Enumerate all the protocols that can be the target of "ether proto",
including the new "iso".
2000-10-28 10:10:54 +00:00
guy
7679e141d5 Document the "atalk" protocol type in filter expressions that's been
available for a while, and document the new "aarp" protocol type as
well.
2000-10-28 08:22:01 +00:00
guy
319fd3aa76 Document the deficiencies of tcpdump (of libpcap in general, actually)
with the Linux 2.0[.x] kernel, and suggest that the user upgrade to a
2.2[.x] kernel.
2000-10-25 07:49:28 +00:00
guy
988eb73c0a Improved VLAN support, from Peter Jeremy - "vlan" filtering keyword,
letting you filter based on the VLAN to which a packet belongs, and an
improvement to the printing of VLAN packets (adding an extra space to
separate the VLAN priority and flags from the next stuff printed).
2000-10-22 04:17:52 +00:00
assar
8fda1c6d19 print the RX ack packets 2000-07-29 08:10:05 +00:00
assar
30ddfa532e print IP length. From Kevin Steves <stevesk@sweden.hp.com> 2000-07-29 06:06:27 +00:00
guy
cff875676c Fix a typo. 2000-07-25 06:23:05 +00:00
guy
1b05fbbdc9 Add documentation for Token Ring.
Change some font choices to match the conventions used historically in
this man page (use boldface for literal strings, italics for variables,
and italics for "tcpdump" when it refers to the name of the program).
2000-07-25 06:09:32 +00:00
guy
179eba1308 Make the introductory section of the README file use the same style as
the introductory README section of the libpcap README file, giving
information about anonymous CVS and other additional information.

Update to note that non-patch mail should be sent to
"tcpdump-workers@tcpdump.org", and that patches should be sent to
"patches@tcpdump.org".

Merge in changes from the tcpdump 3.5 branch:

	"\f(CW" doesn't work on all systems - which appears to cause a
	subsequent "\fP" to revert to the font from which *roff last
	switched, which is often an italic or boldface font.  Use "\fR"
	instead of "\fP" to undo a "\f(CW".

and other changes not in the main line.
2000-07-13 06:36:57 +00:00
assar
af5c878a96 update with new URLs and addresses (to tcpdump.org) 2000-06-12 06:50:50 +00:00
mcr
655a694020 documentation suggestions from Toni Andjelkovic on TCP flags 2000-06-11 16:51:09 +00:00
itojun
910e6f31df add -T cnfp 2000-04-27 10:07:05 +00:00
assar
e75b5a6c89 document `-s 0' 2000-04-21 10:32:59 +00:00
kenh
15f343100f Make the handling of the -v flag a little more sensible, and document it. 2000-02-10 17:56:13 +00:00
itojun
8cf2e80eed caveat: tcp[0] does not match IPv6 packets. 2000-01-29 16:39:27 +00:00
fenner
f5ef0708ad Move AFS info into man page
Submitted by:	Ken Hornstein <kenh@cmf.nrl.navy.mil>
2000-01-27 23:53:49 +00:00
itojun
d7b604bee5 document -E. this option has very nasty effects and I'm still wondering
if it is correct to include it in tcpdump.org distribution.
2000-01-15 07:54:15 +00:00
itojun
2813c22cf1 add print-ascii.c and print-telnet.c from netbsd.
- add -X option for ascii printing.
- telnet command sequences (ff xx xx) will be dumped with -vvv -X.
1999-12-22 15:44:09 +00:00
mcr
dee93c3eab From: Juergen Schoenwaelder <schoenw@ibr.cs.tu-bs.de>
Here is a new version of the libsmi patch for tcpdump. It provides
	some bug fixes and some enhancements such as access checking and
	better range checking. The patch also fixed a few bugs in the
	print_snmp.c module of tcpdump itself (unrelated to the usage of
	libsmi).
1999-12-13 18:06:13 +00:00
assar
48345fa3a4 patches from Andrew Tridgell <tridge@linuxcare.com> to add decoding of SMB packets 1999-11-21 15:57:50 +00:00
itojun
c9d84d15c5 Bring in KAME IPv6 tcpdump. replaces esp/ah/isakmp decoder.
Hope I did not break anything.  Portability on IPv4-only node needs checking,
I'll do this very soon.  (sorry for rather jumbo commit)

XXx what is _FAVOR_BSD?
1999-10-30 05:11:06 +00:00
mcr
f6fa6a40d4 patches to help build on Linux 2.2 1999-10-17 21:37:10 +00:00
mcr
f555c163f9 Initial revision 1999-10-07 23:47:09 +00:00