OpenBSD Anomalies

From WTFwiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

OpenBSD PCAP + VLAN tags

  • OpenBSD's default install does not include libpcap-based support for VLAN tags in BPF filters: this applies to tcpdump as well as all programs that you compile on that system and link against the bundled libpcap.
  • To resolve this, you must download and manually compile your own libpcap/tcpdump before compiling tools such as Snort.
  • I recommend the argument '--prefix=/usr' to the 'configure' script for both libpcap and tcpdump to replace the bundled copies.
  • This particular issue is confirmed with OpenBSD versions 3.9 and 4.0 on both the sparc and i386 architectures; it probably exists in earlier versions, and potentially later, when they exist. It may be worse on platforms where the NIC does not support hardware tag interpretation.
  • When installing libpcap by hand, be sure to do it like this:
 /path/to/pcap/source# ./configure --prefix=/usr
     ....
 /path/to/pcap/source# make
     ....
 /path/to/pcap/source# make install-shared-so
     ....
 /path/to/pcap/source# ln -s /usr/lib/libpcap.so.0.9.5 /usr/lib/libpcap.so.5.0
 /path/to/pcap/source# ln -s /usr/lib/libpcap.so.0.9.5 /usr/lib/libpcap.so.5
 /path/to/pcap/source# ldconfig -R
  • Once those steps are finished, proceed to installing tcpdump (./configure --prefix=/usr ; make ; make install) and then Snort, etc.
Retrieved from "http://wtf.hijacked.us/wiki/index.php?title=OpenBSD_Anomalies&oldid=261"