OS Anomalies

From NSMWiki
Jump to: navigation, search

OpenBSD PCAP + VLAN tags

  • OpenBSD's default install does not include libpcap-based support for VLAN tags in BPF filters. It also disables the use of a 0 byte snaplen; this appears to apply to tcpdump as well as all programs that you compile on that system and link against the bundled libpcap.
  • To resolve this, you must download and manually compile your own libpcap/tcpdump before compiling tools such as Snort.
  • I recommend the argument '--prefix=/usr' to the 'configure' script for both libpcap and tcpdump to replace the bundled copies.
  • This particular issue is confirmed with OpenBSD versions 3.9 and 4.0 on the sparc, sparc64 and i386 architectures; it probably exists in earlier versions, and potentially later, when they exist. It may be worse on platforms where the NIC does not support hardware tag interpretation.
  • When installing libpcap by hand, be sure to do it like this:
 /path/to/pcap/source# ./configure --prefix=/usr
     ....
 /path/to/pcap/source# make
     ....
 /path/to/pcap/source# make install-shared-so
     ....
 /path/to/pcap/source# mv /usr/lib/libpcap.so.5.0 /usr/lib/libpcap.so.5.0-DIST
 /path/to/pcap/source# ln -s /usr/lib/libpcap.so.0.9.5 /usr/lib/libpcap.so.5.0
 /path/to/pcap/source# ln -s /usr/lib/libpcap.so.0.9.5 /usr/lib/libpcap.so.5
 /path/to/pcap/source# ldconfig -R
  • Once those steps are finished, proceed to installing tcpdump (./configure --prefix=/usr ; make ; make install) and then Snort, etc.

OS X Tar Command

To exclude Resource Forks and Metadata from being encapsulated into ._filename files, before running your tar command do:

 export COPY_EXTENDED_ATTRIBUTES_DISABLE=true

--Ppcx 11:50, 30 January 2007 (PST)