Learn how to a build a cloud-first strategyRegister Now


compile tcpdump with pf_ring

Posted on 2011-10-19
Medium Priority
Last Modified: 2012-05-12

i downloaded pf_ring 5.0.0. I successfully compiled libpcap and pf_ring libraries. I'm now trying to compile tcpdump but that does not seem to work. I get this error when doing make:

gcc -O2 -DHAVE_CONFIG_H  -I./missing  -D_U_="__attribute__((unused))" -DHAVE_PF_RING -I. -I./../libpcap  -I./missing  -o tcpdump addrtoname.o af.o checksum.o cpack.o gmpls.o oui.o gmt2local.o ipproto.o nlpid.o l2vpn.o machdep.o parsenfsfh.o print-802_11.o print-ap1394.o print-ah.o print-arcnet.o print-aodv.o print-arp.o print-ascii.o print-atalk.o print-atm.o print-beep.o print-bfd.o print-bgp.o print-bootp.o print-bt.o print-cdp.o print-cfm.o print-chdlc.o print-cip.o print-cnfp.o print-dccp.o print-decnet.o print-domain.o print-dtp.o print-dvmrp.o print-enc.o print-egp.o print-eap.o print-eigrp.o print-esp.o print-ether.o print-fddi.o print-fr.o print-gre.o print-hsrp.o print-icmp.o print-igmp.o print-igrp.o print-ip.o print-ipcomp.o print-ipfc.o print-ipnet.o print-ipx.o print-isoclns.o print-juniper.o print-krb.o print-l2tp.o print-lane.o print-ldp.o print-lldp.o print-llc.o print-lmp.o print-lspping.o print-lwapp.o print-lwres.o print-mobile.o print-mpcp.o print-mpls.o print-msdp.o print-nfs.o print-ntp.o print-null.o print-olsr.o print-ospf.o print-pgm.o print-pim.o print-ppp.o print-pppoe.o print-pptp.o print-radius.o print-raw.o print-rip.o print-rrcp.o print-rsvp.o print-rx.o print-sctp.o print-sflow.o print-sip.o print-sl.o print-sll.o print-slow.o print-snmp.o print-stp.o print-sunatm.o print-sunrpc.o print-symantec.o print-syslog.o print-tcp.o print-telnet.o print-tftp.o print-timed.o print-token.o print-udld.o print-udp.o print-usb.o print-vjc.o print-vqp.o print-vrrp.o print-vtp.o print-forces.o print-wb.o print-zephyr.o signature.o setsignal.o tcpdump.o util.o version.o print-ip6.o print-ip6opts.o print-mobility.o print-ripng.o print-icmp6.o print-frag6.o print-rt6.o print-ospf6.o print-dhcp6.o print-smb.o smbutil.o strlcat.o strlcpy.o datalinks.o dlnames.o pcap_dump_ftell.o print-isakmp.o ./../libpcap/libpcap.a ../lib/libpfring.a  ../lib/libpfring.a -lpthread ../lib/libpfring.a -lpthread
./../libpcap/libpcap.a(pcap.o): In function `pcap_datalink_name_to_val':
pcap.c:(.text+0x130): multiple definition of `pcap_datalink_name_to_val'
dlnames.o:dlnames.c:(.text+0xa0): first defined here
./../libpcap/libpcap.a(pcap.o): In function `pcap_datalink_val_to_name':
pcap.c:(.text+0x1a0): multiple definition of `pcap_datalink_val_to_name'
dlnames.o:dlnames.c:(.text+0x0): first defined here
./../libpcap/libpcap.a(pcap.o): In function `pcap_datalink_val_to_description':
pcap.c:(.text+0x1f0): multiple definition of `pcap_datalink_val_to_description'
dlnames.o:dlnames.c:(.text+0x50): first defined here
./../libpcap/libpcap.a(pcap.o): In function `pcap_list_datalinks':
pcap.c:(.text+0xca0): multiple definition of `pcap_list_datalinks'
datalinks.o:datalinks.c:(.text+0x0): first defined here
./../libpcap/libpcap.a(sf-pcap.o): In function `pcap_dump_ftell':
sf-pcap.c:(.text+0x40): multiple definition of `pcap_dump_ftell'
pcap_dump_ftell.o:pcap_dump_ftell.c:(.text+0x0): first defined here
./../libpcap/libpcap.a(grammar.o): In function `pcap_parse':
grammar.c:(.text+0x44e): undefined reference to `pcap_lex'
collect2: ld returned 1 exit status
make: *** [tcpdump] Error 1

It seems to be a problem that other people are facing as well, but i haven't found any solution yet.

Can someone help?

Question by:Commsquare
  • 2
  • 2
LVL 16

Expert Comment

ID: 36992041
First, you need to recompile libpcap to include pf_ring support.
Sources for this enhanced libpcap are in directory userland/libpcap-1.1.1-ring
in pf_ring 5.0.0 source tree. Then you have to use this new libpcap to compile tcpdump.

Author Comment

ID: 36992064
I have successfully compiled libpcap. I then go to the tcpdump directory and do "./configure" and "make" which gives me the error. I don't see what i do differently than what you suggest.
LVL 16

Accepted Solution

medvedd earned 2000 total points
ID: 36992196
Pf_ring distribution also includes tcpdump, did you try to compile this version?

My steps:

tar xvfz PF_RING-5.0.0.tar.gz
cd PF_RING-5.0.0/userland/lib

cd ../libpcap-1.1.1-ring

cd ../tcpdump-4.1.1

tcpdump compiled with pf_ring support and no errors


Author Comment

ID: 36992273
apparently something had been messed up. I followed your procedure from scratch with a fresh pf_ring installation and now it works... thanks.

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Make the most of your online learning experience.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question