Hi Yuri,
Ok we aware of other packet capture engines like libpcap and
winpcap(windows) etc. So what we read about pf_ring is its capability to
capture at wire speed. Thus we thought of using it to minimize packet
dropping for analysis. So now we need a simple sample with out any other
library just pf_ring to capture packets and the rest we can do our self
like pay load analysis etc.
On Fri, May 24, 2013 at 10:16 AM, Yuri Francalacci <[email protected]> wrote:
> a clean machine is a machine where you did not install anything except the
> base os.
> After this, the question is what is your goal?
> the pfring package gives all the stuff needed to create "pfring"ed
> binaries. So, if you want to compile a program with pfring you got all the
> tools, but if it is not your goal, the package is useless.
>
>
>
> On 2013-05-24 14:52, frwa onto wrote:
>
>> Dear Yuri,
>> My machine is Centos 6.4 a clean machine
>> and just installed via the .rpm package which is the right way to
>> install on Centos. So what is your idea being a clean machine what
>> could go wrong there? Thank you.
>>
>> On Fri, May 24, 2013 at 2:06 AM, Yuri Francalacci <[email protected] [21]>
>> wrote:
>>
>> It is pretty explicit whats wrong in your command.
>>>
>>>
>>> pfcount.c:48:23: error: pcap/pcap.h: No such file or directory
>>> pfcount.c:49:22: error: pcap/bpf.h: No such file or directory
>>>
>>> Ive read a lot of mail with several error but PF_RING is used by a
>>> lot of people without all these troubles.
>>> Probably the environment you are using (your system configuration,
>>> the user you are using or something else) is not so clean, so what I
>>> suggest you is to start from scratch on a clean env, if you need to
>>> compile yourself PF_RING, download its sources and nothing else and
>>> follow the README files.
>>> Cheers, Yuri
>>>
>>> On 24/mag/2013, at 04:52, frwa onto <[email protected] [1]> wrote:
>>>
>>> > Hi Vito,
>>> > This round I have checked every - and still below
>>> is the results. Thank you for your help man.
>>> > gcc -O2 -DHAVE_PF_RING -Wall -I../../kernel
>>> -I../../kernel/plugins -I../lib -I../libpcap-1.1.1-ring -D
>>> HAVE_ZERO -D ENABLE_BPF -O2 -c pfcount.c -o pfcount1.o
>>> > pfcount.c:48:23: error: pcap/pcap.h: No such file or directory
>>> > pfcount.c:49:22: error: pcap/bpf.h: No such file or directory
>>> > In file included from pfcount.c:53:
>>> > /usr/local/include/pfring.h:**438:25: error: pfring_zero.h: No such
>>> file or directory
>>> > pfcount.c: In function ‘parse_bpf_filter’:
>>> > pfcount.c:370: warning: implicit declaration of function
>>> ‘pcap_compile_nopcap’
>>> > pfcount.c:371: error: ‘DLT_EN10MB’ undeclared (first use in
>>> this function)
>>> > pfcount.c:371: error: (Each undeclared identifier is reported
>>> only once
>>> > pfcount.c:371: error: for each function it appears in.)
>>> > pfcount.c:380: error: invalid use of undefined type ‘struct
>>> bpf_program’
>>> > pfcount.c: In function ‘dummyProcesssPacket’:
>>> > pfcount.c:398: warning: implicit declaration of function
>>> ‘bpf_filter’
>>> > pfcount.c:398: error: invalid use of undefined type ‘struct
>>> bpf_program’
>>> >
>>> >
>>> >
>>> > On Thu, May 23, 2013 at 3:31 AM, [email protected] [2]
>>> <[email protected] [3]> wrote:
>>> > On 05/23/2013 03:57 AM, frwa onto wrote:
>>> > > Hi Vito,
>>> > > I end up this problem now
>>> > >
>>> > > gcc -O2 -DHAVE_PF_RING -Wall -I../../kernel
>>> -I../../kernel/plugins
>>> > > -I../lib I../libpcap-1.1.1-ring -D HAVE_ZERO -D ENABLE_BPF
>>> -O2 -c
>>> > > pfcount.c -o pfcount11.o
>>> > > gcc: I../libpcap-1.1.1-ring: No such file or directory
>>> >
>>> > again you missed the minus in front of this option:
>>> > "I../libpcap-1.1.1-ring" should be "-I../libpcap-1.1.1-ring"
>>> >
>>> >
>>> > regards
>>> > vito
>>> >
>>> > > pfcount.c:48:23: error: pcap/pcap.h: No such file or directory
>>> > > pfcount.c:49:22: error: pcap/bpf.h: No such file or directory
>>> > > In file included from pfcount.c:53:
>>> > > /usr/local/include/pfring.h:**438:25: error: pfring_zero.h: No
>>> such file
>>> > > or directory
>>> > > pfcount.c: In function ‘parse_bpf_filter’:
>>> > > pfcount.c:370: warning: implicit declaration of function
>>> > > ‘pcap_compile_nopcap’
>>> > > pfcount.c:371: error: ‘DLT_EN10MB’ undeclared (first use in
>>> this function)
>>> > > pfcount.c:371: error: (Each undeclared identifier is reported
>>> only once
>>> > > pfcount.c:371: error: for each function it appears in.)
>>> > > pfcount.c:380: error: invalid use of undefined type ‘struct
>>> bpf_program’
>>> > > pfcount.c: In function ‘dummyProcesssPacket’:
>>> > > pfcount.c:398: warning: implicit declaration of function
>>> ‘bpf_filter’
>>> > > pfcount.c:398: error: invalid use of undefined type ‘struct
>>> bpf_program’
>>> > >
>>> > >
>>> > > On Wed, May 22, 2013 at 9:34 AM, [email protected] [4]
>>> > > <mailto:[email protected] [5]> <[email protected] [6]
>>>
>>> > > <mailto:[email protected] [7]>> wrote:
>>> > >
>>> > > Hello
>>> > > On 05/22/2013 09:50 AM, frwa onto wrote:
>>> > > > Hi Vito,
>>> > > > Let me first thank you a lot you have
>>> been helping me a lot
>>> > > > since these few days and appreciate it.
>>> > >
>>> > > np, youre welcome
>>>
>>> > >
>>> > > > 1.
>>> > > > Ok I was then compiling it the wrong way. Why it need
>>> to be so
>>> > > > complicated ? Isnt the libraries should be linked
>>> automatically.
>>> > >
>>> > > yes but you have to setup the write include/lib path
>>> because the pfring
>>> > > aware ones overlap the one that came with the OS...
>>> > >
>>> > > >So
>>> > > > what I did I tried the first command as below and I
>>> just chance the
>>> > > > output to pfcount11. Since this already giving error I
>>> could not
>>> > > run the
>>> > > > second command and still confuse why need these 2
>>> command. Ok let me
>>> > > > tell you what I plan is to purely use pf_ring to
>>> capture packets
>>> > > at wire
>>> > > > speed as it suppose to do. So for that how should I
>>> work around
>>> > > with out
>>> > > > the legacy pcap ?
>>> > > >
>>> > > > gcc -O2 -DHAVE_PF_RING -Wall -I../../kernel
>>> -I../../kernel/plugins
>>> > > > -I../lib I../libpcap-1.1.1-ring -D HAVE_ZERO -D
>>> ENABLE_BPF -O2 -c
>>> > > > pfcount.c -o pfcount11.o
>>> > >
>>> > >
>>> > > missing the minus?
>>> > >
>>> > > I../libpcap-1.1.1-ring --> -I../libpcap-1.1.1-ring
>>> > >
>>> > > let me know if it helps
>>> > >
>>> > > ciao
>>> > > -v
>>> > > ______________________________**_________________
>>> > > Ntop-misc mailing list
>>> > > [email protected] [8]
>>> <mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>[9]>
>>> > >
>>> > > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>> [10]
>>> > >
>>> > >
>>> > >
>>> > >
>>> > > ______________________________**_________________
>>> > > Ntop-misc mailing list
>>> > > [email protected] [11]
>>> > > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[12]
>>> > >
>>> >
>>> > ______________________________**_________________
>>> > Ntop-misc mailing list
>>> > [email protected] [13]
>>> > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[14]
>>> >
>>> > ______________________________**_________________
>>> > Ntop-misc mailing list
>>> > [email protected] [15]
>>> > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[16]
>>>
>>> ##############################**#################
>>> Yuri Francalacci - [email protected] [17] -
>>> http://www.ntop.org [18]
>>>
>>> "Simplicity is the ultimate sophistication" - Leonardo da Vinci
>>> ##############################**#################
>>>
>>> ______________________________**_________________
>>> Ntop-misc mailing list
>>> [email protected] [19]
>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[20]
>>>
>>
>>
>>
>> Links:
>> ------
>> [1] mailto:[email protected]
>> [2] mailto:[email protected]
>> [3] mailto:[email protected]
>> [4] mailto:[email protected]
>> [5] mailto:[email protected]
>> [6] mailto:[email protected]
>> [7] mailto:[email protected]
>> [8] mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>> [9] mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>> [10]
>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>> [11] mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>> [12]
>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>> [13] mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>> [14]
>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>> [15] mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>> [16]
>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>> [17] mailto:[email protected]
>> [18] http://www.ntop.org
>> [19] mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>> [20]
>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>> [21] mailto:[email protected]
>>
>
> --
> Yuri Francalacci
> [email protected]
> "It seems that perfection is reached not when there is nothing left to add,
> but when there is nothing left to take away"
> Antoine de Saint Exupéry
>
> ______________________________**_________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
