SHADOW Version 1.7
Last changed:  21 Jun 2001

Written by: Bill Ralph <RalphWD@nswc.navy.mil>

tcpdump-3.6.2-wdr2.patch:

I haven't been successful in reaching anyone at tcpdump.org who will
respond. This patch corrects the following problems in tcpdump-3.6.2:

1. The SMB/NetBIOS  translater generated beaucoup line feeds as it decodes
   the packets. SHADOW expects each packet to be contained on a single line.
   This patch abbreviates some of the verbiage on the line and removes the
   excess line feed characters.

2. This version of tcpdump has a bug in decoding UDP packets on ports
   1645-46 and 1812-13. Any packet with one of those ports is assumed to
   be from the Radius authentication protocol. Consequently, the next few
   bytes are interpreted as belonging to that protocol. One byte is 
   interpreted as the length of an "attribute" string, followed by that string.
   Unfortunately, for UDP packets that use those ports and are not Radius
   packets may well have zero in a byte where the Radius decoder expects a
   length. Hence it can and does end up in and infinite loop. I just removed
   Radius decoding from tcpdump, and may consider more less used protocols.
