Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Trying to build snort with your libpcap

From: Phil Wood <cpw () lanl gov>
Date: Mon, 05 Oct 2009 18:15:49 -0600
# If you want to try and use my libpcap on linux, pull down the source 
# from:
#
#  http://public.lanl.gov/cpw/libpcap-0.9.8.20081128.tar.gz
#
# Also, get snorts source from snort.org:
# 
# http://www.snort.org/downloads/snort-2.8.5.tar.gz
#  
#
# But, first, create a place to work, like ~/src.  Make sure you have
# read/write access to the directory. You will if you are in your home
# directory.  Assuming the above is true.
#
# Get the libpcap tarball from http://public.lanl.gov/cpw/
# and the snort tarball from http://dl.snort.org/snort-2.8.5.tar.gz
# into a src directory and then extract the source for libpcap and snort:
# before you start make sure you have a compile environment using:
#
  sudo apt-get install libtool automake autoconf flex bison
#
# Then, assuming you made a src dir in your home directory ...
#
  cd src
  tar -zxf libpcap-0.9.8.20081128.tar.gz
  tar -zxf snort-2.8.5.tar.gz
  ln -s libpcap-0.9.8.20081128 libpcap
  ln -s snort-2.8.5 snort
  cd libpcap
#
# as root make sure you have a compile environment using
# (answer y to Ok to proceed?[N/y] when prompted)
#
  rm -rf config
  sh bootstrap
# 
#
# note if you see something like:
#
#   libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.ac and
#   libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
#   libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
#
# then, add "AC_CONFIG_MACRO_DIR([m4])" after "AC_CONFIG_SRCDIR(pcap.c)" to configure.ac
# and add "ACLOCAL_AMFLAGS         = -I m4" after "INCLUDES        = @V_INCLS@" to Makefile.ac
#
# Then sh bootstrap again.
#
# At this point you will want to check out the file .warrantee for some
# build hints. I use the messing around option normally until I get a
# build.  Lets use the shared option to build a shared library:
#
  ./configure --enable-shared
  make clean
  make
#
# Once you have the library built in the libpcap/.libs directory, then
# change to the snort directory and:
#
  cd ../snort 
  ./configure --with-libpcap-includes=~/src/libpcap --with-libpcap-libraries=~/src/libpcap/.libs
  make
#
# You should find a working snort in src/snort/src/snort
#
  cd
  ls -l ~/src/snort/src/snort
#
# -rwxrwxr-x 1 cpw cpw 4092503 2009-10-05 16:16 /home/cpw/src/snort/src/snort
#
  PCAP_STATS=0x1fff PCAP_VERBOSE=1 PCAP_PERIOD=10000 PCAP_SNAPLEN=1500 PCAP_MEMORY=1000 /home/cpw/src/snort/src/snort 
-i eth1 -b -l /tmp
#
# You will notice (assuming you ran snort as root) that there is a file
# in /tmp named snort.log* (its a pcap file and you can tcpdump it).
# You might have to come up with a different interface besides eth1.
#
# You will also notice that snort said it was not using PCAP_FRAMES, but
# it is using PCAP_MEMORY.  And in addition it should be dumping to
# stderr some S: records which you can read more about in the
# README.ring
# file found in the libpcap directory.
#
# Hope you have some luck with this business.  Another thing you might
# want to do is read up on libpcap-1.0.0.  There is actually an mmap
# version (but it is not mine with those nasty PCAP environment
# variables).  Check out the man pages.
#
#Later,
#
#Phil

On Mon, 2009-10-05 at 11:07 -0400, Alexander Novokhatsky wrote:

Hello Phill

Thank you for your product

Could you please give me a hint how to compile snort with your
library.

The problem is when I ./configure, make, make install libpcap-0.9.8
from your web-site I can find libpcap.a in /usr/local/lib
But there are no pcap directory and pcap.h file in /usr/local/include

If I install libpcap-1.0.0 from source or libpcap-0.9.4 using yum
evrything is ok. There are both libpcap.a and pcap.h files in
/usr/local

As I understood I can't build snort without this pcap.

Help me plz.


-- 
C. Philip Wood, Int. D.
Senior Member of the Internet
Los Alamos National Laboratory
Key fingerprint: 2BB7 A990 44F5 EF4B 4E35  8635 1205 97D3 F6D8 7F39
E-mail: cpw () lanl gov, cornett () arpa net
Phone: 505 667-2598

Attachment: signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: