OpenBSD Anomalies

From WTFwiki
Revision as of 22:47, 4 January 2013 by Jontow (talk | contribs) (1 revision)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

OpenBSD PCAP + VLAN tags

  • OpenBSD's default install does not include libpcap-based support for VLAN tags in BPF filters: this applies to tcpdump as well as all programs that you compile on that system and link against the bundled libpcap.
  • To resolve this, you must download and manually compile your own libpcap/tcpdump before compiling tools such as Snort.
  • I recommend the argument '--prefix=/usr' to the 'configure' script for both libpcap and tcpdump to replace the bundled copies.
  • This particular issue is confirmed with OpenBSD versions 3.9 and 4.0 on both the sparc and i386 architectures; it probably exists in earlier versions, and potentially later, when they exist. It may be worse on platforms where the NIC does not support hardware tag interpretation.
  • When installing libpcap by hand, be sure to do it like this:
 /path/to/pcap/source# ./configure --prefix=/usr
     ....
 /path/to/pcap/source# make
     ....
 /path/to/pcap/source# make install-shared-so
     ....
 /path/to/pcap/source# ln -s /usr/lib/libpcap.so.0.9.5 /usr/lib/libpcap.so.5.0
 /path/to/pcap/source# ln -s /usr/lib/libpcap.so.0.9.5 /usr/lib/libpcap.so.5
 /path/to/pcap/source# ldconfig -R
  • Once those steps are finished, proceed to installing tcpdump (./configure --prefix=/usr ; make ; make install) and then Snort, etc.
Retrieved from "http://wtf.hijacked.us/wiki/index.php?title=OpenBSD_Anomalies&oldid=261"