1# tcpdump installation notes 2If you have not built libpcap, and your system does not have libpcap 3installed, install libpcap first. Your system might provide a version 4of libpcap that can be installed; if so, to compile tcpdump you might 5need to install a "developer" version of libpcap as well as the 6"run-time" version. You can also install The Tcpdump Group version of 7libpcap; see [this file](README.md) for the location. 8 9You will need a C99 compiler to build tcpdump. The build system 10will abort if your compiler is not C99 compliant. If this happens, use 11the generally available GNU C compiler (GCC) or Clang. 12 13After libpcap has been built (either install it with `make install` or 14make sure both the libpcap and tcpdump source trees are in the same 15directory), do the following steps: 16 17* If you build from a git clone rather than from a release archive, 18run `./autogen.sh` (a shell script). The autogen.sh script will 19build the `configure` and `config.h.in` files. 20 21On some system, you may need to set the `AUTORECONF` variable, like: 22`AUTORECONF=autoreconf-2.69 ./autogen.sh` 23to select the `autoreconf` version you want to use. 24 25* Run `./configure` (a shell script). The configure script will 26determine your system attributes and generate an appropriate `Makefile` 27from `Makefile.in`. The configure script has a number of options to 28control the configuration of tcpdump; `./configure --help` will show 29them. 30 31* Next, build tcpdump by running `make`. 32 33On OpenBSD, you may need to set, before the `make`, the `AUTOCONF_VERSION` 34variable like: 35`AUTOCONF_VERSION=2.69 make` 36 37If everything builds fine, `su` and type `make install`. This will install 38tcpdump and the manual entry. Any user will be able to use tcpdump to 39read saved captures. Whether a user will be able to capture traffic 40depends on the OS and the configuration of the system; see the 41[tcpdump man page](https://www.tcpdump.org/manpages/tcpdump.1.html) 42for details. Do **NOT** give untrusted users the ability to 43capture traffic. If a user can capture traffic, he or she could use 44utilities such as tcpdump to capture any traffic on your net, including 45passwords. 46 47Note that most systems ship tcpdump, but usually an older version. 48Building tcpdump from source as explained above will usually install the 49binary as `/usr/local/bin/tcpdump`. If your system has other tcpdump 50binaries, you might need to deinstall these or to set the `PATH` environment 51variable if you need the `tcpdump` command to run the new binary 52(`tcpdump --version` can be used to tell different versions apart). 53 54If your system is not one that we have tested tcpdump on, you may have 55to modify the `configure` script and `Makefile.in`. Please 56[send us patches](https://www.tcpdump.org/index.html#patches) 57for any modifications you need to make. 58 59Please see [this file](README.md) for notes about tested platforms. 60 61 62## Description of files 63``` 64CHANGES - description of differences between releases 65CONTRIBUTING.md - guidelines for contributing 66CREDITS - people that have helped tcpdump along 67INSTALL.md - this file 68LICENSE - the license under which tcpdump is distributed 69Makefile.in - compilation rules (input to the configure script) 70README.md - description of distribution 71VERSION - version of this release 72aclocal.m4 - autoconf macros 73addrtoname.c - address to hostname routines 74addrtoname.h - address to hostname definitions 75addrtostr.c - address to printable string routines 76addrtostr.h - address to printable string definitions 77ah.h - IPSEC Authentication Header definitions 78appletalk.h - AppleTalk definitions 79ascii_strcasecmp.c - locale-independent case-independent string comparison 80 routines 81atime.awk - TCP ack awk script 82atm.h - ATM traffic type definitions 83autogen.sh - build configure and config.h.in (run this first) 84bpf_dump.c - BPF program printing routines, in case libpcap doesn't 85 have them 86chdlc.h - Cisco HDLC definitions 87cpack.c - functions to extract packed data 88cpack.h - declarations of functions to extract packed data 89config.guess - autoconf support 90config.sub - autoconf support 91configure.ac - configure script source 92doc/README.* - some building documentation 93ethertype.h - Ethernet type value definitions 94extract.h - alignment definitions 95gmpls.c - GMPLS definitions 96gmpls.h - GMPLS declarations 97install-sh - BSD style install script 98interface.h - globals, prototypes and definitions 99ip.h - IP definitions 100ip6.h - IPv6 definitions 101ipproto.c - IP protocol type value-to-name table 102ipproto.h - IP protocol type value definitions 103l2vpn.c - L2VPN encapsulation value-to-name table 104l2vpn.h - L2VPN encapsulation definitions 105lbl/os-*.h - OS-dependent defines and prototypes 106llc.h - LLC definitions 107machdep.c - machine dependent routines 108machdep.h - machine dependent definitions 109makemib - mib to header script 110mib.h - mib definitions 111missing/* - replacements for missing library functions 112ntp.c - functions to handle ntp structs 113ntp.h - declarations of functions to handle ntp structs 114mkdep - construct Makefile dependency list 115mpls.h - MPLS definitions 116nameser.h - DNS definitions 117netdissect.h - definitions and declarations for tcpdump-as-library 118 (under development) 119nfs.h - Network File System V2 definitions 120nfsfh.h - Network File System file handle definitions 121nlpid.c - OSI NLPID value-to-name table 122nlpid.h - OSI NLPID definitions 123ospf.h - Open Shortest Path First definitions 124packetdat.awk - TCP chunk summary awk script 125parsenfsfh.c - Network File System file parser routines 126pcap-missing.h - declarations of functions possibly missing from libpcap 127ppp.h - Point to Point Protocol definitions 128print.c - Top-level routines for protocol printing 129print-*.c - The netdissect printers 130rpc_auth.h - definitions for ONC RPC authentication 131rpc_msg.h - definitions for ONC RPC messages 132send-ack.awk - unidirectional tcp send/ack awk script 133slcompress.h - SLIP/PPP Van Jacobson compression (RFC1144) definitions 134smb.h - SMB/CIFS definitions 135smbutil.c - SMB/CIFS utility routines 136stime.awk - TCP send awk script 137tcp.h - TCP definitions 138tcpdump.1 - manual entry 139tcpdump.c - main program 140timeval-operations.h - timeval operations macros 141udp.h - UDP definitions 142util-print.c - utility routines for protocol printers 143``` 144