[Snort-users] Phil Wood Libpcap Installation Problems

Darryl Taylor darryl.taylor at ...1935...
Wed Jan 24 14:40:53 EST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just did a complete install as follows on my Dual Opteron running
Gentoo 2.6.17-r8:

libpcap (Phil Woods)
./configure --enable-shared
make
sudo make install

(ensure /usr/local/lib is in ld.so.conf)
sudo ldconfig



snort (with the options I use)
./configure --with-libpcap-library=/usr/local/lib --enable-debug \
- --enable-perfprofiling --enable-dynamicplugin
make
sudo make install

ldd /usr/local/bin/snort
    	libpcre.so.0 => /usr/lib/libpcre.so.0 (0x00002b3e9220e000)
    	libpcap-0.9.3.so => /usr/local/lib/libpcap-0.9.3.so
(0x00002b3e9232a000)
        libm.so.6 => /lib/libm.so.6 (0x00002b3e92459000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x00002b3e925af000)
        libdl.so.2 => /lib/libdl.so.2 (0x00002b3e926c5000)
        libc.so.6 => /lib/libc.so.6 (0x00002b3e927c9000)
        /lib64/ld-linux-x86-64.so.2 (0x00002b3e920f2000)

After this I had a working snort-2.6.1.2.


Darryl Taylor


IT Security wrote:
> I recompiled libpcap to use shared libraries and now have the following
> in /usr/lib:
> 
> lrwxrwxrwx  1 root root     16 Jan 23 08:56 /usr/lib/libpcap-0.8.3.so ->
> libpcap-0.9.3.so
> -rwxr-xr-x  1 root root 375850 Jan 23 09:00 /usr/lib/libpcap-0.9.3.so
> -rw-r--r--  1 root root 483168 Jan 23 09:00 /usr/lib/libpcap.a
> -rwxr-xr-x  1 root root    792 Jan 23 09:00 /usr/lib/libpcap.la
> lrwxrwxrwx  1 root root     16 Jan 23 09:00 /usr/lib/libpcap.so ->
> libpcap-0.9.3.so
> lrwxrwxrwx  1 root root     16 Jan 23 09:02 /usr/lib/libpcap.so.0 ->
> libpcap-0.9.3.so
> lrwxrwxrwx  1 root root     16 Jan 23 09:03 /usr/lib/libpcap.so.0.8 ->
> libpcap-0.9.3.so
> lrwxrwxrwx  1 root root     16 Jan 23 09:03 /usr/lib/libpcap.so.0.8.3 ->
> libpcap-0.9.3.so
> 
> I added the symlinks for libpcap 0.8.3 with hopes that it would help,
> but it didn't.
> 
> I have run ldconfig since reinstalling libpcap.
> 
> Attempting to recompile snort and tcpdump both end with the result of:
> 
> checking for strerror... yes
> checking for __FUNCTION__... yes
> checking for floor in -lm... yes
> checking for pcap_datalink in -lpcap... no
> 
>    ERROR!  Libpcap library/headers not found, go get it from
>    http://www.tcpdump.org
>    or use the --with-libpcap-* options, if you have it installed
>    in unusual place
> 
> This makes me think that I'm missing something accosiated with libpcap.
> 
> Any more ideas?
> 
> Thanks in advance.
> 
> - Jesse
> 
> 
> 
> 
> 
> -----Original Message-----
> From: snort-users-bounces at lists.sourceforge.net
> [mailto:snort-users-bounces at lists.sourceforge.net] On Behalf Of IT
> Security
> Sent: Tuesday, January 23, 2007 8:11 AM
> To: Darryl Taylor
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Phil Wood Libpcap Installation Problems
> 
> Darryl -
> 
> Tried with no luck.  Still get the same error.
> 
> ./configure --with-libpcap-library=/usr/local/lib
> 
> Thanks for the assistance.
> 
> - Jesse
> 
> 
> 
> -----Original Message-----
> From: Darryl Taylor [mailto:darryl.taylor at ...1935...]
> Sent: Tuesday, January 23, 2007 8:00 AM
> To: darryl.taylor at ...1935...
> Cc: IT Security; snort-users-bounces at lists.sourceforge.net;
> snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Phil Wood Libpcap Installation Problems
> 
> Sorry bout that. Needed a little more sleep. It should be
> --with-libpcap-library=[your path]
> 
> 
> 
> Darryl Taylor
> Security Engineer
> SOURCEfire
> Office: 404-474-8454
> Cell:   404-783-2064
> eFax:   404-521-4309
> 
> Fingerprint: AEA7 16DB 2DC3 0C3E 43A9 F1B6 E25A 6A7C 16F2 68B6
> Key: http://demo.sourcefire.com/dtaylor.pgp.key
> 
> 
> 
> 
> darryl.taylor at ...1935... wrote:
>> Try ./configure --with-libpcap=/usr/local when compiling snort. If it
> still fails then the library was probably compiled statically. If that
> is the case, post back and I will tell you how to make it a shared
> object. I think I had this problem a few years ago. 
>> Sent from my Verizon Wireless BlackBerry
> 
>> -----Original Message-----
>> From: "IT Security" <ITSEC at ...14044...>
>> Date: Mon, 22 Jan 2007 17:46:59
>> To:<snort-users at lists.sourceforge.net>
>> Subject: [Snort-users] Phil Wood Libpcap Installation Problems
> 
>> I'm trying to get Phil Wood's modified libpcap working on my Snort
>> 2.6.1 sensor, but have run into some difficulties and hoping that 
>> someone out there can help.
> 
>> I've downloaded and extracted libpcap-0.9.20060417.tar.gz.  I then
> run:
>>    ./configure
>>    make
>>    make install
> 
>> I then downloaded and extracted snort-2.6.1.1.tar.gz.  I then run:
> 
>>    ./configure
>>    make
> 
>> That's where it blows up.  Here is the error:
> 
>> <snip>
> 
>> checking for pcap_datalink in -lpcap... no
> 
>>    ERROR!  Libpcap library/headers not found, go get it from
>>    http://www.tcpdump.org
>>    or use the --with-libpcap-* options, if you have it installed
>>    in unusual place
> 
>> </snip>
> 
>> Any ideas why the headers would be missing?  Header files are 
>> identified with the .h extension correct?  Where are these supposed to
> 
>> reside on the system?
> 
>> I'm running CentOS 4 with 2.6.9-42.0.3.EL kernel.
> 
>> Thanks in advance.
> 
>> - Jesse
> 
>> ----------------------------------------------------------------------
>> --- Take Surveys. Earn Cash. Influence the Future of IT Join 
>> SourceForge.net's Techsay panel and you'll get the chance to share 
>> your opinions on IT & business topics through brief surveys - and earn
> 
>> cash
>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEV
>> DEV _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> ----------------------------------------------------------------------
>> --- Take Surveys. Earn Cash. Influence the Future of IT Join 
>> SourceForge.net's Techsay panel and you'll get the chance to share 
>> your opinions on IT & business topics through brief surveys - and earn
> 
>> cash
>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEV
>> DEV _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users

- ------------------------------------------------------------------------
- -
Take Surveys. Earn Cash. Influence the Future of IT Join
SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDE
V
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

- -------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFt7ZE4lpqfBbyaLYRAjmNAJ94Zrrh+Fy01mK5j5+S9f8apPrRJgCeOBFt
Gf7swfkS4Wv92y0VldKsslw=
=HRZ4
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list