Argus on Windows

Carter Bullard via Argus-info argus-info at lists.andrew.cmu.edu
Wed May 11 16:14:30 EDT 2016


Hey František,
OK, looking at the conf.log you sent, ./configure is finding all that it needs to work, and is generating Makefiles, which indicates that all is cool.  What are the error message when you run ‘make’ ????

Carter

> On May 6, 2016, at 11:21 AM, Frenky via Argus-info <argus-info at lists.andrew.cmu.edu> wrote:
> 
> Hi Carter,
> I am sorry for my late response and thank you so much for your answer.
> 
> 1.
> Yes I know, that I should put the WpdPack folder to root argus directory. I did it, but it does not work.
> In attachment there is a "config_1.zip", where is output from configure (with installed WIn10pcap in my computer and with WpdPack folder from Winpcap website (not from npcap)) and also there is config.log from this case.
> 
> 2.
> In next case, I tried to build WpdPack by Npcap, which you wrote last time.
> 
> So first I downloaded latest version of Npcap from github. Next I successfully built the Npcap (./installer/Build.bat).
> Finally I built the WpdPack by "build_wpdpack.bat" in the root directory of npcap. However there is a issue, because it can not find "libwpcap.a", etc.. . Output from "build_wpdpack.bat" was:
>             "
>             .
>             .
>             Creating \Lib folder
>             File not found - wpcap.lib
>             File not found - wpcap.lib
>             File not found - packet.lib
>             File not found - packet.lib
>             File not found - libpacket.a
>             File not found - libwpcap.a
>             Folder \Lib created successfully
>             .
>             .
>             "
> and it means, that inside the "Lib" folder in "WpdPack" there is nothing.
> 
> And the same problem is in original WpdPack (if you download source code, you have to build it as well by "build_wpdpack.bat" (http://www.winpcap.org/devel.htm <http://www.winpcap.org/devel.htm>)).
> 
> So it has to mean, that I am doing it wrong. But I have no idea, what it is wrong.
> I have already sent question to npcap mailing list, so I am waiting. Or do you have some idea please?
> 
> 
> 3.
> Yes I need Argus for my university project/thesis. I will try npcap and I hope it will be ok. However if it doesn't work, I will be very glad for a mode.
> 
> 
> Thank you so much!
> František Střasák
> 
> 
> 
> Quoting Carter Bullard <carter at qosient.com <mailto:carter at qosient.com>>:
> 
>> Hey František,
>> I have not worked with Windows in a while, and so all of this stuff maybe very stale.
>> 
>> The current configure strategy looks for the existence of the ../WpdPack directory, relative to the root argus directory, and then looks for the file ../WpdPack/Lib/libwpcap.a.  If it can’t find this library, then the test fails.
>> 
>> When ./configure runs, it creates a ./config.log file.  It will have at the end of the file the exact reason why the search fails.  If you could send your config.log file, that would be helpful.
>> 
>> Doing a little googling around, it seems that for Windows 10 you will want to try npcap.
>>    https://github.com/nmap/npcap <https://github.com/nmap/npcap> <https://github.com/nmap/npcap <https://github.com/nmap/npcap>>
>> 
>> Now that I am looking at this, Windows, again, appears to have changed its driver strategy and Windows 10 removed the NDIS 5.x legacy support.  Winpcap is an NDIS 5.x project, Windows 10 is NDIS 6.x.  WIn10pcap and npcap have support for NDIS 6.x.   Windows/Microsoft have always seemed to make packet analysis pretty challenging, not sure why.
>> 
>> If you take this on as a project, I can help you, and I will put mods into argus.
>> 
>> Carter
>> 
>> 
>> 
>>> On May 3, 2016, at 4:24 PM, strasfra at fel.cvut.cz wrote:
>>> 
>>> Hi Carter,
>>> thank you for your response.
>>> Ï know, that I have to use winpcap library and cygwin for argus. I have already tried it. It is written in "list of steps", which you can find under my email. There is everything.
>>> 
>>> Thank you very much!
>>> František
>>> 
>>> 
>>> Quoting Carter Bullard <carter at qosient.com>:
>>> 
>>>> Hey František,
>>>> You need the winpcap library and cygwin to use argus on windows.  The README file in the root directory has information regarding winpcap.   Windows is not a primary target for Argus, if you have any problems, send email and we can help !!!
>>>> 
>>>> Carter
>>>> 
>>>>> On May 3, 2016, at 8:13 AM, Frenky via Argus-info <argus-info at lists.andrew.cmu.edu> wrote:
>>>>> 
>>>>> ==================== Question ================
>>>>> I need to install argus on Windows 10 for my project.
>>>>> The installation consists of 2 parts:
>>>>> 1) ./configure
>>>>> 2) make
>>>>> 
>>>>> I have some issue with "./configure", because it can not find libpcap libraries.
>>>>> Below this, you can find a list of steps, which I have alredy done, but with out success. Also you can find original install file from argus called "INSTALL" in attachment.
>>>>> 
>>>>> -Does anybody know, where problem is?
>>>>> -Shoud I build the WpdPack or just unzip?
>>>>>    -If I should build, how can I build? (problem with "-mno-cygwin")
>>>>>    -If not, what is wrong?
>>>>> 
>>>>> 
>>>>> Thanks a lot!
>>>>> František Střasák
>>>>> CTU FEE, Czech republic, Prague
>>>>> 
>>>>> 
>>>>> 
>>>>> ==================== My list of steps for installing Argus =================
>>>>> 
>>>>> ---------------------------------------
>>>>> --------- My requirements--------------
>>>>> Operating system: Windows 10 (64bit)
>>>>> Downloaded Argus: argus-3.0.8.1
>>>>> Cygwin: cygwin 2.873 (32bit)
>>>>> Inside the cygwin is: gcc5
>>>>> ---------------------------------------
>>>>> ---------------------------------------
>>>>> 
>>>>> 
>>>>> I folowed argus installation file, where are information for linux besides fow windows as well.
>>>>> This is part for windows: (The entire file is in attachment)
>>>>> 
>>>>>              "
>>>>>              CYGWIN
>>>>> 
>>>>>              Argus has been ported to Cygwin, the RedHat Linux environment for Windows.
>>>>>              Cygwin can be found at  http://www.cygwin.com. Install the latest version
>>>>>              of Cygwin, modifying the default install to include the developement support.
>>>>> 
>>>>>              As noted above, you will need bison and flex and optionally tcpwrappers,
>>>>>              which are available for Cygwin.
>>>>> 
>>>>>              On CYGWIN, the libpcap function is provided by the WinPcap Developers Pack.
>>>>>              The current version can be found at:
>>>>> 
>>>>>                 http://www.winpcap.org/devel.htm
>>>>> 
>>>>>              Place the unzipped WpdPack folder in the same directory that you
>>>>>              untared argus, and the argus ./configure script will find it
>>>>>              and do the right thing.  At this point, to make argus:
>>>>> 
>>>>>                 % ./configure
>>>>>                 % make
>>>>> 
>>>>>              That should make an argus binary that can be installed as a Windows
>>>>>              service, using the cygrunsrv() program.
>>>>> 
>>>>>              Because interface names are so difficult to use on Windows, the Cygwin
>>>>>              port of argus allows you to specify an index for the interface you want
>>>>>              to monitor.  By running argus without an interface specification, argus
>>>>>              will print out the available interfaces, with thier indexes. Use the
>>>>>              index number on the command line, or in the argus.conf file.
>>>>> 
>>>>>              To setup argus as a system service under CYGWIN, use the cygrunsvc()
>>>>>              program.  Argus will write its output to /var/log/argus.log, so check
>>>>>              there is you have any problems.
>>>>>              "
>>>>> 
>>>>> 
>>>>> 
>>>>> Works successfuly:
>>>>> 1. downloading and installing flex and bison => it is ok...during argus installation configuration is able to find it.
>>>>> 
>>>>> Problems:
>>>>> 1. Problem with WinPcap => Argus canot find it during installation.
>>>>> 2. tcp_wrappers is downloaded on my cygwin => Argus canot find it during installation.
>>>>> 
>>>>> 
>>>>> My few last line from output, where is checked libpcap:
>>>>> 
>>>>>              "
>>>>>              .
>>>>>              .
>>>>>              checking for local tcp_wrappers library... not found
>>>>>              checking for system tcp_wrappers library... checking tcpd.h usability... no
>>>>>              checking tcpd.h presence... no
>>>>>              checking for tcpd.h... no
>>>>>              checking for local pcap library... not found
>>>>>              checking for pcap-config... no
>>>>>              checking for main in -lpcap... no
>>>>>              not found
>>>>>              checking for main in -lpcap... (cached) no
>>>>>              checking for local wpcap library... no
>>>>>              configure: error: see the INSTALL doc for more info
>>>>>              "
>>>>> 
>>>>> 
>>>>> ====== WinPcap =====
>>>>> 1. From http://www.winpcap.org/devel.htm I download WinPcap (it is .exe file, which install some library).
>>>>> 2. According the argus install file I downloaded "WinPcap Developers Pack" and I unzipped WpdPack folder in the same directory that I untared argus, but argus ./configuration can not find it.
>>>>> 3. So I tried to find, if I should build the WpdPack. (It is not written in argus install file, if it should be build (There is just: "download and unzip")).
>>>>> 
>>>>> I found this solution for build WpdPack: (http://stackoverflow.com/questions/2396251/help-installing-libpcap-on-cygwin)
>>>>> 
>>>>>                              "
>>>>>              Setup Winpcap
>>>>>              1.
>>>>>              Download and unzip the pack. We will use for this example WpdPack_4_0_1.zip.
>>>>>              Copy libraries like this:
>>>>> 
>>>>>              WpdPack\Lib\libpacket.a to cygwin\lib\
>>>>>              WpdPack\Lib\libwpcap.a to cygwin\lib\
>>>>>              Create a folder cygwin\usr\include\pcap\
>>>>>              Copy all headers from WpdPack\Include to cygwin\usr\include\winpcap\
>>>>>              Be sure you have installed Winpcap libraries and that they are in your path by typing:
>>>>>              2.
>>>>>              which packet.dll
>>>>>              which wpcap.dll
>>>>>              For me they are in /cygdrive/c/WINDOWS/system32/
>>>>> 
>>>>>              3.
>>>>>              Building example using Cygwin
>>>>> 
>>>>>              Open a cygwin prompt to WpdPack\Examples-pcap\basic_dump\ and execute:
>>>>> 
>>>>>              basic_dump:
>>>>> 
>>>>>              CFLAGS="-g -Wall -mno-cygwin -I /usr/include/pcap"
>>>>>              LIBS="-lwpcap"
>>>>>              PROG="basic_dump"
>>>>>              gcc $CFLAGS -c $PROG.c
>>>>>              gcc $CFLAGS -o $PROG.exe $PROG.o $LIBS
>>>>>              ./$PROG.exe
>>>>>              basic_dump_ex:
>>>>> 
>>>>>              CFLAGS="-g -Wall -mno-cygwin -I /usr/include/pcap"
>>>>>              LIBS="-lwpcap"
>>>>>              PROG="basic_dump_ex"
>>>>>              gcc $CFLAGS -c $PROG.c
>>>>>              gcc $CFLAGS -o $PROG.exe $PROG.o $LIBS
>>>>>              ./$PROG.exe
>>>>>              iflist:
>>>>> 
>>>>>              CFLAGS="-g -Wall -mno-cygwin -I /usr/include/pcap"
>>>>>              LIBS="-lwpcap"
>>>>>              PROG="iflist"
>>>>>              gcc $CFLAGS -c $PROG.c
>>>>>              gcc $CFLAGS -o $PROG.exe $PROG.o $LIBS
>>>>>              ./$PROG.exe
>>>>>              pcap_filter (and others):
>>>>> 
>>>>>              I think you can catch the pattern ;) Only replace PROG=... by the program name and it should compile.
>>>>>              UDPdump:
>>>>> 
>>>>>              CFLAGS="-g -Wall -mno-cygwin -I /usr/include/pcap"
>>>>>              LIBS="-lwpcap -lwsock32"
>>>>>              PROG="UDPdump"
>>>>>              gcc $CFLAGS -c $PROG.c
>>>>>              gcc $CFLAGS -o $PROG.exe $PROG.o $LIBS
>>>>>              ./$PROG.exe
>>>>>              "
>>>>> 
>>>>> First and second steps were ok. However third step about building does not work. The problem is with "-mno-cygwin" because if I try to compile this:
>>>>> 
>>>>>              "
>>>>>              CFLAGS="-g -Wall -mno-cygwin -I /usr/include/pcap"
>>>>>              LIBS="-lwpcap"
>>>>>              PROG="basic_dump"
>>>>>              gcc $CFLAGS -c $PROG.c
>>>>>              gcc $CFLAGS -o $PROG.exe $PROG.o $LIBS
>>>>>              ./$PROG.exe
>>>>>              "
>>>>> 
>>>>> It gives me:
>>>>>               "gcc: error: unrecognized command line option ‘-mno-cygwin’"
>>>>> 
>>>>> 
>>>>> First I found out, that I could do by "min-gw", which could provide to me compiling without "-mno-cygwin".
>>>>>      1. I compile with "-mno-cygwin". It says, that it does not know it.
>>>>>      2. With out "-mno-cygwin", nothing
>>>>> 
>>>>> 
>>>>> 
>>>>> After more searching, I found out, that "-mno-cygwin" was in gcc3 and now in my cygwin32 is gcc5. And I could not switch to gcc3. If I look at to cygwin installer,
>>>>> there was no old version gcc for installation.
>>>>> 
>>>>> I could find, that in newer versions gcc I should use intead of "-mno-cygwin" just "mingw". However it does not work, it gives me:  "gcc: error: mingw: No such file or directory".
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> <INSTALL>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20160511/4a4c2c8c/attachment.html>


More information about the argus mailing list