Revision as of 04:45, 23 July 2010 by Bianco (Reverted edits by Isabel (Talk) to last revision by Bianco)
- OpenBSD's default install does not include libpcap-based support for VLAN tags in BPF filters. It also disables the use of a 0 byte snaplen; this appears to apply to tcpdump as well as all programs that you compile on that system and link against the bundled libpcap.
- To resolve this, you must download and manually compile your own libpcap/tcpdump before compiling tools such as Snort.
- I recommend the argument '--prefix=/usr' to the 'configure' script for both libpcap and tcpdump to replace the bundled copies.
- This particular issue is confirmed with OpenBSD versions 3.9 and 4.0 on the sparc, sparc64 and i386 architectures; it probably exists in earlier versions, and potentially later, when they exist. It may be worse on platforms where the NIC does not support hardware tag interpretation.
- When installing libpcap by hand, be sure to do it like this:
/path/to/pcap/source# ./configure --prefix=/usr .... /path/to/pcap/source# make .... /path/to/pcap/source# make install-shared-so .... /path/to/pcap/source# mv /usr/lib/libpcap.so.5.0 /usr/lib/libpcap.so.5.0-DIST /path/to/pcap/source# ln -s /usr/lib/libpcap.so.0.9.5 /usr/lib/libpcap.so.5.0 /path/to/pcap/source# ln -s /usr/lib/libpcap.so.0.9.5 /usr/lib/libpcap.so.5 /path/to/pcap/source# ldconfig -R
- Once those steps are finished, proceed to installing tcpdump (./configure --prefix=/usr ; make ; make install) and then Snort, etc.
OS X Tar Command
To exclude Resource Forks and Metadata from being encapsulated into ._filename files, before running your tar command do:
--Ppcx 11:50, 30 January 2007 (PST)