Re: [Snort-users] Phil Wood Libpcap Installation Problems

["IT Security" <ITSEC@24hourfit.com>]

I recompiled libpcap to use shared libraries and now have the following
in /usr/lib:

lrwxrwxrwx  1 root root     16 Jan 23 08:56 /usr/lib/libpcap-0.8.3.so ->
libpcap-0.9.3.so
-rwxr-xr-x  1 root root 375850 Jan 23 09:00 /usr/lib/libpcap-0.9.3.so
-rw-r--r--  1 root root 483168 Jan 23 09:00 /usr/lib/libpcap.a
-rwxr-xr-x  1 root root    792 Jan 23 09:00 /usr/lib/libpcap.la
lrwxrwxrwx  1 root root     16 Jan 23 09:00 /usr/lib/libpcap.so ->
libpcap-0.9.3.so
lrwxrwxrwx  1 root root     16 Jan 23 09:02 /usr/lib/libpcap.so.0 ->
libpcap-0.9.3.so
lrwxrwxrwx  1 root root     16 Jan 23 09:03 /usr/lib/libpcap.so.0.8 ->
libpcap-0.9.3.so
lrwxrwxrwx  1 root root     16 Jan 23 09:03 /usr/lib/libpcap.so.0.8.3 ->
libpcap-0.9.3.so

I added the symlinks for libpcap 0.8.3 with hopes that it would help,
but it didn't.

I have run ldconfig since reinstalling libpcap.

Attempting to recompile snort and tcpdump both end with the result of:

checking for strerror... yes
checking for __FUNCTION__... yes
checking for floor in -lm... yes
checking for pcap_datalink in -lpcap... no

   ERROR!  Libpcap library/headers not found, go get it from
   http://www.tcpdump.org
   or use the --with-libpcap-* options, if you have it installed
   in unusual place

This makes me think that I'm missing something accosiated with libpcap.

Any more ideas?

Thanks in advance.

- Jesse





-----Original Message-----
From: snort-users-bounces@lists.sourceforge.net
[mailto:snort-users-bounces@lists.sourceforge.net] On Behalf Of IT
Security
Sent: Tuesday, January 23, 2007 8:11 AM
To: Darryl Taylor
Cc: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] Phil Wood Libpcap Installation Problems

Darryl -

Tried with no luck.  Still get the same error.

./configure --with-libpcap-library=/usr/local/lib

Thanks for the assistance.

- Jesse



-----Original Message-----
From: Darryl Taylor [mailto:darryl.taylor@sourcefire.com]
Sent: Tuesday, January 23, 2007 8:00 AM
To: darryl.taylor@sourcefire.com
Cc: IT Security; snort-users-bounces@lists.sourceforge.net;
snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] Phil Wood Libpcap Installation Problems

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry bout that. Needed a little more sleep. It should be
- --with-libpcap-library=[your path]



Darryl Taylor
Security Engineer
SOURCEfire
Office: 404-474-8454
Cell:   404-783-2064
eFax:   404-521-4309

Fingerprint: AEA7 16DB 2DC3 0C3E 43A9 F1B6 E25A 6A7C 16F2 68B6
Key: http://demo.sourcefire.com/dtaylor.pgp.key




darryl.taylor@sourcefire.com wrote:
> Try ./configure --with-libpcap=/usr/local when compiling snort. If it
still fails then the library was probably compiled statically. If that
is the case, post back and I will tell you how to make it a shared
object. I think I had this problem a few years ago. 
> 
> Sent from my Verizon Wireless BlackBerry
> 
> -----Original Message-----
> From: "IT Security" <ITSEC@24hourfit.com>
> Date: Mon, 22 Jan 2007 17:46:59
> To:<snort-users@lists.sourceforge.net>
> Subject: [Snort-users] Phil Wood Libpcap Installation Problems
> 
> I'm trying to get Phil Wood's modified libpcap working on my Snort
> 2.6.1 sensor, but have run into some difficulties and hoping that 
> someone out there can help.
> 
> I've downloaded and extracted libpcap-0.9.20060417.tar.gz.  I then
run:
> 
>    ./configure
>    make
>    make install
> 
> I then downloaded and extracted snort-2.6.1.1.tar.gz.  I then run:
> 
>    ./configure
>    make
> 
> That's where it blows up.  Here is the error:
> 
> <snip>
> 
> checking for pcap_datalink in -lpcap... no
> 
>    ERROR!  Libpcap library/headers not found, go get it from
>    http://www.tcpdump.org
>    or use the --with-libpcap-* options, if you have it installed
>    in unusual place
> 
> </snip>
> 
> Any ideas why the headers would be missing?  Header files are 
> identified with the .h extension correct?  Where are these supposed to

> reside on the system?
> 
> I'm running CentOS 4 with 2.6.9-42.0.3.EL kernel.
> 
> Thanks in advance.
> 
> - Jesse
> 
> ----------------------------------------------------------------------
> --- Take Surveys. Earn Cash. Influence the Future of IT Join 
> SourceForge.net's Techsay panel and you'll get the chance to share 
> your opinions on IT & business topics through brief surveys - and earn

> cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEV
> DEV _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> ----------------------------------------------------------------------
> --- Take Surveys. Earn Cash. Influence the Future of IT Join 
> SourceForge.net's Techsay panel and you'll get the chance to share 
> your opinions on IT & business topics through brief surveys - and earn

> cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEV
> DEV _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFtjEJ4lpqfBbyaLYRAsihAJ47z+x8EjFPeCGbwdafL8+bZGlbFQCeIk84
fogLzGhAISTi/ZCgzM5Z2vI=
=Wh7i
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
-
Take Surveys. Earn Cash. Influence the Future of IT Join
SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDE
V
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users