New tcpdump and Berkeley Packet Filter available for anonymous ftp

[tcpdump at ee.lbl.gov]

A new release of tcpdump, 2.0, is now available for anonymous ftp from
ftp.ee.lbl.gov.  This version should run on almost any BSD (or BSD-like)
system, not just on Suns.  It has been tested on:

   - Sun OS 3.x & 4.x on Sun-3s & Sun-4s
   - HP 9000/3xx's running Utah's 4.3BSD.
   - Ultrix on Vaxes & DECstations (Ultrix support courtesy of Jeff
     Mogul of DECWRL)
   - IBM RT's (enetfilter support courtesy of Rayan Zachariassen of CA*Net).

In addition, this release includes a new, portable, kernel packet
capture/filter system, the Berkeley Packet Filter (BPF).  BPF is similar
to the `enet' filter distributed with 4.3BSD but is substantially more
efficient.  It is also a (vastly more efficient) alternative to the
`Streams' NIT abortion in Sun OS 4 that, unlike NIT, lets you monitor your
own outbound traffic.  Both tcpdump and BPF are available via anonymous
ftp from ftp.ee.lbl.gov (128.3.254.68), in the compressed tarchive
tcpdump-2.0.tar.Z.  (Remember to set binary mode.)

Here is a teaser from the README:

- A packet dumper has been added (thanks to Jeff Mogul of DECWRL).  With
  this option, you can create an architecture independent binary trace file
  in real time, without the overhead of the packet printer.  At a later
  time, the packets can be filtered (again) and printed.

- BSD is supported.  You must install BPF in your kernel.  Since the
  filtering is now done in the kernel, fewer packets are dropped.  In fact,
  with BPF and the packet dumper option, a measly Sun 3/50 can keep up with
  a busy network.

- Compressed SLIP packets can now be dumped, provided you use our (soon to
  be released) SLIP software and BPF.  These packets are dumped as any other
  IP packet; the compressed headers are dumped with the '-e' option.

- Tcpdump is smarter about choosing an interface.  Without '-i', the
  system interface list is searched for the lowest numbered, "interesting"
  network interface.

- Machines with little-endian byte ordering are supported (thanks to Jeff
  Mogul).

- Ultrix is supported (also thanks to Jeff Mogul).

- IBM RT and Stanford Enetfilter support has been added by Rayan
  Zachariassen <rayan at canet.ca>.  Tcpdump has been tested under both the
  vanilla enetfilter interface, and the extended interface present in the
  MERIT version of the enetfilter.

- TFTP packets are now printed (requests only).

- BOOTP packets are now printed.

- SNMP packets are now printed (thanks to John LoVerso of Xylogics).

Problems, bugs, questions, desirable enhancements, etc., should be sent to
the email address "tcpdump at ee.lbl.gov".  We welcome all such feedback.

 - Steve McCanne (mccanne at ee.lbl.gov)
   Craig Leres (leres at ee.lbl.gov)
   Van Jacobson (van at ee.lbl.gov)