libpcap是網路世界中抓取封包最重要的Library之一,Wireshark、tcpdump或是著名的入侵偵測系統(IDS)Snort都是透過libpcap完成的,各個系統都可以使用libpcap(Windows使用Winpcap,差不多的東西)。
安裝方法有很多種,沒有哪種比較好,完全看個人。
「方法一」
到官網下載原始碼,目前最新版是1.8.1版,如果要下載之前的版本就到這裡吧。
解壓縮後切到目錄下:
~ % ls libpcap-1.8.1.tar.gz libpcap-1.8.1.tar.gz ~ % tar xvzf libpcap-1.8.1.tar.gz x libpcap-1.8.1/ x libpcap-1.8.1/grammar.y x libpcap-1.8.1/pcap_setnonblock.3pcap x libpcap-1.8.1/fad-glifc.c ... ~ % cd libpcap-1.8.1 libpcap-1.8.1 %
接著腳本
configure用來檢查電腦的一些相依性。
libpcap-1.8.1 % ./configure --help
`configure' configures this package to adapt to many kinds of systems.
Usage: ./configure [OPTION]... [VAR=VALUE]...
To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE. See below for descriptions of some of the useful variables.
Defaults for the options are specified in brackets.
Configuration:
-h, --help display this help and exit
--help=short display options specific to this package
--help=recursive display the short help of all the included packages
-V, --version display version information and exit
-q, --quiet, --silent do not print `checking ...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for `--cache-file=config.cache'
-n, --no-create do not create output files
--srcdir=DIR find the sources in DIR [configure dir or `..']
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
[/usr/local]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX]
By default, `make install' will install all the files in
`/usr/local/bin', `/usr/local/lib' etc. You can specify
an installation prefix other than `/usr/local' using `--prefix',
for instance `--prefix=$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
--datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
--datadir=DIR read-only architecture-independent data [DATAROOTDIR]
--infodir=DIR info documentation [DATAROOTDIR/info]
--localedir=DIR locale-dependent data [DATAROOTDIR/locale]
--mandir=DIR man documentation [DATAROOTDIR/man]
--docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE]
--htmldir=DIR html documentation [DOCDIR]
--dvidir=DIR dvi documentation [DOCDIR]
--pdfdir=DIR pdf documentation [DOCDIR]
--psdir=DIR ps documentation [DOCDIR]
System types:
--build=BUILD configure for building on BUILD [guessed]
--host=HOST cross-compile to build programs to run on HOST [BUILD]
--target=TARGET configure for building compilers for TARGET [HOST]
Optional Features:
--disable-option-checking ignore unrecognized --enable/--with options
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--disable-largefile omit support for large files
--disable-protochain disable \"protochain\" insn
--enable-ipv6 build IPv6-capable version [default=yes, if
getaddrinfo available]
--enable-optimizer-dbg build optimizer debugging code
--enable-yydebug build parser debugging code
--disable-universal don't build universal on OS X
--enable-shared build shared libraries [default=yes, if support
available]
--enable-usb enable nusb support [default=yes, if support
available]
--enable-bluetooth enable Bluetooth support [default=yes, if support
available]
--enable-dbus enable D-Bus capture support [default=yes, if
support available]
--enable-packet-ring enable Linux packet ring support [default=yes]
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--without-gcc don't use gcc
--with-sita include SITA support
--with-pcap=TYPE use packet capture TYPE
--without-libnl disable libnl support [default=yes, on Linux, if
present]
--with-dag[=DIR] include Endace DAG support (located in directory
DIR, if supplied). [default=yes, if present]
--with-dag-includes=IDIR
Endace DAG include directory, if not DIR/include
--with-dag-libraries=LDIR
Endace DAG library directory, if not DIR/lib
--with-septel[=DIR] include Septel support (located in directory DIR, if
supplied). [default=yes, if present]
--with-snf[=DIR] include Myricom SNF support (located in directory
DIR, if supplied). [default=yes, if present]
--with-snf-includes=IDIR
Myricom SNF include directory, if not DIR/include
--with-snf-libraries=LDIR
Myricom SNF library directory, if not DIR/lib
--with-turbocap[=DIR] include Riverbed TurboCap support (located in
directory DIR, if supplied). [default=yes, if
present]
Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
LDFLAGS linker flags, e.g. -L if you have libraries in a
nonstandard directory
LIBS libraries to pass to the linker, e.g. -l
CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if
you have headers in a nonstandard directory
CPP C preprocessor
YACC The `Yet Another Compiler Compiler' implementation to use.
Defaults to the first program found out of: `bison -y', `byacc',
`yacc'.
YFLAGS The list of arguments that will be passed by default to $YACC.
This script will default YFLAGS to the empty string to avoid a
default value of `-d' given by some make applications.
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
Report bugs to the package provider.
幾個比較常用的參數中
--prefix是指定安裝路徑,像是:./configure --prefix=/tmp
可以安裝在
/tmp目錄下("通常"預設安裝路徑是/usr/local/)不過目前不需要,直接執行腳本
configurelibpcap-1.8.1 % ./configure checking build system type... x86_64-apple-darwin15.6.0 checking host system type... x86_64-apple-darwin15.6.0 checking target system type... x86_64-apple-darwin15.6.0 checking for gcc... gcc ...
然後
make指令編譯libpcap-1.8.1 % make gcc -fvisibility=hidden -fno-common -arch x86_64 -arch i386 -I. -DBUILDING_PCAP -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -g -O2 -c ./pcap-bpf.c gcc -fvisibility=hidden -fno-common -arch x86_64 -arch i386 -I. -DBUILDING_PCAP -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -g -O2 -c ./fad-getad.c ...
最後
make install安裝libpcap-1.8.1 % make install
rm -f libpcap*.dylib
VER=`cat ./VERSION`; \
MAJOR_VER=A; \
COMPAT_VER=1; \
...
「方法二(Mac OS X)」
如果之前有安裝過
homebrew(這裡)直接指令:~ % brew install libpcap
「方法三(CentOS)」
直接用yum安裝指令:
[root@tutu ~]# yum install libpcap-dev*
從原始碼安裝好處是可以交叉編譯、自定安裝參數(當然也要夠熟)、根據需求修改原始碼;直接用
homebrew安裝好處就是快速方便(當然也可以自定安裝參數),看個人囉。稍微看一下安裝好的檔案有哪些
libpcap [master] % tree . -L 1 . ├── bin ├── include ├── lib └── share
幾個目錄稍微講一下:
- bin:放置一些指令或是腳本,這裡放的是
pcap-config編譯用組態腳本。 - include:libpcap的表頭檔案,寫程式需要。
- lib:libpcap的Library檔案,寫程式需要。
- share:其他檔案,像是man page。
接著幾篇會慢慢介紹libpcap用法,跟分析一些原始碼囉。
如果要移除的話,在原始碼路徑使用指令
make uninstall。如果原始碼已刪的話,只要再使用一次腳本
configure且參數--prefix是當時安裝的路徑後,就可以使用指令刪除了(並不是所有套件都可以使用make uninstall)。
沒有留言:
張貼留言