4 Ethereal - Interactively browse network traffic
9 S<[ B<-B> byte view height ]>
10 S<[ B<-b> bold font ]>
13 S<[ B<-f> filter expression ]>
15 S<[ B<-i> interface ]>
19 S<[ B<-P> packet list height ]>
22 S<[ B<-R> filter expression ]>
25 S<[ B<-T> tree view height ]>
26 S<[ B<-t> time stamp format ]>
32 B<Ethereal> is a GUI network protocol analyzer. It lets you
33 interactively browse packet data from a live network or from a
34 previously saved capture file. B<Ethereal> knows how to read B<libpcap>
35 capture files, including those of B<tcpdump>. In addition, B<Ethereal>
36 can read capture files from B<snoop> (including B<Shomiti>) and
37 B<atmsnoop>, B<LanAlyzer>, uncompressed B<Sniffer>, Microsoft B<Network
38 Monitor>, AIX's B<iptrace>, B<NetXray>, B<Sniffer Pro>, B<RADCOM>'s
39 WAN/LAN analyzer, B<Lucent/Ascend> router debug output, HP-UX's
40 B<nettl>, the dump output from B<Toshiba's> ISDN routers, and
41 B<i4btrace> from the ISDN4BSD project. There is no need to tell
42 B<Ethereal> what type of file you are reading; it will determine the
43 file type by itself. B<Ethereal> is also capable of reading any of
44 these file formats if they are compressed using gzip. B<Ethereal>
45 recognizes this directly from the file; the '.gz' extension is not
46 required for this purpose.
48 Like other protocol analyzers, B<Ethereal>'s main window shows 3 views
49 of a packet. It shows a summary line, briefly describing what the
50 packet is. A protocol tree is shown, allowing you to drill down to
51 exact protocol or field that you interested in. Finally, a hex dump
52 shows you exactly what the packet looks like when it goes over the wire.
54 In addition, B<Ethereal> has some features that make it unique. It can
55 assemble all the packets in a TCP conversation and show you the ASCII
56 (or EBCDIC) data in that conversation. Display filters in B<Ethereal>
57 are very powerful; more fields are filterable in B<Ethereal> than in other
58 protocol analyzers, and the syntax you can use to create your filters is
59 richer. As B<Ethereal> progresses, expect more and more protocol fields to
60 be allowed in display filters.
62 Packet capturing is performed with the pcap library. The capture filter
63 syntax follows the rules of the pcap library. This syntax is different
64 from the display filter syntax.
66 Compressed file support uses (and therefore requires) the zlib library.
67 If the zlib library is not present, B<Ethereal> will compile, but will
68 be unable to read compressed files.
76 Sets the initial height of the byte view (bottom) pane.
80 Sets the name of the bold font used for the data in the byte view
81 pane that corresponds to the field selected in the protocol tree pane.
85 Sets the default number of packets to read when capturing live
90 Turns off treating the original IPv4 TOS field as the Differentiated
91 Services Field. The structure of the DS Field is defined in RFC 2474.
95 Sets the capture filter expression.
99 Prints the version and options and exits.
103 Sets the name of the network interface to use for live packet capture.
104 It should match one of the names listed in "B<netstat -i>" or
109 Starts the capture session immediately. If the B<-i> flag was
110 specified, the capture uses the specified interface. Otherwise,
111 B<Ethereal> searches the list of interfaces, choosing the first
112 non-loopback interface if there are any non-loopback interfaces, and
113 choosing the first loopback interface if there are no non-loopback
114 interfaces; if there are no interfaces, B<Ethereal> reports an error and
115 doesn't start the capture.
119 Sets the name of the font used by B<Ethereal> for most text.
123 Disables network object name resolution (such as hostname, TCP and UDP port
128 Sets the initial height of the packet list (top) pane.
132 Causes B<Ethereal> to exit after the end of capture session (useful in
133 batch mode with B<-c> option for instance); this option requires the
134 B<-i> and B<-w> parameters.
138 Reads packet data from I<file>.
142 When reading a capture file specified with the B<-r> flag, causes the
143 specified filter (which uses the syntax of display filters, rather than
144 that of capture filters) to be applied to all packets read from the
145 capture file; packets not matching the filter are discarded.
149 Specifies that the live packet capture will be performed in a separate
150 process, and that the packet display will automatically be updated as
155 Sets the default snapshot length to use when capturing live data.
156 No more than I<snaplen> bytes of each network packet will be read into
157 memory, or saved to disk.
161 Sets the initial height of the tree view (middle) pane.
165 Sets the format of the packet timestamp displayed in the packet list
166 window. The format can be one of 'r' (relative), 'a' (absolute), or 'd'
167 (delta). The relative time is the time elapsed between the first packet
168 and the current packet. The absolute time is the actual date and time the
169 packet was captured. The delta time is the time since the previous packet
170 was captured. The default is relative.
174 Prints the version and exits.
178 Sets the default capture file name.
188 =item File:Open, File:Close, File:Reload
190 Open, close, or reload a capture file. The I<File:Open> dialog box
191 allows a filter to be specified; when the capture file is read, the
192 filter is applied to all packets read from the file, and packets not
193 matching the filter are discarded.
195 =item File:Save, File:Save As
197 Save the current capture, or the packets currently displayed from that
198 capture, to a file. A check box lets you select whether to save all
199 packets, or just those that have passed the current display filter, and
200 an option menu lets you select (from a list of file formats in which at
201 particular capture, or the packets currently displayed from that
202 capture, can be saved), a file format in which to save it.
206 Prints, for all the packets in the current capture, either the summary
207 line for the packet or the protocol tree view of the packet; when
208 printing the protocol tree view, the hex dump of the packet can be
209 printed as well. Printing options can be set with the
210 I<Edit:Preferences> menu item, or in the dialog box popped up by this
213 =item File:Print Packet
215 Print a fully-expanded protocol tree view of the currently-selected
216 packet. Printing options can be set with the I<Edit:Preferences> menu
221 Exits the application.
223 =item Edit:Find Frame
225 Allows you to search forward or backward, starting with the currently
226 selected packet (or the most recently selected packet, if no packet is
227 selected), for a packet matching a given display filter.
229 =item Edit:Go To Frame
231 Allows you to go to a particular numbered packet.
233 =item Edit:Preferences
235 Sets the packet printing, column display, TCP stream coloring, and GUI
236 options (see L<"Preferences"> below).
240 Edits the saved list of filters, allowing filters to be added, changed,
241 or deleted, and lets a selected filter be applied to the current
246 Initiates a live packet capture (see L<"Capture Preferences"> below). A
247 temporary file will be created to hold the capture. The location of the
248 file can be chosen by setting your TMPDIR environment variable before
249 starting B<Ethereal>. Otherwise, the default TMPDIR location is
250 system-dependent, but is likely either /var/tmp or /tmp.
252 =item Display:Options
254 Allows you to sets the format of the packet timestamp displayed in the
255 packet list window to relative, absolute, or delta, to enable or disable
256 the automatic scrolling of the packet list while a live capture is in
257 progress, to enable or disable translation of addresses to names in the
258 display, or to enable or disable interpretation of the IPv4 TOS field as
259 the Differentiated Services field.
261 =item Display:Match Selected
263 Creates and applies a display filter based on the data that is currently
264 highlighted in the protocol tree. If that data is a field that can be
265 tested in a display filter expression, the display filter will test that
266 field; otherwise, the display filter will be based on absolute offset
267 within the packet, and so could be unreliable if the packet contains
268 protocols with variable-length headers, such as a source-routed
271 =item Display:Colorize Display
273 Allows you to change the foreground and background colors of the packet
274 information in the list of packets, based upon display filters. The list
275 of display filters is applied to each packet sequentially. After the first
276 display filter matches a packet, any additional display filters in the list
277 are ignored. Therefore, if you are filtering on the existence of protocols,
278 you should list the higher-level protocols first, and the lower-level
281 =item Display:Collapse All
283 Collapses the protocol tree branches.
285 =item Display:Expand All
287 Expands all branches of the protocol tree.
289 =item Display:Expand All
291 Expands all branches of the protocol tree.
293 =item Display:Show Packet In New Window
295 Creates a new window containing a protocol tree view and a hex dump
296 window of the currently selected packet; this window will continue to
297 display that packet's protocol tree and data even if another packet is
302 Allows you to use and configure dynamically loadable modules (see
305 =item Tools:Follow TCP Stream
307 If you have a TCP packet selected, it will display the contents of the
308 data stream for the TCP connection to which that packet belongs, as
309 text, in a separate window, and will leave the list of packets in a
310 filtered state, with only those packets that are part of that TCP
311 connection being displayed. You can revert to your old view by pressing
312 ENTER in the display filter text box, thereby invoking your old display
313 filter (or resetting it back to no display filter).
315 The window in which the data stream is displayed lets you select whether
316 the data being displayed is to be treated as ASCII or EBCDIC text, and
317 lets you print the text, using the same print options that are used for
318 the I<File:Print Packet> menu item.
328 The main window is split into three panes. You can resize each pane using
329 a "thumb" at the right end of each divider line. Below the panes is a
330 strip that shows the file load progress, current filter, and informational
333 The top pane contains the list of network packets that you can scroll
334 through and select. The packet number, packet timestamp, source and
335 destination addresses, protocol, and description are printed for each
336 packet. An effort is made to display information as high up the protocol
337 stack as possible, e.g. IP addresses are displayed for IP packets, but the
338 MAC layer address is displayed for unknown packet types. The right
339 mouse button can be used to pop up a menu of operations.
341 The middle pane contains a I<protocol tree> for the currently-selected
342 packet. The tree displays each field and its value in each protocol
343 header in the stack. The right mouse button can be used to pop up a
346 The lowest pane contains a hex dump of the actual packet data.
347 Selecting a field in the I<protocol tree> highlights the corresponding
348 bytes in this section.
350 A display filter can be entered into the strip at the bottom.
351 A filter for HTTP, HTTPS, and DNS traffic might look like this:
353 tcp.port == 80 || tcp.port == 443 || tcp.port == 53
355 Selecting the I<Filter:> button lets you choose from a list of named
356 filters that you can optionally save. Pressing the Return or Enter
357 keys will cause the filter to be applied to the current list of packets.
358 Selecting the I<Reset> button clears the display filter so that all
359 packets are displayed.
363 The I<Preferences> dialog lets you control various personal preferences
364 for the behavior of B<Ethereal>.
368 =item Printing Preferences
370 The radio buttons at the top of the I<Printing> page allow you choose
371 between printing packets with the I<File:Print Packet> menu item as text
372 or PostScript, and sending the output directly to a command or saving it
373 to a file. The I<Command:> text entry box is the command to send files
374 to (usually B<lpr>), and the I<File:> entry box lets you enter the name
375 of the file you wish to save to. Additionally, you can select the
376 I<File:> button to browse the file system for a particular save file.
378 =item Column Preferences
380 The I<Columns> page lets you specify the number, title, and format
381 of each column in the packet list.
383 The I<Column title> entry is used to specify the title of the column
384 displayed at the top of the packet list. The type of data that the column
385 displays can be specified using the I<Column format> option menu. The row
386 of buttons on the left perform the following actions:
392 Adds a new column to the list.
396 Modifies the currently selected list item.
400 Deletes the currently selected list item.
404 Moves the selected list item up or down one position.
408 Currently has no effect.
412 Saves the current column format as the default.
416 Closes the dialog without making any changes.
420 =item TCP Stream Preferences
422 The I<TCP Streams> page can be used to change the color of the text
423 displayed in the TCP stream window. To change a color, simply select
424 an attribute from the "Set:" menu and use the color selector to get the
425 desired color. The new text colors are displayed in a sample window.
427 =item GUI Preferences
429 The I<GUI> page is used to modify small aspects of the GUI to your own
430 personal taste. The vertical scrollbars in the three panes can be
431 set to be either on the left or the right. The selection bar in the
432 packet list and protocol tree can have either a "browse" or "select"
433 behavior. If the selection bar has a "browse" behavior, the arrow keys
434 will move an outline of the selection bar, allowing you to browse
435 the rest of the list or tree without changing the selection
436 until you press the space bar. If the selection bar has a "select"
437 behavior, the arrow keys will move the selection bar and change
438 the selection to the new item in the packet list or protocol tree.
444 The I<Filters> dialog lets you create and modify filters, and set the
445 default filter to use when capturing data or opening a capture file.
447 The I<Filter name> entry specifies a descriptive name for a filter, e.g.
448 B<Web and DNS traffic>. The I<Filter string> entry is the text that
449 actually describes the filtering action to take, as described above.The
450 dialog buttons perform the following actions:
456 If there is text in the two entry boxes, it creates a new associated list
461 Modifies the currently selected list item to match what's in the entry
466 Makes a copy of the currently selected list item.
470 Deletes the currently selected list item.
474 Sets the currently selected list item as the active filter, and applies
475 it to the current capture, if any.
476 (The currently selected list item must be a display filter, not a
477 capture filter.) If nothing is selected, turns filtering off.
481 Sets the currently selected list item as the active filter. If nothing
482 is selected, turns filtering off.
486 Saves the current filter list in F<$HOME/.ethereal/filters>.
490 Closes the dialog without making any changes.
494 =item Capture Preferences
496 The I<Capture Preferences> dialog lets you specify various parameters for
497 capturing live packet data.
499 The I<Interface:> combo box lets you specify the interface from which to
500 capture packet data. The I<Count:> entry specifies the number of
501 packets to capture. Entering 0 will capture packets indefinitely. The
502 I<Filter:> entry lets you specify the capture filter using a
503 tcpdump-style filter string as described above. The I<File:> entry
504 specifies the file to save to, as in the I<Printer Options> dialog
505 above. You can specify the maximum number of bytes to capture per
506 packet with the I<Capture length> entry, can specify that the display
507 should be updated as packets are captured with the I<Update list of
508 packets in real time> check box, can specify whether in such a capture
509 the packet list pane should scroll to show the most recently captured
510 packets with the I<Automatic scrolling in live capture> check box, and
511 can specify whether addresses should be translated to names in the
512 display with the I<Enable name resolution> check box.
514 =item Display Options
516 The I<Display Options> dialog lets you specify the format of the time stamp
517 in the packet list. You can select "Time of day" for absolute time stamps,
518 "Seconds since beginning of capture" for relative time stamps, or
519 "Seconds since previous frame" for delta time stamps. You can also
520 specify whether, when the display is updated as packets are captured,
521 the list should automatically scroll to show the most recently captured
522 packets or not, whether addresses should be translated to names in the
523 display, and whether IPv4 TOS field should be treated as the
524 Differentiated Services field.
528 The I<Plugins> dialog lets you view and configure the plugins available
531 The I<Plugins List> shows the name, description, version and state
532 (enabled or not) of each plugin found on your system. The plugins are
533 searched in the following directories: B</usr/share/ethereal/plugins>,
534 B</usr/local/share/ethereal/plugins> and B<~/.ethereal/plugins>
536 A plugin must be activated using the I<Enable> button in order to use it
537 to dissect packets. It can also be deactivated with the I<Disable> button.
539 The I<Filter> button shows the filter used to select packets which should
540 be dissected by a plugin (see L<"DISPLAY FILTER SYNTAX"> below). This
541 filter can be modified.
543 =head1 CAPTURE FILTER SYNTAX
545 See manual page of tcpdump(8).
547 =head1 DISPLAY FILTER SYNTAX
549 Display filters help you remove the noise from a packet trace and let
550 you see only the packets that interest you. If a packet meets the
551 requirements expressed in your display filter, then it is displayed in
552 the list of packets. Display filters let you compare the fields within
553 a protocol against a specific value, compare fields against fields, and
554 to check the existence of specified fields or protocols.
556 The simplest display filter allows you to check for the existence of a
557 protocol or field. If you want to see all packets which contain the IPX
558 protocol, the filter would be "ipx". (Without the quotation marks) To
559 see all packets that contain a Token-Ring RIF field, use "tr.rif".
561 Fields can also be compared against values. The comparison operators
562 can be expressed either through C-like symbols, or through English-like
569 ge, >= Greater than or Equal to
570 le, <= Less than or Equal to
572 Furthermore, each protocol field is typed. The types are:
574 Unsigned integer (either 8-bit, 16-bit, 24-bit, or 32-bit)
575 Signed integer (either 8-bit, 16-bit, 24-bit, or 32-bit)
577 Ethernet address (6 bytes)
578 Byte string (n-number of bytes)
583 Double-precision floating point number
585 An integer may be expressed in decimal, octal, or hexadecimal notation.
586 The following three display filters are equivalent:
592 Boolean values are either true or false. However, a boolean field is
593 present in a protocol decode only if its value is true. If the value is
594 false, the field is not presence. You can therefore check the truth
595 value of a boolean field by simply checking for its existence, that is,
596 by naming the field. For example, a token-ring packet's source route
597 field is boolean. To find any source-routed packets, the display filter
602 Non source-routed packets can be found with the negation of that filter:
606 Ethernet addresses, as well as a string of bytes, are represented in hex
607 digits. The hex digits may be separated by colons, periods, or hyphens:
609 fddi.dst eq ff:ff:ff:ff:ff:ff
610 ipx.srcnode == 0.0.0.0.0.1
611 eth.src == aa-aa-aa-aa-aa-aa
613 If a string of bytes contains only one byte, then it is represented as
614 an unsigned integer. That is, if you are testing for hex value 'ff' in
615 a one-byte byte-string, you must compare it agains '0xff' and not 'ff'.
617 IPv4 addresses can be represented in either dotted decimal notation, or
618 by using the hostname:
620 ip.dst eq www.mit.edu
621 ip.src == 192.168.1.1
623 IPv4 address can be compared with the same logical relations as numbers:
624 eq, ne, gt, ge, lt, and le. The IPv4 address is stored in host order,
625 so you do not have to worry about how the endianness of an IPv4 address
626 when using it in a display filter.
628 Classless InterDomain Routing (CIDR) notation can be used to test if an
629 IPv4 address is in a certain subnet. For example, this display filter
630 will find all packets in the 129.111 Class-B network:
632 ip.addr == 129.111.0.0/16
634 Remember, the number after the slash represents the number of bits used
635 to represent the network. CIDR notation can also be used with
636 hostnames, in this example of finding IP addresses on the same Class C
641 The CIDR notation can only be used on IP addresses or hostnames, not in
642 variable names. So, a display filter like "ip.src/24 == ip.dst/24" is
645 IPX networks are represented by unsigned 32-bit integers. Most likely
646 you will be using hexadecimal when testing for IPX network values:
648 ipx.srcnet == 0xc0a82c00
650 A substring operator also exists. You can check the substring
651 (byte-string) of any protocol or field. For example, you can filter on
652 the vendor portion of an ethernet address (the first three bytes) like
655 eth.src[0:3] == 00:00:83
657 Or more simply, since the number of bytes is inherent in the byte-string
658 you provide, you can provide just the offset. The previous example can
661 eth.src[0] == 00:00:83
663 In fact, the only time you need to explicitly provide a length is when
664 you don't provide a byte-string, and are comparing fields against
667 fddi.src[0:3] == fddi.dst[0:3]
669 If the length of your byte-string is only one byte, then it must be
670 represented in the same way as an unsigned 8-bit integer:
674 You can use the substring operator on a protocol name, too. And
675 remember, the "frame" protocol encompasses the entire packet, allowing
676 you to look at the nth byte of a packet regardless of its frame type
677 (Ethernet, token-ring, etc.).
679 token[0:5] ne 0.0.0.1.1
683 Offsets for byte-strings can also be negative, in which case the
684 negative number indicates the number of bytes from the end of the field
685 or protocol that you are testing. Here's how to check the last 4 bytes
692 frame[-4:4] == 0.1.2.3
694 All the above tests can be combined together with logical expressions.
695 These too are expressable in C-like syntax or with English-like
703 Expressions can be grouped by parentheses as well. The following are
704 all valid display filter expression:
706 tcp.port == 80 and ip.src == 192.168.2.1
708 (ipx.srcnet == 0xbad && ipx.srnode == 0.0.0.0.0.1) || ip
709 tr.dst[0:3] == 0.6.29 xor tr.src[0:3] == 0.6.29
711 A special caveat must be given regarding fields that occur more than
712 once per packet. "ip.addr" occurs twice per IP packet, once for the
713 source address, and once for the destination address. Likewise,
714 tr.rif.ring fields can occur more than once per packet. The following
715 two expressions are not equivalent:
717 ip.addr ne 192.168.4.1
718 not ip.addr eq 192.168.4.1
720 The first filter says "show me all packets where an ip.addr exists that
721 does not equal 192.168.4.1". That is, as long as one ip.addr in the
722 packet does not equal 192.168.44.1, the packet passes the display
723 filter. The second filter "don't show me any packets that have at least
724 one ip.addr field equal to 192.168.4.1". If one ip.addr is 192.168.4.1,
725 the packet does not pass. If B<neither> ip.addr fields is 192.168.4.1,
726 then the packet passes.
728 It is easy to think of the 'ne' and 'eq' operators as having an implict
729 "exists" modifier when dealing with multiply-recurring fields. "ip.addr
730 ne 192.168.4.1" can be thought of as "there exists an ip.addr that does
731 not equal 192.168.4.1".
733 Be careful with multiply-recurring fields; they can be confusing.
735 The following is a table of protocol and protocol fields that are
736 filterable in B<Ethereal>. The abbreviation of the protocol or field is
737 given. This abbreviation is what you use in the display filter. The
738 type of the field is also given.
740 =insert_dfilter_table
744 B</etc/ethers> is consulted to correlate 6-byte hardware addresses to
745 names. If an address is not found in B</etc/ethers>, the
746 B<$HOME/.ethereal/ethers> file is consulted next. Each line contains
747 one hardware address and name, separated by whitespace. The digits of
748 the hardware address are separated by either a colon (:), a dash (-), or
749 a period (.). The following three lines are valid lines of an ethers
752 ff:ff:ff:ff:ff:ff Broadcast
753 c0-00-ff-ff-ff-ff TR_broadcast
754 00.00.00.00.00.00 Zero_broadcast
756 B</usr/local/etc/manuf> matches the 3-byte vendor portion of a 6-byte
757 hardware address with the manufacturer's name. The format of the file
758 is the same as the B</etc/ethers> file, except that each address is
759 three bytes instead of six.
761 B</etc/ipxnets> and B<$HOME/.ethereal/ipxnets> correlate 4-byte IPX
762 network numbers to names. The format is the same as the B</etc/ethers>
763 file, except that each address if four bytes instead of six.
764 Additionally, the address can be represented a single hexadecimal
765 number, as is more common in the IPX world, rather than four hex octets.
766 For example, these four lines are valid lines of an ipxnets file.
770 00:00:BE:EF IT_Server1
775 L<tcpdump(8)>, L<pcap(3)>
779 The latest version of B<Ethereal> can be found at
780 B<http://ethereal.zing.org>.
786 Gerald Combs <gerald@zing.org>
791 Gilbert Ramirez <gram@xiexie.org>
792 Hannes R. Boehm <hannes@boehm.org>
793 Mike Hall <mlh@io.com>
794 Bobo Rajec <bobo@bsp-consulting.sk>
795 Laurent Deniel <deniel@worldnet.fr>
796 Don Lafontaine <lafont02@cn.ca>
797 Guy Harris <guy@alum.mit.edu>
798 Simon Wilkinson <sxw@dcs.ed.ac.uk>
799 Joerg Mayer <jmayer@telemation.de>
800 Martin Maciaszek <fastjack@i-s-o.net>
801 Didier Jorand <Didier.Jorand@alcatel.fr>
802 Jun-ichiro itojun Hagino <itojun@iijlab.net>
803 Richard Sharpe <sharpe@ns.aus.com>
804 John McDermott <jjm@jkintl.com>
805 Jeff Jahr <jjahr@shastanets.com>
806 Brad Robel-Forrest <bradr@watchguard.com>
807 Ashok Narayanan <ashokn@cisco.com>
808 Aaron Hillegass <aaron@classmax.com>
809 Jason Lango <jal@netapp.com>
810 Johan Feyaerts <Johan.Feyaerts@siemens.atea.be>
811 Olivier Abad <abad@daba.dhis.net>
812 Thierry Andry <Thierry.Andry@advalvas.be>
813 Jeff Foster <jjfoste@woodward.com>
814 Peter Torvals <petertv@xoommail.com>
815 Christophe Tronche <ch.tronche@computer.org>
816 Nathan Neulinger <nneul@umr.edu>
817 Tomislav Vujec <tvujec@carnet.hr>
818 Kojak <kojak@bigwig.net>
819 Uwe Girlich <Uwe.Girlich@philosys.de>
820 Warren Young <tangent@mail.com>
821 Heikki Vatiainen <hessu@cs.tut.fi>
822 Greg Hankins <gregh@twoguys.org>
823 Jerry Talkington <jerryt@netapp.com>
824 Dave Chapeskie <dchapes@ddm.on.ca>
825 James Coe <jammer@cin.net>
826 Bert Driehuis <driehuis@playbeing.org>
827 Stuart Stanley <stuarts@mxmail.net>
828 John Thomes <john@ensemblecom.com>
829 Laurent Cazalet <laurent.cazalet@mailclub.net>
830 Thomas Parvais <thomas.parvais@advalvas.be>
831 Gerrit Gehnen <G.Gehnen@atrie.de>
832 Craig Newell <craign@cheque.uq.edu.au>
833 Ed Meaney <emeaney@altiga.com>
834 Dietmar Petras <DPetras@ELSA.de>
835 Fred Reimer <fwr@ga.prestige.net>
836 Florian Lohoff <flo@rfc822.org>
837 Jochen Friedrich <jochen+ethereal@scram.de>
838 Paul Welchinski <paul.welchinski@telusplanet.net>
839 Doug Nazar <nazard@dragoninc.on.ca>
840 Andreas Sikkema <andreas.sikkema@philips.com>
841 Mark Muhlestein <mmm@netapp.com>
842 Graham Bloice <graham.bloice@trihedral.com>
843 Ralf Schneider <ralf.schneider@alcatel.se>
845 Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to give his
846 permission to use his version of snprintf.c.
848 Dan Lasley <dlasley@promus.com> gave permission for his dumpit() hex-dump