Argus on Windows
Frenky via Argus-info
argus-info at lists.andrew.cmu.edu
Wed May 18 06:06:36 EDT 2016
Hi Carter,
Argus works! :D The problems were in enviroment variable and etc...
If you want and if you give me time I can send you list of steps for
installing on WIN10, WIN8, etc... .
Thnak you for your time !!!
Frantisek
Quoting Carter Bullard <carter at qosient.com>:
> Hey František,
> OK, looking at the conf.log you sent, ./configure is finding all
> that it needs to work, and is generating Makefiles, which indicates
> that all is cool. What are the error message when you run ‘make’ ????
>
> Carter
>
>> On May 6, 2016, at 11:21 AM, Frenky via Argus-info
>> <argus-info at lists.andrew.cmu.edu> wrote:
>>
>> Hi Carter,
>> I am sorry for my late response and thank you so much for your answer.
>>
>> 1.
>> Yes I know, that I should put the WpdPack folder to root argus
>> directory. I did it, but it does not work.
>> In attachment there is a "config_1.zip", where is output from
>> configure (with installed WIn10pcap in my computer and with WpdPack
>> folder from Winpcap website (not from npcap)) and also there is
>> config.log from this case.
>>
>> 2.
>> In next case, I tried to build WpdPack by Npcap, which you wrote last time.
>>
>> So first I downloaded latest version of Npcap from github. Next I
>> successfully built the Npcap (./installer/Build.bat).
>> Finally I built the WpdPack by "build_wpdpack.bat" in the root
>> directory of npcap. However there is a issue, because it can not
>> find "libwpcap.a", etc.. . Output from "build_wpdpack.bat" was:
>> "
>> .
>> .
>> Creating \Lib folder
>> File not found - wpcap.lib
>> File not found - wpcap.lib
>> File not found - packet.lib
>> File not found - packet.lib
>> File not found - libpacket.a
>> File not found - libwpcap.a
>> Folder \Lib created successfully
>> .
>> .
>> "
>> and it means, that inside the "Lib" folder in "WpdPack" there is nothing.
>>
>> And the same problem is in original WpdPack (if you download source
>> code, you have to build it as well by "build_wpdpack.bat"
>> (http://www.winpcap.org/devel.htm
>> <http://www.winpcap.org/devel.htm>)).
>>
>> So it has to mean, that I am doing it wrong. But I have no idea,
>> what it is wrong.
>> I have already sent question to npcap mailing list, so I am
>> waiting. Or do you have some idea please?
>>
>>
>> 3.
>> Yes I need Argus for my university project/thesis. I will try npcap
>> and I hope it will be ok. However if it doesn't work, I will be
>> very glad for a mode.
>>
>>
>> Thank you so much!
>> František Střasák
>>
>>
>>
>> Quoting Carter Bullard <carter at qosient.com <mailto:carter at qosient.com>>:
>>
>>> Hey František,
>>> I have not worked with Windows in a while, and so all of this
>>> stuff maybe very stale.
>>>
>>> The current configure strategy looks for the existence of the
>>> ../WpdPack directory, relative to the root argus directory, and
>>> then looks for the file ../WpdPack/Lib/libwpcap.a. If it can’t
>>> find this library, then the test fails.
>>>
>>> When ./configure runs, it creates a ./config.log file. It will
>>> have at the end of the file the exact reason why the search fails.
>>> If you could send your config.log file, that would be helpful.
>>>
>>> Doing a little googling around, it seems that for Windows 10 you
>>> will want to try npcap.
>>> https://github.com/nmap/npcap <https://github.com/nmap/npcap>
>>> <https://github.com/nmap/npcap <https://github.com/nmap/npcap>>
>>>
>>> Now that I am looking at this, Windows, again, appears to have
>>> changed its driver strategy and Windows 10 removed the NDIS 5.x
>>> legacy support. Winpcap is an NDIS 5.x project, Windows 10 is
>>> NDIS 6.x. WIn10pcap and npcap have support for NDIS 6.x.
>>> Windows/Microsoft have always seemed to make packet analysis
>>> pretty challenging, not sure why.
>>>
>>> If you take this on as a project, I can help you, and I will put
>>> mods into argus.
>>>
>>> Carter
>>>
>>>
>>>
>>>> On May 3, 2016, at 4:24 PM, strasfra at fel.cvut.cz wrote:
>>>>
>>>> Hi Carter,
>>>> thank you for your response.
>>>> Ï know, that I have to use winpcap library and cygwin for argus.
>>>> I have already tried it. It is written in "list of steps", which
>>>> you can find under my email. There is everything.
>>>>
>>>> Thank you very much!
>>>> František
>>>>
>>>>
>>>> Quoting Carter Bullard <carter at qosient.com>:
>>>>
>>>>> Hey František,
>>>>> You need the winpcap library and cygwin to use argus on windows.
>>>>> The README file in the root directory has information regarding
>>>>> winpcap. Windows is not a primary target for Argus, if you
>>>>> have any problems, send email and we can help !!!
>>>>>
>>>>> Carter
>>>>>
>>>>>> On May 3, 2016, at 8:13 AM, Frenky via Argus-info
>>>>>> <argus-info at lists.andrew.cmu.edu> wrote:
>>>>>>
>>>>>> ==================== Question ================
>>>>>> I need to install argus on Windows 10 for my project.
>>>>>> The installation consists of 2 parts:
>>>>>> 1) ./configure
>>>>>> 2) make
>>>>>>
>>>>>> I have some issue with "./configure", because it can not find
>>>>>> libpcap libraries.
>>>>>> Below this, you can find a list of steps, which I have alredy
>>>>>> done, but with out success. Also you can find original install
>>>>>> file from argus called "INSTALL" in attachment.
>>>>>>
>>>>>> -Does anybody know, where problem is?
>>>>>> -Shoud I build the WpdPack or just unzip?
>>>>>> -If I should build, how can I build? (problem with "-mno-cygwin")
>>>>>> -If not, what is wrong?
>>>>>>
>>>>>>
>>>>>> Thanks a lot!
>>>>>> František Střasák
>>>>>> CTU FEE, Czech republic, Prague
>>>>>>
>>>>>>
>>>>>>
>>>>>> ==================== My list of steps for installing Argus
>>>>>> =================
>>>>>>
>>>>>> ---------------------------------------
>>>>>> --------- My requirements--------------
>>>>>> Operating system: Windows 10 (64bit)
>>>>>> Downloaded Argus: argus-3.0.8.1
>>>>>> Cygwin: cygwin 2.873 (32bit)
>>>>>> Inside the cygwin is: gcc5
>>>>>> ---------------------------------------
>>>>>> ---------------------------------------
>>>>>>
>>>>>>
>>>>>> I folowed argus installation file, where are information for
>>>>>> linux besides fow windows as well.
>>>>>> This is part for windows: (The entire file is in attachment)
>>>>>>
>>>>>> "
>>>>>> CYGWIN
>>>>>>
>>>>>> Argus has been ported to Cygwin, the RedHat Linux
>>>>>> environment for Windows.
>>>>>> Cygwin can be found at http://www.cygwin.com.
>>>>>> Install the latest version
>>>>>> of Cygwin, modifying the default install to
>>>>>> include the developement support.
>>>>>>
>>>>>> As noted above, you will need bison and flex and
>>>>>> optionally tcpwrappers,
>>>>>> which are available for Cygwin.
>>>>>>
>>>>>> On CYGWIN, the libpcap function is provided by the
>>>>>> WinPcap Developers Pack.
>>>>>> The current version can be found at:
>>>>>>
>>>>>> http://www.winpcap.org/devel.htm
>>>>>>
>>>>>> Place the unzipped WpdPack folder in the same
>>>>>> directory that you
>>>>>> untared argus, and the argus ./configure script
>>>>>> will find it
>>>>>> and do the right thing. At this point, to make argus:
>>>>>>
>>>>>> % ./configure
>>>>>> % make
>>>>>>
>>>>>> That should make an argus binary that can be
>>>>>> installed as a Windows
>>>>>> service, using the cygrunsrv() program.
>>>>>>
>>>>>> Because interface names are so difficult to use on
>>>>>> Windows, the Cygwin
>>>>>> port of argus allows you to specify an index for
>>>>>> the interface you want
>>>>>> to monitor. By running argus without an interface
>>>>>> specification, argus
>>>>>> will print out the available interfaces, with
>>>>>> thier indexes. Use the
>>>>>> index number on the command line, or in the
>>>>>> argus.conf file.
>>>>>>
>>>>>> To setup argus as a system service under CYGWIN,
>>>>>> use the cygrunsvc()
>>>>>> program. Argus will write its output to
>>>>>> /var/log/argus.log, so check
>>>>>> there is you have any problems.
>>>>>> "
>>>>>>
>>>>>>
>>>>>>
>>>>>> Works successfuly:
>>>>>> 1. downloading and installing flex and bison => it is
>>>>>> ok...during argus installation configuration is able to find it.
>>>>>>
>>>>>> Problems:
>>>>>> 1. Problem with WinPcap => Argus canot find it during installation.
>>>>>> 2. tcp_wrappers is downloaded on my cygwin => Argus canot find
>>>>>> it during installation.
>>>>>>
>>>>>>
>>>>>> My few last line from output, where is checked libpcap:
>>>>>>
>>>>>> "
>>>>>> .
>>>>>> .
>>>>>> checking for local tcp_wrappers library... not found
>>>>>> checking for system tcp_wrappers library...
>>>>>> checking tcpd.h usability... no
>>>>>> checking tcpd.h presence... no
>>>>>> checking for tcpd.h... no
>>>>>> checking for local pcap library... not found
>>>>>> checking for pcap-config... no
>>>>>> checking for main in -lpcap... no
>>>>>> not found
>>>>>> checking for main in -lpcap... (cached) no
>>>>>> checking for local wpcap library... no
>>>>>> configure: error: see the INSTALL doc for more info
>>>>>> "
>>>>>>
>>>>>>
>>>>>> ====== WinPcap =====
>>>>>> 1. From http://www.winpcap.org/devel.htm I download WinPcap (it
>>>>>> is .exe file, which install some library).
>>>>>> 2. According the argus install file I downloaded "WinPcap
>>>>>> Developers Pack" and I unzipped WpdPack folder in the same
>>>>>> directory that I untared argus, but argus ./configuration can
>>>>>> not find it.
>>>>>> 3. So I tried to find, if I should build the WpdPack. (It is
>>>>>> not written in argus install file, if it should be build (There
>>>>>> is just: "download and unzip")).
>>>>>>
>>>>>> I found this solution for build WpdPack:
>>>>>> (http://stackoverflow.com/questions/2396251/help-installing-libpcap-on-cygwin)
>>>>>>
>>>>>> "
>>>>>> Setup Winpcap
>>>>>> 1.
>>>>>> Download and unzip the pack. We will use for this
>>>>>> example WpdPack_4_0_1.zip.
>>>>>> Copy libraries like this:
>>>>>>
>>>>>> WpdPack\Lib\libpacket.a to cygwin\lib\
>>>>>> WpdPack\Lib\libwpcap.a to cygwin\lib\
>>>>>> Create a folder cygwin\usr\include\pcap\
>>>>>> Copy all headers from WpdPack\Include to
>>>>>> cygwin\usr\include\winpcap\
>>>>>> Be sure you have installed Winpcap libraries and
>>>>>> that they are in your path by typing:
>>>>>> 2.
>>>>>> which packet.dll
>>>>>> which wpcap.dll
>>>>>> For me they are in /cygdrive/c/WINDOWS/system32/
>>>>>>
>>>>>> 3.
>>>>>> Building example using Cygwin
>>>>>>
>>>>>> Open a cygwin prompt to
>>>>>> WpdPack\Examples-pcap\basic_dump\ and execute:
>>>>>>
>>>>>> basic_dump:
>>>>>>
>>>>>> CFLAGS="-g -Wall -mno-cygwin -I /usr/include/pcap"
>>>>>> LIBS="-lwpcap"
>>>>>> PROG="basic_dump"
>>>>>> gcc $CFLAGS -c $PROG.c
>>>>>> gcc $CFLAGS -o $PROG.exe $PROG.o $LIBS
>>>>>> ./$PROG.exe
>>>>>> basic_dump_ex:
>>>>>>
>>>>>> CFLAGS="-g -Wall -mno-cygwin -I /usr/include/pcap"
>>>>>> LIBS="-lwpcap"
>>>>>> PROG="basic_dump_ex"
>>>>>> gcc $CFLAGS -c $PROG.c
>>>>>> gcc $CFLAGS -o $PROG.exe $PROG.o $LIBS
>>>>>> ./$PROG.exe
>>>>>> iflist:
>>>>>>
>>>>>> CFLAGS="-g -Wall -mno-cygwin -I /usr/include/pcap"
>>>>>> LIBS="-lwpcap"
>>>>>> PROG="iflist"
>>>>>> gcc $CFLAGS -c $PROG.c
>>>>>> gcc $CFLAGS -o $PROG.exe $PROG.o $LIBS
>>>>>> ./$PROG.exe
>>>>>> pcap_filter (and others):
>>>>>>
>>>>>> I think you can catch the pattern ;) Only replace
>>>>>> PROG=... by the program name and it should compile.
>>>>>> UDPdump:
>>>>>>
>>>>>> CFLAGS="-g -Wall -mno-cygwin -I /usr/include/pcap"
>>>>>> LIBS="-lwpcap -lwsock32"
>>>>>> PROG="UDPdump"
>>>>>> gcc $CFLAGS -c $PROG.c
>>>>>> gcc $CFLAGS -o $PROG.exe $PROG.o $LIBS
>>>>>> ./$PROG.exe
>>>>>> "
>>>>>>
>>>>>> First and second steps were ok. However third step about
>>>>>> building does not work. The problem is with "-mno-cygwin"
>>>>>> because if I try to compile this:
>>>>>>
>>>>>> "
>>>>>> CFLAGS="-g -Wall -mno-cygwin -I /usr/include/pcap"
>>>>>> LIBS="-lwpcap"
>>>>>> PROG="basic_dump"
>>>>>> gcc $CFLAGS -c $PROG.c
>>>>>> gcc $CFLAGS -o $PROG.exe $PROG.o $LIBS
>>>>>> ./$PROG.exe
>>>>>> "
>>>>>>
>>>>>> It gives me:
>>>>>> "gcc: error: unrecognized command line option
>>>>>> ‘-mno-cygwin’"
>>>>>>
>>>>>>
>>>>>> First I found out, that I could do by "min-gw", which could
>>>>>> provide to me compiling without "-mno-cygwin".
>>>>>> 1. I compile with "-mno-cygwin". It says, that it does not know it.
>>>>>> 2. With out "-mno-cygwin", nothing
>>>>>>
>>>>>>
>>>>>>
>>>>>> After more searching, I found out, that "-mno-cygwin" was in
>>>>>> gcc3 and now in my cygwin32 is gcc5. And I could not switch to
>>>>>> gcc3. If I look at to cygwin installer,
>>>>>> there was no old version gcc for installation.
>>>>>>
>>>>>> I could find, that in newer versions gcc I should use intead of
>>>>>> "-mno-cygwin" just "mingw". However it does not work, it gives
>>>>>> me: "gcc: error: mingw: No such file or directory".
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> <INSTALL>
More information about the argus
mailing list