Re: [Snort-users] Phil Wood Libpcap Installation Problems
This is a discussion on Re: [Snort-users] Phil Wood Libpcap Installation Problems within the Snort forums, part of the System Security and Security Related category; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just did a complete install as follows on my Dual Opteron running Gentoo ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-24-2007
|
|||
|
|||
Re: [Snort-users] Phil Wood Libpcap Installation Problems
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 I just did a complete install as follows on my Dual Opteron running Gentoo 2.6.17-r8: libpcap (Phil Woods) ../configure --enable-shared make sudo make install (ensure /usr/local/lib is in ld.so.conf) sudo ldconfig snort (with the options I use) ../configure --with-libpcap-library=/usr/local/lib --enable-debug \ - --enable-perfprofiling --enable-dynamicplugin make sudo make install ldd /usr/local/bin/snort libpcre.so.0 => /usr/lib/libpcre.so.0 (0x00002b3e9220e000) libpcap-0.9.3.so => /usr/local/lib/libpcap-0.9.3.so (0x00002b3e9232a000) libm.so.6 => /lib/libm.so.6 (0x00002b3e92459000) libnsl.so.1 => /lib/libnsl.so.1 (0x00002b3e925af000) libdl.so.2 => /lib/libdl.so.2 (0x00002b3e926c5000) libc.so.6 => /lib/libc.so.6 (0x00002b3e927c9000) /lib64/ld-linux-x86-64.so.2 (0x00002b3e920f2000) After this I had a working snort-2.6.1.2. Darryl Taylor IT Security wrote: > I recompiled libpcap to use shared libraries and now have the following > in /usr/lib: > > lrwxrwxrwx 1 root root 16 Jan 23 08:56 /usr/lib/libpcap-0.8.3.so -> > libpcap-0.9.3.so > -rwxr-xr-x 1 root root 375850 Jan 23 09:00 /usr/lib/libpcap-0.9.3.so > -rw-r--r-- 1 root root 483168 Jan 23 09:00 /usr/lib/libpcap.a > -rwxr-xr-x 1 root root 792 Jan 23 09:00 /usr/lib/libpcap.la > lrwxrwxrwx 1 root root 16 Jan 23 09:00 /usr/lib/libpcap.so -> > libpcap-0.9.3.so > lrwxrwxrwx 1 root root 16 Jan 23 09:02 /usr/lib/libpcap.so.0 -> > libpcap-0.9.3.so > lrwxrwxrwx 1 root root 16 Jan 23 09:03 /usr/lib/libpcap.so.0.8 -> > libpcap-0.9.3.so > lrwxrwxrwx 1 root root 16 Jan 23 09:03 /usr/lib/libpcap.so.0.8.3 -> > libpcap-0.9.3.so > > I added the symlinks for libpcap 0.8.3 with hopes that it would help, > but it didn't. > > I have run ldconfig since reinstalling libpcap. > > Attempting to recompile snort and tcpdump both end with the result of: > > checking for strerror... yes > checking for __FUNCTION__... yes > checking for floor in -lm... yes > checking for pcap_datalink in -lpcap... no > > ERROR! Libpcap library/headers not found, go get it from > http://www.tcpdump.org > or use the --with-libpcap-* options, if you have it installed > in unusual place > > This makes me think that I'm missing something accosiated with libpcap. > > Any more ideas? > > Thanks in advance. > > - Jesse > > > > > > -----Original Message----- > From: snort-users-bounces@lists.sourceforge.net > [mailto:snort-users-bounces@lists.sourceforge.net] On Behalf Of IT > Security > Sent: Tuesday, January 23, 2007 8:11 AM > To: Darryl Taylor > Cc: snort-users@lists.sourceforge.net > Subject: Re: [Snort-users] Phil Wood Libpcap Installation Problems > > Darryl - > > Tried with no luck. Still get the same error. > > ./configure --with-libpcap-library=/usr/local/lib > > Thanks for the assistance. > > - Jesse > > > > -----Original Message----- > From: Darryl Taylor [mailto:darryl.taylor@sourcefire.com] > Sent: Tuesday, January 23, 2007 8:00 AM > To: darryl.taylor@sourcefire.com > Cc: IT Security; snort-users-bounces@lists.sourceforge.net; > snort-users@lists.sourceforge.net > Subject: Re: [Snort-users] Phil Wood Libpcap Installation Problems > > Sorry bout that. Needed a little more sleep. It should be > --with-libpcap-library=[your path] > > > > Darryl Taylor > Security Engineer > SOURCEfire > Office: 404-474-8454 > Cell: 404-783-2064 > eFax: 404-521-4309 > > Fingerprint: AEA7 16DB 2DC3 0C3E 43A9 F1B6 E25A 6A7C 16F2 68B6 > Key: http://demo.sourcefire.com/dtaylor.pgp.key > > > > > darryl.taylor@sourcefire.com wrote: >> Try ./configure --with-libpcap=/usr/local when compiling snort. If it > still fails then the library was probably compiled statically. If that > is the case, post back and I will tell you how to make it a shared > object. I think I had this problem a few years ago. >> Sent from my Verizon Wireless BlackBerry > >> -----Original Message----- >> From: "IT Security" <ITSEC@24hourfit.com> >> Date: Mon, 22 Jan 2007 17:46:59 >> To:<snort-users@lists.sourceforge.net> >> Subject: [Snort-users] Phil Wood Libpcap Installation Problems > >> I'm trying to get Phil Wood's modified libpcap working on my Snort >> 2.6.1 sensor, but have run into some difficulties and hoping that >> someone out there can help. > >> I've downloaded and extracted libpcap-0.9.20060417.tar.gz. I then > run: >> ./configure >> make >> make install > >> I then downloaded and extracted snort-2.6.1.1.tar.gz. I then run: > >> ./configure >> make > >> That's where it blows up. Here is the error: > >> <snip> > >> checking for pcap_datalink in -lpcap... no > >> ERROR! Libpcap library/headers not found, go get it from >> http://www.tcpdump.org >> or use the --with-libpcap-* options, if you have it installed >> in unusual place > >> </snip> > >> Any ideas why the headers would be missing? Header files are >> identified with the .h extension correct? Where are these supposed to > >> reside on the system? > >> I'm running CentOS 4 with 2.6.9-42.0.3.EL kernel. > >> Thanks in advance. > >> - Jesse > >> ---------------------------------------------------------------------- >> --- Take Surveys. Earn Cash. Influence the Future of IT Join >> SourceForge.net's Techsay panel and you'll get the chance to share >> your opinions on IT & business topics through brief surveys - and earn > >> cash >> http://www.techsay.com/default.php?p...eforge&CID=DEV >> DEV _______________________________________________ >> Snort-users mailing list >> Snort-users@lists.sourceforge.net >> Go to this URL to change user options or unsubscribe: >> https://lists.sourceforge.net/lists/...fo/snort-users >> Snort-users list archive: >> http://www.geocrawler.com/redir-sf.p...st=snort-users >> ---------------------------------------------------------------------- >> --- Take Surveys. Earn Cash. Influence the Future of IT Join >> SourceForge.net's Techsay panel and you'll get the chance to share >> your opinions on IT & business topics through brief surveys - and earn > >> cash >> http://www.techsay.com/default.php?p...eforge&CID=DEV >> DEV _______________________________________________ >> Snort-users mailing list >> Snort-users@lists.sourceforge.net >> Go to this URL to change user options or unsubscribe: >> https://lists.sourceforge.net/lists/...fo/snort-users >> Snort-users list archive: >> http://www.geocrawler.com/redir-sf.p...st=snort-users - ------------------------------------------------------------------------ - - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?p...orge&CID=DEVDE V _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users - ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?p...rge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFt7ZE4lpqfBbyaLYRAjmNAJ94Zrrh+Fy01mK5j5+S9f 8apPrRJgCeOBFt Gf7swfkS4Wv92y0VldKsslw= =HRZ4 -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?p...rge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 01:24 PM.
