compile tcpdump with pf_ring

Posted on 2011-10-19
Last Modified: 2012-05-12

i downloaded pf_ring 5.0.0. I successfully compiled libpcap and pf_ring libraries. I'm now trying to compile tcpdump but that does not seem to work. I get this error when doing make:

gcc -O2 -DHAVE_CONFIG_H  -I./missing  -D_U_="__attribute__((unused))" -DHAVE_PF_RING -I. -I./../libpcap  -I./missing  -o tcpdump addrtoname.o af.o checksum.o cpack.o gmpls.o oui.o gmt2local.o ipproto.o nlpid.o l2vpn.o machdep.o parsenfsfh.o print-802_11.o print-ap1394.o print-ah.o print-arcnet.o print-aodv.o print-arp.o print-ascii.o print-atalk.o print-atm.o print-beep.o print-bfd.o print-bgp.o print-bootp.o print-bt.o print-cdp.o print-cfm.o print-chdlc.o print-cip.o print-cnfp.o print-dccp.o print-decnet.o print-domain.o print-dtp.o print-dvmrp.o print-enc.o print-egp.o print-eap.o print-eigrp.o print-esp.o print-ether.o print-fddi.o print-fr.o print-gre.o print-hsrp.o print-icmp.o print-igmp.o print-igrp.o print-ip.o print-ipcomp.o print-ipfc.o print-ipnet.o print-ipx.o print-isoclns.o print-juniper.o print-krb.o print-l2tp.o print-lane.o print-ldp.o print-lldp.o print-llc.o print-lmp.o print-lspping.o print-lwapp.o print-lwres.o print-mobile.o print-mpcp.o print-mpls.o print-msdp.o print-nfs.o print-ntp.o print-null.o print-olsr.o print-ospf.o print-pgm.o print-pim.o print-ppp.o print-pppoe.o print-pptp.o print-radius.o print-raw.o print-rip.o print-rrcp.o print-rsvp.o print-rx.o print-sctp.o print-sflow.o print-sip.o print-sl.o print-sll.o print-slow.o print-snmp.o print-stp.o print-sunatm.o print-sunrpc.o print-symantec.o print-syslog.o print-tcp.o print-telnet.o print-tftp.o print-timed.o print-token.o print-udld.o print-udp.o print-usb.o print-vjc.o print-vqp.o print-vrrp.o print-vtp.o print-forces.o print-wb.o print-zephyr.o signature.o setsignal.o tcpdump.o util.o version.o print-ip6.o print-ip6opts.o print-mobility.o print-ripng.o print-icmp6.o print-frag6.o print-rt6.o print-ospf6.o print-dhcp6.o print-smb.o smbutil.o strlcat.o strlcpy.o datalinks.o dlnames.o pcap_dump_ftell.o print-isakmp.o ./../libpcap/libpcap.a ../lib/libpfring.a  ../lib/libpfring.a -lpthread ../lib/libpfring.a -lpthread
./../libpcap/libpcap.a(pcap.o): In function `pcap_datalink_name_to_val':
pcap.c:(.text+0x130): multiple definition of `pcap_datalink_name_to_val'
dlnames.o:dlnames.c:(.text+0xa0): first defined here
./../libpcap/libpcap.a(pcap.o): In function `pcap_datalink_val_to_name':
pcap.c:(.text+0x1a0): multiple definition of `pcap_datalink_val_to_name'
dlnames.o:dlnames.c:(.text+0x0): first defined here
./../libpcap/libpcap.a(pcap.o): In function `pcap_datalink_val_to_description':
pcap.c:(.text+0x1f0): multiple definition of `pcap_datalink_val_to_description'
dlnames.o:dlnames.c:(.text+0x50): first defined here
./../libpcap/libpcap.a(pcap.o): In function `pcap_list_datalinks':
pcap.c:(.text+0xca0): multiple definition of `pcap_list_datalinks'
datalinks.o:datalinks.c:(.text+0x0): first defined here
./../libpcap/libpcap.a(sf-pcap.o): In function `pcap_dump_ftell':
sf-pcap.c:(.text+0x40): multiple definition of `pcap_dump_ftell'
pcap_dump_ftell.o:pcap_dump_ftell.c:(.text+0x0): first defined here
./../libpcap/libpcap.a(grammar.o): In function `pcap_parse':
grammar.c:(.text+0x44e): undefined reference to `pcap_lex'
collect2: ld returned 1 exit status
make: *** [tcpdump] Error 1

It seems to be a problem that other people are facing as well, but i haven't found any solution yet.

Can someone help?

Question by:Commsquare
    LVL 16

    Expert Comment

    First, you need to recompile libpcap to include pf_ring support.
    Sources for this enhanced libpcap are in directory userland/libpcap-1.1.1-ring
    in pf_ring 5.0.0 source tree. Then you have to use this new libpcap to compile tcpdump.

    Author Comment

    I have successfully compiled libpcap. I then go to the tcpdump directory and do "./configure" and "make" which gives me the error. I don't see what i do differently than what you suggest.
    LVL 16

    Accepted Solution

    Pf_ring distribution also includes tcpdump, did you try to compile this version?

    My steps:

    tar xvfz PF_RING-5.0.0.tar.gz
    cd PF_RING-5.0.0/userland/lib

    cd ../libpcap-1.1.1-ring

    cd ../tcpdump-4.1.1

    tcpdump compiled with pf_ring support and no errors


    Author Comment

    apparently something had been messed up. I followed your procedure from scratch with a fresh pf_ring installation and now it works... thanks.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now