Printable Version of Topic

Click here to view this topic in its original format

Linuxhelp _ Technical Support _ libpcap and Snort problem on Ubuntu 10.043

Posted by: boeckelr Oct 11 2011, 10:27 PM

Hi everyone,

I am not new to Linux but I am also not an expert. But I have been able to successfully install and use Snort for the past 8 years on a variety of distros.

Last week I tried to install Snort 2.9.1 onto Ubuntu 10.043 32bit - and ran into a big problem. Ubuntu 10.043 and most distros out there come with libpcap0.8 installed...or at least a version that is less than libpcap-1.0.0.

The problem is that Snort and its helper program DAQ require libpcap>=1.0, and when I try to compile DAQ I receive a libpcap>=1.0 error.

I have tried everything I can think of to solve this. I have removed the libpcap0.8 that came with the distro (which also removed a bunch of packages that depended on it) and tried to compile libpcap-1.0.0 (and also libpcap-1.1.1 when 1.0.0 didnt work), but although I can then compile DAQ, Snort wont run.

I appealed to the Snort listserv - and received some help - someone showed me how to keep the version of libpcap that came installed with Ubuntu, and compile v1.0 in /opt and then point DAQ and Snort to it....but the syntax was incorrect and it wouldnt work.

So what I am asking is for someone to please tell me how to solve this (in detail since I am not a Linux expert). I have tried this on CentOS and FC15 with the same results. The weird thing was last week somehow I muddled thru this and got everything compiled correctly - I dont know what I did differently - but I had some other issues which caused me to reinstall Ubuntu.....and now I am stuck with this problem.

So to sum it up - could someone *please* help explain to me how I put a newer version of libpcap onto Ubuntu and get it to work? I am also amenable to the other option, which is to put the newer version in a different directory, and just use it for Snort and DAQ - as long as it works.

I greatly appreciate any and all help you are able to provide me. In all of my years using Linux this is without a doubt the most difficult problem I have been faced with.

Take care,

Posted by: michaelk Oct 12 2011, 05:03 AM

You might have to install libpcap from source and snort from source instead of the distribution's repositories.

Powered by Invision Power Board (
© Invision Power Services (