ubuntu 14.04安装libpcap
来源:互联网 发布:淘宝怎么删除评价 编辑:程序博客网 时间:2024/05/30 02:53
1, 环境: Ubuntu14.04 + libpcap-1.6.1.tar.gz
2,Libpcap下载: 官方地址-http://www.tcpdump.org/#latest-release 即可下载最新版本的libpcap。
3,解压libpcap-1.6.1.tar.gz: tar -zxvf libpcap-1.4.0.tar.gz
4,配置生成makefile文件:cd到libpcap解压目录libpcap-1.4.0, 执行 ./configure。执行到这一步可能会遇到缺少flex包的问题:
configure: error: Your operating system's lex is insufficient to compile
libpcap. flex is a lex replacement that has many advantages, including
being able to compile libpcap. For more information, see
http://www.gnu.org/software/flex/flex.html .
解决办法:安装flex包---- sudo apt-get install flex
5,make
注意在make过程中可能会出错,按下面办法解决
ERROR! dnet header not found, go get it from
ERROR! daq_static library not found, go get it from
解决办法:安装byacc包--- sudo apt-get install -y byacc
apt-get install libpcre3-dev
apt-get install libdumbnet-dev
如果还是不能解决问题,请参考下面文档
How to Install & Configure Snort NIDS in Linux
Snort is network intrusion detection system (NIDS) which is a type of open-source software to detect attacks, anomaly traffic in the network. It is written in C language and works on multiplatform. It is themost widely deployed intrusion prevention system in the world (With over 4 million downloads and nearly 500,000 registered users)
There are not enough resource how to configure Snort in linux. So I wrote this post.
Before snort installation, some package should be installed. So we wrote this command in terminal screen.
sudo apt-get install flex bison build-essential checkinstall libpcap-dev libnet1-dev libpcre3-dev libmysqlclient15-dev libnetfilter-queue-dev iptables-dev
After that, libnet-1.12 is downloaded and unpacked.
wget https://libdnet.googlecode.com/files/libdnet-1.12.tgz
tar xvfz libdnet-1.12.tgz
Then, you should go to this library packet folder.(When downloading file from net, your file is downloaded in /home/downloads folder). In the file directory,
./configure “CFLAGS=-fpic”
this configuration for 64 bit machine.
make
for compilation
sudo checkinstall
Then,
sudo dpkg -i libdnet_1.12-1_i386.deb
sudo ln -s /usr/local/lib/libdnet.1.0.1 /usr/lib/libdnet.1
(above) command is to create symbolic link.
After all, you should go to snort site (http://snort.org). Download snort and daq (snort-2.9.6.1.tar.gz anddaq-2.0.2.tar.gz ). In this example, firstly, I download snort-2.9.7.0.tar.gz and daq-2.0.4.tar.gz. However, I encountered a problem, so I used older versions of softwares.
Problem message:
checking for daq_load_modules in -ldaq_static… no
ERROR! daq_static library not found, go get it from
http://www.snort.org/.
Then, (used older version)
tar xvfvz daq-2.0.2.tar.gz
./configure
make
sudo checkinstall
After that, snort file is configured
tar xvfvz snort-2.9.6.1.tar.gz
./configure
make
sudo checkinstall
sudo dpkg -i snort_2.9.6.1-1_i386.deb
sudo ln -s /usr/local/bin/snort /usr/sbin/snort
After installation,
sudo ldconfig -v // to view version
After all, you should go to snort site to download snort rules (snortrules-snapshot-2970.tar.gz). Then it is unpacked. Create snort folder under etc folder. You can configure your snort.conf file. (/etc/snort)
ipvar HOME_NET 192.168.1.110/24 // or default mode (eg: any) can be used
ipvar EXTERNAL_NET !$HOME_NET // or default mode (eg: any) can be used
Also, you should write rule in folder (/etc/snort/rules) or append new rules to the other rules.
alert icmp any any -> any any (msg:”Alert Getting ICMP Flood Message”;sid:1000004;)
alert tcp any any -> any any (msg:”Alert Getting TCP Flood Message”;sid:1000005;)
alert udp any any -> any any (msg:”Alert Getting UDP Flood Message”;sid:1000006;)
alert tcp $EXTERNAL_NET any -> any any (msg:”Alert HTTP GET DDos”;pcre:”/GET.*\htm/i”;classtype:web-application-activity;sid:1000007;)
After all, you can run snort using this command:
snort -i eth0 -l /var/log/snort -c /etc/snort/snort.conf -A console
This command says: your network input port is eth0, snort is working IDS mode (-i), your log file is/var/log/snort (-l), your configuration /etc/snort/snort.conf (-c) and you can see all process on the terminal screen (-A console).
I also encountered another problem when I entered this command;
snort -i 5 -l /var/log/snort -c /etc/snort/snort.conf -A console
Also, my network input is configured as eth2.
Problem Message:
ERROR: Can’t start DAQ (-1) – SIOCGIFHWADDR: No such device!
I solved it when I changed eth2 to eth0 and enter eth0 instead of 5
After that, you can test it by sending hping3 / ping to other machine (snort host).
(Pictures below; TCP, ICMP and UDP packets are catched)
6,安装: sudo make install
7,完成安装: 可用 man pcap查看帮助
- ubuntu 14.04安装libpcap
- ubuntu 14.04安装libpcap
- ubuntu 安装libpcap
- Ubuntu 安装libpcap
- ubuntu libpcap安装
- ubuntu libpcap安装
- ubuntu libpcap安装
- Ubuntu 12.04 安装 libpcap
- Ubuntu下安装Libpcap
- ubuntu 安装libpcap
- Ubuntu下libpcap安装
- Ubuntu下安装libpcap
- ubuntu libpcap安装流程
- ubuntu libpcap安装遇到问题解决
- Ubuntu下libpcap安装步骤
- Ubuntu 如何安装 libpcap 库
- ubuntu下libpcap的安装
- ubuntu下libpcap的安装
- android 实现动态显示当前的时间
- 求阶乘和
- Unity3D-Pro安装
- 中缀表达式转前缀表达式
- mysql添加新用户 开放外网访问
- ubuntu 14.04安装libpcap
- CSS基础01
- C++内存管理
- iOS 几个图片图像处理
- 实例变量与局部变量的区别
- 网址收藏
- 残缺的棋盘
- Android数据存储
- BZOJ 2178 圆的面积并