1# tcpdump installation notes 2If you have not built libpcap, and your system does not have libpcap 3installed, install libpcap first. Your system might provide a version 4of libpcap that can be installed; if so, to compile tcpdump you might 5need to install a "developer" version of libpcap as well as the 6"run-time" version. You can also install tcpdump.org's version of 7libpcap; see [this file](README.md) for the location. 8 9You will need a C99 compiler to build tcpdump. The build system 10will abort if your compiler is not C99 compliant. If this happens, use 11the generally available GNU C compiler (GCC) or Clang. 12 13After libpcap has been built (either install it with `make install` or 14make sure both the libpcap and tcpdump source trees are in the same 15directory), run `./configure` (a shell script). `configure` will 16determine your system attributes and generate an appropriate `Makefile` 17from `Makefile.in`. Now build tcpdump by running `make`. 18 19If everything builds ok, `su` and type `make install`. This will install 20tcpdump and the manual entry. Any user will be able to use tcpdump to 21read saved captures. Whether a user will be able to capture traffic 22depends on the OS and the configuration of the system; see the 23[tcpdump man page](https://www.tcpdump.org/manpages/tcpdump.1.html) 24for details. DO NOT give untrusted users the ability to 25capture traffic. If a user can capture traffic, he or she could use 26utilities such as tcpdump to capture any traffic on your net, including 27passwords. 28 29Note that most systems ship tcpdump, but usually an older version. 30Building tcpdump from source as explained above will usually install the 31binary as `/usr/local/bin/tcpdump`. If your system has other tcpdump 32binaries, you might need to deinstall these or to set the PATH environment 33variable if you need the `tcpdump` command to run the new binary 34(`tcpdump --version` can be used to tell different versions apart). 35 36If your system is not one which we have tested tcpdump on, you may have 37to modify the `configure` script and `Makefile.in`. Please 38[send us patches](https://www.tcpdump.org/index.html#patches) 39for any modifications you need to make. 40 41Please see [this file](README.md) for notes about tested platforms. 42 43 44## Description of files 45``` 46CHANGES - description of differences between releases 47CONTRIBUTING.md - guidelines for contributing 48CREDITS - people that have helped tcpdump along 49INSTALL.md - this file 50LICENSE - the license under which tcpdump is distributed 51Makefile.in - compilation rules (input to the configure script) 52README.md - description of distribution 53VERSION - version of this release 54aclocal.m4 - autoconf macros 55addrtoname.c - address to hostname routines 56addrtoname.h - address to hostname definitions 57addrtostr.c - address to printable string routines 58addrtostr.h - address to printable string definitions 59ah.h - IPSEC Authentication Header definitions 60appletalk.h - AppleTalk definitions 61ascii_strcasecmp.c - locale-independent case-independent string comparison 62 routines 63atime.awk - TCP ack awk script 64atm.h - ATM traffic type definitions 65bpf_dump.c - BPF program printing routines, in case libpcap doesn't 66 have them 67chdlc.h - Cisco HDLC definitions 68cpack.c - functions to extract packed data 69cpack.h - declarations of functions to extract packed data 70config.guess - autoconf support 71config.h.in - autoconf input 72config.sub - autoconf support 73configure - configure script (run this first) 74configure.ac - configure script source 75doc/README.* - some building documentation 76ethertype.h - Ethernet type value definitions 77extract.h - alignment definitions 78gmpls.c - GMPLS definitions 79gmpls.h - GMPLS declarations 80install-sh - BSD style install script 81interface.h - globals, prototypes and definitions 82ip.h - IP definitions 83ip6.h - IPv6 definitions 84ipproto.c - IP protocol type value-to-name table 85ipproto.h - IP protocol type value definitions 86l2vpn.c - L2VPN encapsulation value-to-name table 87l2vpn.h - L2VPN encapsulation definitions 88lbl/os-*.h - OS-dependent defines and prototypes 89llc.h - LLC definitions 90machdep.c - machine dependent routines 91machdep.h - machine dependent definitions 92makemib - mib to header script 93mib.h - mib definitions 94missing/* - replacements for missing library functions 95ntp.c - functions to handle ntp structs 96ntp.h - declarations of functions to handle ntp structs 97mkdep - construct Makefile dependency list 98mpls.h - MPLS definitions 99nameser.h - DNS definitions 100netdissect.h - definitions and declarations for tcpdump-as-library 101 (under development) 102nfs.h - Network File System V2 definitions 103nfsfh.h - Network File System file handle definitions 104nlpid.c - OSI NLPID value-to-name table 105nlpid.h - OSI NLPID definitions 106ospf.h - Open Shortest Path First definitions 107packetdat.awk - TCP chunk summary awk script 108parsenfsfh.c - Network File System file parser routines 109pcap-missing.h - declarations of functions possibly missing from libpcap 110ppp.h - Point to Point Protocol definitions 111print.c - Top-level routines for protocol printing 112print-*.c - The netdissect printers 113rpc_auth.h - definitions for ONC RPC authentication 114rpc_msg.h - definitions for ONC RPC messages 115send-ack.awk - unidirectional tcp send/ack awk script 116slcompress.h - SLIP/PPP Van Jacobson compression (RFC1144) definitions 117smb.h - SMB/CIFS definitions 118smbutil.c - SMB/CIFS utility routines 119stime.awk - TCP send awk script 120tcp.h - TCP definitions 121tcpdump.1 - manual entry 122tcpdump.c - main program 123timeval-operations.h - timeval operations macros 124udp.h - UDP definitions 125util-print.c - utility routines for protocol printers 126``` 127