New tcpdump and Berkeley Packet Filter available for anonymous ftp

[tcpdump at ee.lbl.gov]

A new release of tcpdump, 2.0, is now available for anonymous ftp
from ftp.ee.lbl.gov.  This version should run on almost any BSD
(or BSD-like) system, not just on Suns.  It has been tested on:

   - Sun OS 3.x & 4.x on Sun-3s & Sun-4s
   - HP 9000/3xx's running Utah's 4.3BSD.
   - Ultrix on Vaxes & DECstations (Ultrix support courtesy of Jeff
     Mogul of DECWRL)
   - IBM RT's (enetfilter support courtesy of Rayan Zachariassen of CA*Net).

In addition, this release includes a new, portable, kernel packet
capture/filter system, the Berkeley Packet Filter (BPF).  BPF is similar
to the `enet' filter distributed with 4.3BSD but is substantially more
efficient.  It is also a (vastly more efficient) alternative to the
`Streams' NIT abortion in Sun OS 4 that, unlike NIT, lets you monitor
your own outbound traffic.  Both tcpdump and BPF are available via
anonymous ftp from ftp.ee.lbl.gov (128.3.254.68), in the compressed 
tarchive tcpdump-2.0.tar.Z.  (Remember to set binary mode.)

Here is a teaser from the README:

 - A packet dumper has been added (thanks to Jeff Mogul of DECWRL). 
   With this option, you can create an architecture independent binary 
   trace file in real time, without the overhead of the packet printer.  
   At a later time, the packets can be filtered (again) and printed.

 - BSD is supported.  You must install BPF in your kernel.  
   Since the filtering is now done in the kernel, fewer packets are
   dropped.  In fact, with BPF and the packet dumper option, a measly
   Sun 3/50 can keep up with a busy network.

 - Compressed SLIP packets can now be dumped, provided you use our
   (soon to be released) SLIP software and BPF.  These packets are 
   dumped as any other IP packet; the compressed headers are dumped 
   with the '-e' option.

 - Tcpdump is smarter about choosing an interface.  Without '-i', the
   system interface list is searched for the lowest numbered, "interesting"
   network interface.

 - Machines with little-endian byte ordering are supported (thanks to
   Jeff Mogul).

 - Ultrix is supported (also thanks to Jeff Mogul).

 - IBM RT and Stanford Enetfilter support has been added by
   Rayan Zachariassen <rayan at canet.ca>.  Tcpdump has been tested under
   both the vanilla enetfilter interface, and the extended interface 
   present in the MERIT version of the enetfilter.

 - TFTP packets are now printed (requests only).

 - BOOTP packets are now printed.

 - SNMP packets are now printed (thanks to John LoVerso of Xylogics).

Problems, bugs, questions, desirable enhancements, etc., should be sent
to the email address "tcpdump at ee.lbl.gov".  We welcome all such feedback.

 - Steve McCanne (mccanne at ee.lbl.gov)
   Craig Leres (leres at ee.lbl.gov)
   Van Jacobson (van at ee.lbl.gov)