| Up to higher level directory | |||
| Name | Date | Size | |
|---|---|---|---|
| README.aix | 17-Aug-2023 | 3.5K | |
| README.dag | 17-Aug-2023 | 5.1K | |
| README.haiku.md | 02-Sep-2024 | 1.9K | |
| README.hpux | 02-Sep-2024 | 8K | |
| README.linux | 17-Aug-2023 | 1.9K | |
| README.macos | 03-Sep-2018 | 3.4K | |
| README.septel | 17-Aug-2023 | 2K | |
| README.sita | 17-Aug-2023 | 2.8K | |
| README.solaris.md | 17-Aug-2023 | 1.4K | |
| README.windows.md | 02-Sep-2024 | 6.6K | |
README.aix
1 # Compiling libpcap on AIX 2 3 * Autoconf is expected to work everywhere. 4 * Neither AIX lex nor AIX yacc nor AIX m4 are suitable. 5 6 ## AIX 7.1 7 8 * libpcap build fails with rpcapd enabled. 9 * GNU M4 1.4.17 works. 10 * flex 2.6.4 and GNU Bison 3.5.1 work. 11 * CMake 3.16.0 works. 12 * GCC 8.3.0 works, XL C 12.1.0 works. 13 14 ## AIX 7.2 15 16 * libpcap build fails with rpcapd enabled. 17 * GNU M4 1.4.17 works. 18 * flex 2.5.35 and GNU Bison 3.0.4 work. 19 * GCC 7.2.0 works, XL C 13.1.3 works. 20 21 ## Other AIX-related information 22 23 Using BPF: 24 25 (1) AIX 4.x's version of BPF is undocumented and somewhat unstandard; the 26 current BPF support code includes changes that should work around 27 that; it appears to compile and work on at least one AIX 4.3.3 28 machine. 29 30 Note that the BPF driver and the "/dev/bpf" devices might not exist 31 on your machine; AIX's tcpdump loads the driver and creates the 32 devices if they don't already exist. Our libpcap should do the 33 same, and the configure script should detect that it's on an AIX 34 system and choose BPF even if the devices aren't there. 35 36 Also note that tcpdump _binary_ compiled on AIX 4 may have a problem 37 doing the initial loading of the BPF driver if copied to AIX 5 and 38 run there (GH #52). tcpdump binary natively compiled on AIX 5 should 39 not have this issue. 40 41 (2) If libpcap doesn't compile on your machine when configured to use 42 BPF, or if the workarounds fail to make it work correctly, you 43 should send to tcpdump-workers (a] lists.tcpdump.org a detailed bug 44 report (if the compile fails, send us the compile error messages; 45 if it compiles but fails to work correctly, send us as detailed as 46 possible a description of the symptoms, including indications of the 47 network link-layer type being wrong or time stamps being wrong). 48 49 If you fix the problems yourself, please submit a patch by forking 50 the branch at 51 52 https://github.com/the-tcpdump-group/libpcap/tree/master 53 54 and issuing a pull request, so we can incorporate the fixes into the 55 next release. 56 57 If you don't fix the problems yourself, you can, as a workaround, 58 make libpcap use DLPI instead of BPF. 59 60 This can be done by specifying the flag: 61 62 --with-pcap=dlpi 63 64 to the "configure" script for libpcap. 65 66 If you use DLPI: 67 68 (1) It is a good idea to have the latest version of the DLPI driver on 69 your system, since certain versions may be buggy and cause your AIX 70 system to crash. DLPI is included in the fileset bos.rte.tty. I 71 found that the DLPI driver that came with AIX 4.3.2 was buggy, and 72 had to upgrade to bos.rte.tty 4.3.2.4: 73 74 lslpp -l bos.rte.tty 75 76 bos.rte.tty 4.3.2.4 COMMITTED Base TTY Support and Commands 77 78 Updates for AIX filesets can be obtained from: 79 ftp://service.software.ibm.com/aix/fixes/ 80 81 These updates can be installed with the smit program. 82 83 (2) After compiling libpcap, you need to make sure that the DLPI driver 84 is loaded. Type: 85 86 strload -q -d dlpi 87 88 If the result is: 89 90 dlpi: yes 91 92 then the DLPI driver is loaded correctly. 93 94 If it is: 95 96 dlpi: no 97 98 Then you need to type: 99 100 strload -f /etc/dlpi.conf 101 102 Check again with strload -q -d dlpi that the dlpi driver is loaded. 103 104 Alternatively, you can uncomment the lines for DLPI in 105 /etc/pse.conf and reboot the machine; this way DLPI will always 106 be loaded when you boot your system. 107 108 (3) There appears to be a problem in the DLPI code in some versions of 109 AIX, causing a warning about DL_PROMISC_MULTI failing; this might 110 be responsible for DLPI not being able to capture outgoing packets. 111
README.dag
1 2 The following instructions apply if you have a Linux or FreeBSD platform and 3 want libpcap to support the DAG range of passive network monitoring cards from 4 Endace (https://www.endace.com, see below for further contact details). 5 6 1) Install and build the DAG software distribution by following the 7 instructions supplied with that package. Current Endace customers can download 8 the DAG software distribution from https://www.endace.com 9 10 2) Configure libcap. To allow the 'configure' script to locate the DAG 11 software distribution use the '--with-dag' option: 12 13 ./configure --with-dag=DIR 14 15 Where DIR is the root of the DAG software distribution, for example 16 /var/src/dag. If the DAG software is correctly detected 'configure' will 17 report: 18 19 checking whether we have DAG API... yes 20 21 If 'configure' reports that there is no DAG API, the directory may have been 22 incorrectly specified or the DAG software was not built before configuring 23 libpcap. 24 25 See also the libpcap INSTALL.md file for further libpcap configuration 26 options. 27 28 Building libpcap at this stage will include support for both the native packet 29 capture stream (linux or bpf) and for capturing from DAG cards. To build 30 libpcap with only DAG support specify the capture type as 'dag' when 31 configuring libpcap: 32 33 ./configure --with-dag=DIR --with-pcap=dag 34 35 Applications built with libpcap configured in this way will only detect DAG 36 cards and will not capture from the native OS packet stream. 37 38 ---------------------------------------------------------------------- 39 40 Libpcap when built for DAG cards against dag-2.5.1 or later releases: 41 42 Timeouts are supported. pcap_dispatch() will return after to_ms milliseconds 43 regardless of how many packets are received. If to_ms is zero pcap_dispatch() 44 will block waiting for data indefinitely. 45 46 pcap_dispatch() will block on and process a minimum of 64kB of data (before 47 filtering) for efficiency. This can introduce high latencies on quiet 48 interfaces unless a timeout value is set. The timeout expiring will override 49 the 64kB minimum causing pcap_dispatch() to process any available data and 50 return. 51 52 pcap_setnonblock is supported. When nonblock is set, pcap_dispatch() will 53 check once for available data, process any data available up to count, then 54 return immediately. 55 56 pcap_findalldevs() is supported, e.g. dag0, dag1... 57 58 Some DAG cards can provide more than one 'stream' of received data. 59 This can be data from different physical ports, or separated by filtering 60 or load balancing mechanisms. Receive streams have even numbers, e.g. 61 dag0:0, dag0:2 etc. Specifying transmit streams for capture is not supported. 62 63 pcap_setfilter() is supported, BPF programs run in userspace. 64 65 pcap_setdirection() is not supported. Only received traffic is captured. 66 DAG cards normally do not have IP or link layer addresses assigned as 67 they are used to passively monitor links. 68 69 pcap_breakloop() is supported. 70 71 pcap_datalink() and pcap_list_datalinks() are supported. The DAG card does 72 not attempt to set the correct datalink type automatically where more than 73 one type is possible. 74 75 pcap_stats() is supported. ps_drop is the number of packets dropped due to 76 RX stream buffer overflow, this count is before filters are applied (it will 77 include packets that would have been dropped by the filter). The RX stream 78 buffer size is user configurable outside libpcap, typically 16-512MB. 79 80 pcap_get_selectable_fd() is not supported, as DAG cards do not support 81 poll/select methods. 82 83 pcap_inject() and pcap_sendpacket() are not supported. 84 85 Some DAG cards now support capturing to multiple virtual interfaces, called 86 streams. Capture streams have even numbers. These are available via libpcap 87 as separate interfaces, e.g. dag0:0, dag0:2, dag0:4 etc. dag0:0 is the same 88 as dag0. These are visible via pcap_findalldevs(). 89 90 libpcap now does NOT set the card's hardware snaplen (slen). This must now be 91 set using the appropriate DAG configuration program, e.g. dagthree, dagfour, 92 dagsix, dagconfig. This is because the snaplen is currently shared between 93 all of the streams. In future this may change if per-stream slen is 94 implemented. 95 96 DAG cards by default capture entire packets including the L2 97 CRC/FCS. If the card is not configured to discard the CRC/FCS, this 98 can confuse applications that use libpcap if they're not prepared for 99 packets to have an FCS. 100 101 Libpcap now reads the environment variable ERF_FCS_BITS to determine 102 how many bits of CRC/FCS to strip from the end of the captured 103 frame. This defaults to 32 for use with Ethernet. If the card is 104 configured to strip the CRC/FCS, then set ERF_FCS_BITS=0. If used with 105 a HDLC/PoS/PPP/Frame Relay link with 16 bit CRC/FCS, then set 106 ERF_FCS_BITS=16. 107 108 If you wish to create a pcap file that DOES contain the Ethernet FCS, 109 specify the environment variable ERF_DONT_STRIP_FCS. This will cause 110 the existing FCS to be captured into the pcap file. Note some 111 applications may incorrectly report capture errors or oversize packets 112 when reading these files. 113 114 ---------------------------------------------------------------------- 115 116 Please submit bug reports via <support (a] endace.com>. 117 118 Please also visit our Web site at: 119 120 https://www.endace.com/ 121 122 For more information about Endace DAG cards contact <sales (a] endace.com>. 123
README.haiku.md
1 # Compiling and using libpcap on Haiku 2 3 Haiku R1/beta4 and earlier versions do not support packet capture on the 4 loopback interface. Using this version of libpcap, loopback capture works 5 since Haiku revision hrev57585 and is expected to work in Haiku R1/beta5 when 6 the latter becomes available. Packet timestamping and filtering always occur 7 in userland. Wireless monitor mode is not supported. The "any" 8 pseudo-interface is not supported. 9 [**pcap_set_buffer_size**](https://www.tcpdump.org/manpages/pcap_set_buffer_size.3pcap.html)(3PCAP) 10 has no effect. 11 [**pcap_setdirection**](https://www.tcpdump.org/manpages/pcap_setdirection.3pcap.html)(3PCAP) 12 is not supported. 13 [**pcap_inject**](https://www.tcpdump.org/manpages/pcap_inject.3pcap.html)(3PCAP) 14 is not supported. 15 16 The statistics reported by 17 [**pcap_stats**](https://www.tcpdump.org/manpages/pcap_stats.3pcap.html)(3PCAP) 18 on Haiku are as follows: 19 * `ps_recv` is the number of packets successfully delivered by the kernel, 20 before libpcap applies a filter. 21 * `ps_drop` is the number of packets rejected by the filter. 22 * `ps_ifdrop` is the number of packets dropped by the network interface (as 23 seen via `SIOCGIFSTATS`) since the capture handle became active. 24 25 ## 64-bit x86 R1/beta4 26 27 * Autoconf 2.71 works. 28 * CMake 3.28.3 works. 29 * GCC 13.2.0 works. 30 * Clang 12.0.1 works with the latest llvm12_clang-12.0.1-5 version. 31 * flex 2.6.4 works. 32 * bison 3.8.2 works. 33 34 The following command will install respective non-default packages: 35 ``` 36 pkgman install cmake llvm12_clang 37 ``` 38 39 For reference, the tests were done using a system installed from 40 `haiku-r1beta4-x86_64-anyboot.iso`. 41 42 ## 32-bit x86 R1/beta4 43 44 * Autoconf 2.71 works. 45 * CMake 3.24.2 works. 46 * GCC 11.2.0 works. 47 * Clang does not work. 48 * flex 2.6.4 works. 49 * bison 3.0.5 works. 50 51 The following command will install respective non-default packages: 52 ``` 53 pkgman install cmake_x86 54 ``` 55 56 For reference, the tests were done using a system installed from 57 `haiku-r1beta4-x86_gcc2h-anyboot.iso`. 58
README.hpux
1 For HP-UX 11i (11.11) and later, there are no known issues with 2 promiscuous mode under HP-UX. If you are using a earlier version of 3 HP-UX and cannot upgrade, please continue reading. 4 5 HP-UX patches to fix packet capture problems 6 7 Note that packet-capture programs such as tcpdump may, on HP-UX, not be 8 able to see packets sent from the machine on which they're running. 9 Some articles on groups.google.com discussing this are: 10 11 https://groups.google.com/groups?selm=82ld3v%2480i%241%40mamenchi.zrz.TU-Berlin.DE 12 13 which says: 14 15 Newsgroups: comp.sys.hp.hpux 16 Subject: Re: Did someone made tcpdump working on 10.20 ? 17 Date: 12/08/1999 18 From: Lutz Jaenicke <jaenicke (a] emserv1.ee.TU-Berlin.DE> 19 20 In article <82ks5i$5vc$1 (a] news1.dti.ne.jp>, mtsat <mtsat (a] iris.dti.ne.jp> 21 wrote: 22 >Hello, 23 > 24 >I downloaded and compiled tcpdump3.4 a couple of week ago. I tried to use 25 >it, but I can only see incoming data, never outgoing. 26 >Someone (raj) explained me that a patch was missing, and that this patch 27 >must me "patched" (poked) in order to see outbound data in promiscuous mode. 28 >Many things to do .... So the question is : did someone has already this 29 >"ready to use" PHNE_**** patch ? 30 31 Two things: 32 1. You do need a late "LAN products cumulative patch" (e.g. PHNE_18173 33 for s700/10.20). 34 2. You must use 35 echo 'lanc_outbound_promisc_flag/W1' | /usr/bin/adb -w /stand/vmunix /dev/kmem 36 You can insert this e.g. into /sbin/init.d/lan 37 38 Best regards, 39 Lutz 40 41 and 42 43 http://groups.google.com/groups?selm=88cf4t%24p03%241%40web1.cup.hp.com 44 45 which says: 46 47 Newsgroups: comp.sys.hp.hpux 48 Subject: Re: tcpdump only shows incoming packets 49 Date: 02/15/2000 50 From: Rick Jones <foo (a] bar.baz.invalid> 51 52 Harald Skotnes <harald (a] cc.uit.no> wrote: 53 > I am running HPUX 11.0 on a C200 hanging on a 100Mb switch. I have 54 > compiled libpcap-0.4 an tcpdump-3.4 and it seems to work. But at a 55 > closer look I only get to see the incoming packets not the 56 > outgoing. I have tried tcpflow-0.12 which also uses libpcap and the 57 > same thing happens. Could someone please give me a hint on how to 58 > get this right? 59 60 Search/Read the archives ?-) 61 62 What you are seeing is expected, un-patched, behaviour for an HP-UX 63 system. On 11.00, you need to install the latest lancommon/DLPI 64 patches, and then the latest driver patch for the interface(s) in use. 65 At that point, a miracle happens and you should start seeing outbound 66 traffic. 67 68 [That article also mentions the patch that appears below.] 69 70 and 71 72 https://groups.google.com/groups?selm=38AA973E.96BE7DF7%40cc.uit.no 73 74 which says: 75 76 Newsgroups: comp.sys.hp.hpux 77 Subject: Re: tcpdump only shows incoming packets 78 Date: 02/16/2000 79 From: Harald Skotnes <harald (a] cc.uit.no> 80 81 Rick Jones wrote: 82 83 ... 84 85 > What you are seeing is expected, un-patched, behaviour for an HP-UX 86 > system. On 11.00, you need to install the latest lancommon/DLPI 87 > patches, and then the latest driver patch for the interface(s) in 88 > use. At that point, a miracle happens and you should start seeing 89 > outbound traffic. 90 91 Thanks a lot. I have this problem on several machines running HPUX 92 10.20 and 11.00. The machines where patched up before y2k so did not 93 know what to think. Anyway I have now installed PHNE_19766, 94 PHNE_19826, PHNE_20008, PHNE_20735 on the C200 and now I can see the 95 outbound traffic too. Thanks again. 96 97 (although those patches may not be the ones to install - there may be 98 later patches). 99 100 And another message to tcpdump-workers (a] tcpdump.org, from Rick Jones: 101 102 Date: Mon, 29 Apr 2002 15:59:55 -0700 103 From: Rick Jones 104 To: tcpdump-workers (a] tcpdump.org 105 Subject: Re: [tcpdump-workers] I Can't Capture the Outbound Traffic 106 107 ... 108 109 http://itrc.hp.com/ would be one place to start in a search for the most 110 up-to-date patches for DLPI and the lan driver(s) used on your system (I 111 cannot guess because 9000/800 is too generic - one hs to use the "model" 112 command these days and/or an ioscan command (see manpage) to guess what 113 the drivers (btlan[3456], gelan, etc) might be involved in addition to 114 DLPI. 115 116 Another option is to upgrade to 11i as outbound promiscuous mode support 117 is there in the base OS, no patches required. 118 119 Another posting: 120 121 https://groups.google.com/groups?selm=7d6gvn%24b3%241%40ocean.cup.hp.com 122 123 indicates that you need to install the optional STREAMS product to do 124 captures on HP-UX 9.x: 125 126 Newsgroups: comp.sys.hp.hpux 127 Subject: Re: tcpdump HP/UX 9.x 128 Date: 03/22/1999 129 From: Rick Jones <foo (a] bar.baz> 130 131 Dave Barr (barr (a] cis.ohio-state.edu) wrote: 132 : Has anyone ported tcpdump (or something similar) to HP/UX 9.x? 133 134 I'm reasonably confident that any port of tcpdump to 9.X would require 135 the (then optional) STREAMS product. This would bring DLPI, which is 136 what one uses to access interfaces in promiscuous mode. 137 138 I'm not sure that HP even sells the 9.X STREAMS product any longer, 139 since HP-UX 9.X is off the pricelist (well, maybe 9.10 for the old 68K 140 devices). 141 142 Your best bet is to be up on 10.20 or better if that is at all 143 possible. If your hardware is supported by it, I'd go with HP-UX 11. 144 If you want to see the system's own outbound traffic, you'll never get 145 that functionality on 9.X, but it might happen at some point for 10.20 146 and 11.X. 147 148 rick jones 149 150 (as per other messages cited here, the ability to see the system's own 151 outbound traffic did happen). 152 153 Rick Jones reports that HP-UX 11i needs no patches for outbound 154 promiscuous mode support. 155 156 An additional note, from Jost Martin, for HP-UX 10.20: 157 158 Q: How do I get [Wireshark] on HPUX to capture the _outgoing_ packets 159 of an interface 160 A: You need to get PHNE_20892,PHNE_20725 and PHCO_10947 (or 161 newer, this is as of 4.4.00) and its dependencies. Then you can 162 enable the feature as described below: 163 164 Patch Name: PHNE_20892 165 Patch Description: s700 10.20 PCI 100Base-T cumulative patch 166 To trace the outbound packets, please do the following 167 to turn on a global promiscuous switch before running 168 the promiscuous applications like snoop or tcpdump: 169 170 adb -w /stand/vmunix /dev/mem 171 lanc_outbound_promisc_flag/W 1 172 (adb will echo the result showing that the flag has 173 been changed) 174 $quit 175 (Thanks for this part to HP-support, Ratingen) 176 177 The attached hack does this and some security-related stuff 178 (thanks to hildeb (a] www.stahl.bau.tu-bs.de (Ralf Hildebrandt) who 179 posted the security-part some time ago) 180 181 <<hack_ip_stack>> 182 183 (Don't switch IP-forwarding off, if you need it !) 184 Install the hack as /sbin/init.d/hacl_ip_stack (adjust 185 permissions !) and make a sequencing-symlink 186 /sbin/rc2.d/S350hack_ip_stack pointing to this script. 187 Now all this is done on every reboot. 188 189 According to Rick Jones, the global promiscuous switch also has to be 190 turned on for HP-UX 11.00, but not for 11i - and, in fact, the switch 191 doesn't even exist on 11i. 192 193 Here's the "hack_ip_stack" script: 194 195 -----------------------------------Cut Here------------------------------------- 196 #!/sbin/sh 197 # 198 # nettune: hack kernel params for safety 199 200 OKAY=0 201 ERROR=-1 202 203 # /usr/contrib/bin fuer nettune auf Pfad 204 PATH=/sbin:/usr/sbin:/usr/bin:/usr/contrib/bin 205 export PATH 206 207 208 ########## 209 # main # 210 ########## 211 212 case $1 in 213 start_msg) 214 print "Tune IP-Stack for security" 215 exit $OKAY 216 ;; 217 218 stop_msg) 219 print "This action is not applicable" 220 exit $OKAY 221 ;; 222 223 stop) 224 exit $OKAY 225 ;; 226 227 start) 228 ;; # fall through 229 230 *) 231 print "USAGE: $0 {start_msg | stop_msg | start | stop}" >&2 232 exit $ERROR 233 ;; 234 esac 235 236 ########### 237 # start # 238 ########### 239 240 # 241 # tcp-Sequence-Numbers nicht mehr inkrementieren sondern random 242 # Syn-Flood-Protection an 243 # ip_forwarding aus 244 # Source-Routing aus 245 # Ausgehende Packets an ethereal/tcpdump etc. 246 247 /usr/contrib/bin/nettune -s tcp_random_seq 2 || exit $ERROR 248 /usr/contrib/bin/nettune -s hp_syn_protect 1 || exit $ERROR 249 /usr/contrib/bin/nettune -s ip_forwarding 0 || exit $ERROR 250 echo 'ip_block_source_routed/W1' | /usr/bin/adb -w /stand/vmunix /dev/kmem || exit $ERROR 251 echo 'lanc_outbound_promisc_flag/W 1' | adb -w /stand/vmunix /dev/mem || exit $ERROR 252 253 exit $OKAY 254 -----------------------------------Cut Here------------------------------------- 255
README.linux
1 Currently, libpcap supports packet capturing on Linux 2.6.27 and later; 2 earlier versions are not supported. 3 4 You must configure 2.6.x kernels with the CONFIG_PACKET_MMAP option for 5 this protocol. 3.x and later kernels do not require that. 6 7 Note that, by default, libpcap will, if libnl is present, build with it; 8 it uses libnl to support monitor mode on mac80211 devices. There is a 9 configuration option to disable building with libnl, but, if that option 10 is chosen, the monitor-mode APIs (as used by tcpdump's "-I" flag, and as 11 will probably be used by other applications in the future) won't work 12 properly on mac80211 devices. 13 14 Linux's run-time linker allows shared libraries to be linked with other 15 shared libraries, which means that if an older version of a shared 16 library doesn't require routines from some other shared library, and a 17 later version of the shared library does require those routines, the 18 later version of the shared library can be linked with that other shared 19 library and, if it's otherwise binary-compatible with the older version, 20 can replace that older version without breaking applications built with 21 the older version, and without breaking configure scripts or the build 22 procedure for applications whose configure script doesn't use the 23 pcap-config script if they build with the shared library. (The build 24 procedure for applications whose configure scripts use the pcap-config 25 script if present will not break even if they build with the static 26 library.) 27 28 Statistics: 29 Statistics reported by pcap are platform specific. The statistics 30 reported by pcap_stats on Linux are as follows: 31 32 ps_recv Number of packets that were accepted by the pcap filter 33 ps_drop Number of packets that had passed filtering but were not 34 passed on to pcap due to things like buffer shortage, etc. 35 This is useful because these are packets you are interested in 36 but won't be reported by, for example, tcpdump output. 37
README.macos
1 As with other systems using BPF, macOS allows users with read access to 2 the BPF devices to capture packets with libpcap and allows users with 3 write access to the BPF devices to send packets with libpcap. 4 5 On some systems that use BPF, the BPF devices live on the root file 6 system, and the permissions and/or ownership on those devices can be 7 changed to give users other than root permission to read or write those 8 devices. 9 10 On newer versions of FreeBSD, the BPF devices live on devfs, and devfs 11 can be configured to set the permissions and/or ownership of those 12 devices to give users other than root permission to read or write those 13 devices. 14 15 On macOS, the BPF devices live on devfs, but the macOS version of devfs 16 is based on an older (non-default) FreeBSD devfs, and that version of 17 devfs cannot be configured to set the permissions and/or ownership of 18 those devices. 19 20 Therefore, we supply: 21 22 a "startup item" for older versions of macOS; 23 24 a launchd daemon for Tiger and later versions of macOS; 25 26 Both of them will change the ownership of the BPF devices so that the 27 "admin" group owns them, and will change the permission of the BPF 28 devices to rw-rw----, so that all users in the "admin" group - i.e., all 29 users with "Allow user to administer this computer" turned on - have 30 both read and write access to them. 31 32 The startup item is in the ChmodBPF directory in the source tree. A 33 /Library/StartupItems directory should be created if it doesn't already 34 exist, and the ChmodBPF directory should be copied to the 35 /Library/StartupItems directory (copy the entire directory, so that 36 there's a /Library/StartupItems/ChmodBPF directory, containing all the 37 files in the source tree's ChmodBPF directory; don't copy the individual 38 items in that directory to /Library/StartupItems). The ChmodBPF 39 directory, and all files under it, must be owned by root. Installing 40 the files won't immediately cause the startup item to be executed; it 41 will be executed on the next reboot. To change the permissions before 42 the reboot, run 43 44 sudo SystemStarter start ChmodBPF 45 46 The launchd daemon is the chmod_bpf script, plus the 47 org.tcpdump.chmod_bpf.plist launchd plist file. chmod_bpf should be 48 installed in /usr/local/bin/chmod_bpf, and org.tcpdump.chmod_bpf.plist 49 should be installed in /Library/LaunchDaemons. chmod_bpf, and 50 org.tcpdump.chmod_bpf.plist, must be owned by root. Installing the 51 script and plist file won't immediately cause the script to be executed; 52 it will be executed on the next reboot. To change the permissions 53 before the reboot, run 54 55 sudo /usr/local/bin/chmod_bpf 56 57 or 58 59 sudo launchctl load /Library/LaunchDaemons/org.tcpdump.chmod_bpf.plist 60 61 If you want to give a particular user permission to access the BPF 62 devices, rather than giving all administrative users permission to 63 access them, you can have the ChmodBPF/ChmodBPF script change the 64 ownership of /dev/bpf* without changing the permissions. If you want to 65 give a particular user permission to read and write the BPF devices and 66 give the administrative users permission to read but not write the BPF 67 devices, you can have the script change the owner to that user, the 68 group to "admin", and the permissions to rw-r-----. Other possibilities 69 are left as an exercise for the reader. 70 71 (NOTE: due to a bug in Snow Leopard, if you change the permissions not 72 to grant write permission to everybody who should be allowed to capture 73 traffic, non-root users who cannot open the BPF devices for writing will 74 not be able to capture outgoing packets.) 75
README.septel
1 The following instructions apply if you have a Linux platform and want 2 libpcap to support the Septel range of passive network monitoring cards 3 from Intel (https://www.intel.com) 4 5 1) Install and build the Septel software distribution by following the 6 instructions supplied with that package. 7 8 2) Configure libcap. To allow the 'configure' script to locate the Septel 9 software distribution use the '--with-septel' option: 10 11 ./configure --with-septel=DIR 12 13 where DIR is the root of the Septel software distribution, for example 14 /var/src/septel. 15 16 By default (if you write only ./configure --with-septel) it takes 17 ./../septel as argument for DIR. 18 19 If the Septel software is correctly detected 'configure' will 20 report: 21 22 checking whether we have Septel API... yes 23 24 If 'configure' reports that there is no Septel API, the directory may have been 25 incorrectly specified or the Septel software was not built before configuring 26 libpcap. 27 28 See also the libpcap INSTALL.md file for further libpcap configuration 29 options. 30 31 Building libpcap at this stage will include support for both the native 32 packet capture stream and for capturing from Septel cards. To build 33 libpcap with only Septel support specify the capture type as 'septel' 34 when configuring libpcap: 35 36 ./configure --with-septel=DIR --with-pcap=septel 37 38 Applications built with libpcap configured in this way will only detect Septel 39 cards and will not capture from the native OS packet stream. 40 41 Note: As mentioned in pcap-septel.c we should first edit the system.txt 42 file to change the user part example (UPE) module id to 0xdd instead of 43 0x2d for technical reason. So this change in system.txt is crucial and 44 things will go wrong if it's not done. System.txt along with config.txt 45 are configuration files that are edited by the user before running the 46 gctload program that uses these files for initialising modules and 47 configuring parameters. 48 49 ---------------------------------------------------------------------- 50 for more information please contact me : gil_hoyek (a] hotmail.com 51
README.sita
1 NOTE: this is not currently supported; the configure script doesn't 2 support --with-sita, and CMake doesn't support enabling SITA ACN 3 support. The code currently does not compile; it should really be 4 implemented as an additional remote capture mechanism, using a URL, 5 rather than as a separate version of libpcap that supports only the ACN 6 product, but the infrastructure for that isn't yet available. 7 8 The following instructions apply if you have a Linux platform and want 9 libpcap to support the 'ACN' WAN/LAN router product from SITA 10 (https://www.sita.aero) 11 12 This might also work on non-Linux Unix-compatible platforms, but that 13 has not been tested. 14 15 See also the libpcap INSTALL.md file for further libpcap configuration 16 options. 17 18 These additions/extensions have been made to PCAP to allow it to 19 capture packets from a SITA ACN device (and potentially others). 20 21 To enable its support you need to ensure that the distribution has 22 a correct configure.ac file; that can be created if necessary by 23 using the normal autoconf procedure of: 24 25 aclocal 26 autoconf 27 autoheader 28 automake 29 30 Then run configure with the 'sita' option: 31 32 ./configure --with-sita 33 34 Applications built with libpcap configured in this way will only detect SITA 35 ACN interfaces and will not capture from the native OS packet stream. 36 37 The SITA extension provides a remote datascope operation for capturing 38 both WAN and LAN protocols. It effectively splits the operation of 39 PCAP into two halves. The top layer performs the majority of the 40 work, but interfaces via a TCP session to remote agents that 41 provide the lower layer functionality of actual sniffing and 42 filtering. More detailed information regarding the functions and 43 inter-device protocol and naming conventions are described in detail 44 in 'pcap-sita.html'. 45 46 pcap_findalldevs() reads the local system's /etc/hosts file looking 47 for host names that match the format of IOP type devices. ie. aaa_I_x_y 48 and then queries each associated IP address for a list of its WAN and 49 LAN devices. The local system the aggregates the lists obtained from 50 each IOP, sorts it, and provides it (to Wireshark et.al) as the 51 list of monitorable interfaces. 52 53 Once a valid interface has been selected, pcap_open() is called 54 which opens a TCP session (to a well known port) on the target IOP 55 and tells it to start monitoring. 56 57 All captured packets are then forwarded across that TCP session 58 back to the local 'top layer' for forwarding to the actual 59 sniffing program (wireshark...) 60 61 Note that the DLT_SITA link-layer type includes a proprietary header 62 that is documented as part of the SITA dissector of Wireshark and is 63 also described in 'pcap-sita.html' for posterity sake. 64 65 That header provides: 66 - Packet direction (in/out) (1 octet) 67 - Link layer hardware signal status (1 octet) 68 - Transmit/Receive error status (2 octets) 69 - Encapsulated WAN protocol ID (1 octet) 70 71 72
README.solaris.md
1 # Compiling libpcap on Solaris and related OSes 2 3 * Autoconf works everywhere. 4 * Neither Solaris lex nor Solaris yacc are suitable. 5 * Neither illumos lex nor illumos yacc are suitable. 6 * Solaris m4 and illumos m4 are suitable. 7 8 ## OmniOS r151042/AMD64 9 10 * flex 2.6.4 and GNU Bison 3.8.2 work. 11 * CMake 3.23.1 works. 12 * GCC 11.2.0 and Clang 14.0.3 work. 13 14 ## OpenIndiana 2021.04/AMD64 15 16 * flex 2.6.4 and GNU Bison 3.7.6 work. 17 * CMake 3.21.1 works. 18 * GCC 7.5.0 and GCC 10.3.0 work, Clang 9.0.1 works. 19 20 For reference, the tests were done using a system installed from 21 `OI-hipster-text-20210430.iso` plus the following packages: 22 ```shell 23 xargs -L1 pkg install <<ENDOFTEXT 24 developer/build/autoconf 25 developer/parser/bison 26 developer/lexer/flex 27 developer/build/cmake 28 developer/gcc-10 29 developer/clang-90 30 ENDOFTEXT 31 ``` 32 33 ## Solaris 11/AMD64 34 35 * flex 2.6.4 and GNU Bison 3.7.3 work. 36 * CMake 3.21.0 works. 37 * Clang 11.0 works, GCC 11.2 works. 38 39 For reference, the tests were done using Oracle Solaris 11.4.42.111.0. 40 41 ## Solaris 11/SPARC 42 43 * flex 2.6.4 and GNU Bison 3.7.1 work. 44 * CMake 3.14.3 works. 45 * Sun C 5.13, Sun C 5.14 and Sun C 5.15 work; GCC 5.5.0 and GCC 7.3.0 work. 46 47 ## Solaris 10/SPARC 48 49 * libpcap build fails with rpcapd enabled. 50 * flex 2.6.4 and GNU Bison 3.7.1 work. 51 * CMake 3.14.3 works. 52 * Sun C 5.13 works, GCC 5.5.0 works. 53 54 ## Solaris 9/SPARC 55 56 * flex 2.5.35 and GNU Bison 3.0.2 work. 57 * CMake 2.8.9 does not work. 58 * Neither Sun C 5.8 nor Sun C 5.9 work, GCC 4.6.4 works. 59
README.windows.md
1 Building libpcap on Windows with Visual Studio 2 ============================================== 3 4 Unlike the UN*Xes on which libpcap can capture network traffic, Windows 5 has no network traffic capture mechanism that libpcap can use. 6 Therefore, libpcap requires a driver, and a library to access the 7 driver, provided by the Npcap or WinPcap projects. 8 9 Those projects include versions of libpcap built to use that driver and 10 library; these instructions are for people who want to build libpcap 11 source releases, or libpcap from the Git repository, as a replacement 12 for the version provided with Npcap or WinPcap. 13 14 Npcap and WinPcap SDK 15 --------------------- 16 17 In order to build libpcap, you will need to download Npcap and its 18 software development kit (SDK) or WinPcap and its software development 19 kit. 20 21 Npcap is currently being developed and maintained, and offers many 22 additional capabilities that WinPcap does not. 23 24 WinPcap is no longer being developed or maintained; it should be used 25 only if there is some other requirement to use it rather than Npcap, 26 such as a requirement to support versions of Windows earlier than 27 Windows Vista, which is the earliest version supported by Npcap. 28 29 Npcap and its SDK can be downloaded from its home page: 30 31 https://npcap.com 32 33 The SDK is a ZIP archive; create a folder on your C: drive, e.g. 34 C:\npcap-sdk, and put the contents of the ZIP archive into that folder. 35 36 The WinPcap installer can be downloaded from 37 38 https://www.winpcap.org/install/default.htm 39 40 and the WinPcap Developer's Kit can be downloaded from 41 42 https://www.winpcap.org/devel.htm 43 44 Required build tools 45 -------------------- 46 47 The Developer's Kit is a ZIP archive; it contains a folder named 48 WpdPack, which you should place on your C: drive, e.g. C:\WpdPack. 49 50 Building libpcap on Windows requires Visual Studio 2015 or later. The 51 Community Edition of Visual Studio can be downloaded at no cost from 52 53 https://visualstudio.microsoft.com 54 55 Additional tools are also required. Chocolatey is a package manager for 56 Windows with which those tools, and other tools, can be installed; it 57 can be downloaded from 58 59 https://chocolatey.org 60 61 It is a command-line tool; a GUI tool, Chocolatey GUI, is provided as a 62 Chocolatey package, which can be installed from the command line: 63 64 choco install chocolateygui 65 66 For convenience, the "choco install" command can be run with the "-y" 67 flag, forcing it to automatically answer all questions asked of the user 68 with "yes": 69 70 choco install -y chocolateygui 71 72 The required tools are: 73 74 ### CMake ### 75 76 libpcap does not provide supported project files for Visual Studio 77 (there are currently unsupported project files provided, but we do not 78 guarantee that they will work or that we will continue to provide them). 79 It does provide files for CMake, which is a cross-platform tool that 80 runs on UN*Xes and on Windows and that can generate project files for 81 UN*X Make, the Ninja build system, and Visual Studio, among other build 82 systems. 83 84 Visual Studio 2015 does not provide CMake; an installer can be 85 downloaded from 86 87 https://cmake.org/download/ 88 89 When you run the installer, you should choose to add CMake to the system 90 PATH for all users and to create the desktop icon. 91 92 CMake can also be installed as the Chocolatey package "cmake": 93 94 choco install -y cmake 95 96 Visual Studio 2017 and later provide CMake, so you will not need to 97 install CMake if you have installed Visual Studio 2017 or later. They 98 include built-in support for CMake-based projects: 99 100 https://devblogs.microsoft.com/cppblog/cmake-support-in-visual-studio/ 101 102 For Visual Studio 2017, make sure "Visual C++ tools for CMake" is 103 installed; for Visual Studio 2019, make sure "C++ CMake tools for 104 Windows" is installed. 105 106 ### winflexbison ### 107 108 libpcap uses the Flex lexical-analyzer generator and the Bison or 109 Berkeley YACC parser generators to generate the parser for filter 110 expressions. Windows versions of Flex and Bison can be downloaded from 111 112 https://sourceforge.net/projects/winflexbison/ 113 114 The downloaded file is a ZIP archive; create a folder on your C: drive, 115 e.g. C:\Program Files\winflexbison, and put the contents of the ZIP 116 archive into that folder. Then add that folder to the system PATH 117 environment variable. 118 119 Git 120 --- 121 122 An optional tool, required only if you will be building from a Git 123 repository rather than from a release source tarball, is Git. Git is 124 provided as an optional installation component, "Git for Windows", with 125 Visual Studio 2017 and later. 126 127 Building from the Visual Studio GUI 128 ----------------------------------- 129 130 ### Visual Studio 2017 ### 131 132 Open the folder containing the libpcap source with Open > Folder. 133 Visual Studio will run CMake; however, you will need to indicate where 134 the Npcap or WinPcap SDK is installed. 135 136 To do this, go to Project > "Change CMake Settings" > pcap and: 137 138 Choose which configuration type to build, if you don't want the default 139 Debug build. 140 141 In the CMakeSettings.json tab, change cmakeCommandArgs to include 142 143 -DPacket_ROOT={path-to-sdk} 144 145 where {path-to-sdk} is the path of the directory containing the Npcap or 146 WinPcap SDK. Note that backslashes in the path must be specified as two 147 backslashes. 148 149 Save the configuration changes with File > "Save CMakeSettings.json" or 150 with control-S. 151 152 Visual Studio will then re-run CMake. If that completes without errors, 153 you can build with CMake > "Build All". 154 155 ### Visual Studio 2019 ### 156 157 Open the folder containing the libpcap source with Open > Folder. 158 Visual Studio will run CMake; however, you will need to indicate where 159 the Npcap or WinPcap SDK is installed. 160 161 To do this, go to Project > "CMake Settings for pcap" and: 162 163 Choose which configuration type to build, if you don't want the default 164 Debug build. 165 166 Scroll down to "Cmake variables and cache", scroll through the list 167 looking for the entry for Packet_ROOT, and either type in the path of 168 the directory containing the Npcap or WinPcap SDK or use the "Browse..." 169 button to browse for that directory. 170 171 Save the configuration changes with File > "Save CMakeSettings.json" or 172 with control-S. 173 174 Visual Studio will then re-run CMake. If that completes without errors, 175 you can build with Build > "Build All". 176 177 Building from the command line 178 ------------------------------ 179 180 Start the appropriate Native Tools command line prompt. 181 182 Change to the directory into which you want to build libpcap, possibly 183 after creating it first. One choice is to create it as a subdirectory 184 of the libpcap source directory. 185 186 Run the command 187 188 cmake "-DPacket_ROOT={path-to-sdk}" {path-to-libpcap-source} 189 190 where {path-to-sdk} is the path of the directory containing the Npcap or 191 WinPcap SDK and {path-to-libpcap-source} is the pathname of the 192 top-level source directory for libpcap. 193 194 Run the command 195 196 msbuild/m pcap.sln 197 198 to compile libpcap. 199
Indexes created Tue Feb 24 08:35:24 UTC 2026