Argus on Windows
Frenky via Argus-info
argus-info at lists.andrew.cmu.edu
Fri May 20 06:57:21 EDT 2016
Yes, I will send it, but after my exam time (in 3-4 weeks).
Thank you for understanding.
Frantisek
Quoting Carter Bullard via Argus-info <argus-info at lists.andrew.cmu.edu>:
> Hey Frantisek,
> Great news !!! To keep our docs upto date, could you send a little
> guide to the mailing list ???
> I will put together a README.WIN file that we'll put in the
> distribution for others !!
>
> Thanks and great work !!!!!
> Hope all is most excellent !!!!
> Carter
>
>> On May 18, 2016, at 3:06 AM, Frenky via Argus-info
>> <argus-info at lists.andrew.cmu.edu> wrote:
>>
>> Hi Carter,
>> Argus works! :D The problems were in enviroment variable and etc...
>> If you want and if you give me time I can send you list of steps
>> for installing on WIN10, WIN8, etc... .
>>
>> Thnak you for your time !!!
>> Frantisek
>>
>>
>>
>> Quoting Carter Bullard <carter at qosient.com>:
>>
>>> Hey František,
>>> OK, looking at the conf.log you sent, ./configure is finding all
>>> that it needs to work, and is generating Makefiles, which
>>> indicates that all is cool. What are the error message when you
>>> run ‘make’ ????
>>>
>>> Carter
>>>
>>>> On May 6, 2016, at 11:21 AM, Frenky via Argus-info
>>>> <argus-info at lists.andrew.cmu.edu> wrote:
>>>>
>>>> Hi Carter,
>>>> I am sorry for my late response and thank you so much for your answer.
>>>>
>>>> 1.
>>>> Yes I know, that I should put the WpdPack folder to root argus
>>>> directory. I did it, but it does not work.
>>>> In attachment there is a "config_1.zip", where is output from
>>>> configure (with installed WIn10pcap in my computer and with
>>>> WpdPack folder from Winpcap website (not from npcap)) and also
>>>> there is config.log from this case.
>>>>
>>>> 2.
>>>> In next case, I tried to build WpdPack by Npcap, which you wrote
>>>> last time.
>>>>
>>>> So first I downloaded latest version of Npcap from github. Next I
>>>> successfully built the Npcap (./installer/Build.bat).
>>>> Finally I built the WpdPack by "build_wpdpack.bat" in the root
>>>> directory of npcap. However there is a issue, because it can not
>>>> find "libwpcap.a", etc.. . Output from "build_wpdpack.bat" was:
>>>> "
>>>> .
>>>> .
>>>> Creating \Lib folder
>>>> File not found - wpcap.lib
>>>> File not found - wpcap.lib
>>>> File not found - packet.lib
>>>> File not found - packet.lib
>>>> File not found - libpacket.a
>>>> File not found - libwpcap.a
>>>> Folder \Lib created successfully
>>>> .
>>>> .
>>>> "
>>>> and it means, that inside the "Lib" folder in "WpdPack" there is nothing.
>>>>
>>>> And the same problem is in original WpdPack (if you download
>>>> source code, you have to build it as well by "build_wpdpack.bat"
>>>> (http://www.winpcap.org/devel.htm
>>>> <http://www.winpcap.org/devel.htm>)).
>>>>
>>>> So it has to mean, that I am doing it wrong. But I have no idea,
>>>> what it is wrong.
>>>> I have already sent question to npcap mailing list, so I am
>>>> waiting. Or do you have some idea please?
>>>>
>>>>
>>>> 3.
>>>> Yes I need Argus for my university project/thesis. I will try
>>>> npcap and I hope it will be ok. However if it doesn't work, I
>>>> will be very glad for a mode.
>>>>
>>>>
>>>> Thank you so much!
>>>> František Střasák
>>>>
>>>>
>>>>
>>>> Quoting Carter Bullard <carter at qosient.com <mailto:carter at qosient.com>>:
>>>>
>>>>> Hey František,
>>>>> I have not worked with Windows in a while, and so all of this
>>>>> stuff maybe very stale.
>>>>>
>>>>> The current configure strategy looks for the existence of the
>>>>> ../WpdPack directory, relative to the root argus directory, and
>>>>> then looks for the file ../WpdPack/Lib/libwpcap.a. If it can’t
>>>>> find this library, then the test fails.
>>>>>
>>>>> When ./configure runs, it creates a ./config.log file. It will
>>>>> have at the end of the file the exact reason why the search
>>>>> fails. If you could send your config.log file, that would be
>>>>> helpful.
>>>>>
>>>>> Doing a little googling around, it seems that for Windows 10 you
>>>>> will want to try npcap.
>>>>> https://github.com/nmap/npcap <https://github.com/nmap/npcap>
>>>>> <https://github.com/nmap/npcap <https://github.com/nmap/npcap>>
>>>>>
>>>>> Now that I am looking at this, Windows, again, appears to have
>>>>> changed its driver strategy and Windows 10 removed the NDIS 5.x
>>>>> legacy support. Winpcap is an NDIS 5.x project, Windows 10 is
>>>>> NDIS 6.x. WIn10pcap and npcap have support for NDIS 6.x.
>>>>> Windows/Microsoft have always seemed to make packet analysis
>>>>> pretty challenging, not sure why.
>>>>>
>>>>> If you take this on as a project, I can help you, and I will put
>>>>> mods into argus.
>>>>>
>>>>> Carter
>>>>>
>>>>>
>>>>>
>>>>>> On May 3, 2016, at 4:24 PM, strasfra at fel.cvut.cz wrote:
>>>>>>
>>>>>> Hi Carter,
>>>>>> thank you for your response.
>>>>>> Ï know, that I have to use winpcap library and cygwin for
>>>>>> argus. I have already tried it. It is written in "list of
>>>>>> steps", which you can find under my email. There is everything.
>>>>>>
>>>>>> Thank you very much!
>>>>>> František
>>>>>>
>>>>>>
>>>>>> Quoting Carter Bullard <carter at qosient.com>:
>>>>>>
>>>>>>> Hey František,
>>>>>>> You need the winpcap library and cygwin to use argus on
>>>>>>> windows. The README file in the root directory has
>>>>>>> information regarding winpcap. Windows is not a primary
>>>>>>> target for Argus, if you have any problems, send email and we
>>>>>>> can help !!!
>>>>>>>
>>>>>>> Carter
>>>>>>>
>>>>>>>> On May 3, 2016, at 8:13 AM, Frenky via Argus-info
>>>>>>>> <argus-info at lists.andrew.cmu.edu> wrote:
>>>>>>>>
>>>>>>>> ==================== Question ================
>>>>>>>> I need to install argus on Windows 10 for my project.
>>>>>>>> The installation consists of 2 parts:
>>>>>>>> 1) ./configure
>>>>>>>> 2) make
>>>>>>>>
>>>>>>>> I have some issue with "./configure", because it can not find
>>>>>>>> libpcap libraries.
>>>>>>>> Below this, you can find a list of steps, which I have alredy
>>>>>>>> done, but with out success. Also you can find original
>>>>>>>> install file from argus called "INSTALL" in attachment.
>>>>>>>>
>>>>>>>> -Does anybody know, where problem is?
>>>>>>>> -Shoud I build the WpdPack or just unzip?
>>>>>>>> -If I should build, how can I build? (problem with "-mno-cygwin")
>>>>>>>> -If not, what is wrong?
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks a lot!
>>>>>>>> František Střasák
>>>>>>>> CTU FEE, Czech republic, Prague
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ==================== My list of steps for installing Argus
>>>>>>>> =================
>>>>>>>>
>>>>>>>> ---------------------------------------
>>>>>>>> --------- My requirements--------------
>>>>>>>> Operating system: Windows 10 (64bit)
>>>>>>>> Downloaded Argus: argus-3.0.8.1
>>>>>>>> Cygwin: cygwin 2.873 (32bit)
>>>>>>>> Inside the cygwin is: gcc5
>>>>>>>> ---------------------------------------
>>>>>>>> ---------------------------------------
>>>>>>>>
>>>>>>>>
>>>>>>>> I folowed argus installation file, where are information for
>>>>>>>> linux besides fow windows as well.
>>>>>>>> This is part for windows: (The entire file is in attachment)
>>>>>>>>
>>>>>>>> "
>>>>>>>> CYGWIN
>>>>>>>>
>>>>>>>> Argus has been ported to Cygwin, the RedHat Linux
>>>>>>>> environment for Windows.
>>>>>>>> Cygwin can be found at http://www.cygwin.com.
>>>>>>>> Install the latest version
>>>>>>>> of Cygwin, modifying the default install to
>>>>>>>> include the developement support.
>>>>>>>>
>>>>>>>> As noted above, you will need bison and flex and
>>>>>>>> optionally tcpwrappers,
>>>>>>>> which are available for Cygwin.
>>>>>>>>
>>>>>>>> On CYGWIN, the libpcap function is provided by the
>>>>>>>> WinPcap Developers Pack.
>>>>>>>> The current version can be found at:
>>>>>>>>
>>>>>>>> http://www.winpcap.org/devel.htm
>>>>>>>>
>>>>>>>> Place the unzipped WpdPack folder in the same
>>>>>>>> directory that you
>>>>>>>> untared argus, and the argus ./configure script
>>>>>>>> will find it
>>>>>>>> and do the right thing. At this point, to make argus:
>>>>>>>>
>>>>>>>> % ./configure
>>>>>>>> % make
>>>>>>>>
>>>>>>>> That should make an argus binary that can be
>>>>>>>> installed as a Windows
>>>>>>>> service, using the cygrunsrv() program.
>>>>>>>>
>>>>>>>> Because interface names are so difficult to use on
>>>>>>>> Windows, the Cygwin
>>>>>>>> port of argus allows you to specify an index for
>>>>>>>> the interface you want
>>>>>>>> to monitor. By running argus without an interface
>>>>>>>> specification, argus
>>>>>>>> will print out the available interfaces, with
>>>>>>>> thier indexes. Use the
>>>>>>>> index number on the command line, or in the
>>>>>>>> argus.conf file.
>>>>>>>>
>>>>>>>> To setup argus as a system service under CYGWIN,
>>>>>>>> use the cygrunsvc()
>>>>>>>> program. Argus will write its output to
>>>>>>>> /var/log/argus.log, so check
>>>>>>>> there is you have any problems.
>>>>>>>> "
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Works successfuly:
>>>>>>>> 1. downloading and installing flex and bison => it is
>>>>>>>> ok...during argus installation configuration is able to find
>>>>>>>> it.
>>>>>>>>
>>>>>>>> Problems:
>>>>>>>> 1. Problem with WinPcap => Argus canot find it during installation.
>>>>>>>> 2. tcp_wrappers is downloaded on my cygwin => Argus canot
>>>>>>>> find it during installation.
>>>>>>>>
>>>>>>>>
>>>>>>>> My few last line from output, where is checked libpcap:
>>>>>>>>
>>>>>>>> "
>>>>>>>> .
>>>>>>>> .
>>>>>>>> checking for local tcp_wrappers library... not found
>>>>>>>> checking for system tcp_wrappers library...
>>>>>>>> checking tcpd.h usability... no
>>>>>>>> checking tcpd.h presence... no
>>>>>>>> checking for tcpd.h... no
>>>>>>>> checking for local pcap library... not found
>>>>>>>> checking for pcap-config... no
>>>>>>>> checking for main in -lpcap... no
>>>>>>>> not found
>>>>>>>> checking for main in -lpcap... (cached) no
>>>>>>>> checking for local wpcap library... no
>>>>>>>> configure: error: see the INSTALL doc for more info
>>>>>>>> "
>>>>>>>>
>>>>>>>>
>>>>>>>> ====== WinPcap =====
>>>>>>>> 1. From http://www.winpcap.org/devel.htm I download WinPcap
>>>>>>>> (it is .exe file, which install some library).
>>>>>>>> 2. According the argus install file I downloaded "WinPcap
>>>>>>>> Developers Pack" and I unzipped WpdPack folder in the same
>>>>>>>> directory that I untared argus, but argus ./configuration can
>>>>>>>> not find it.
>>>>>>>> 3. So I tried to find, if I should build the WpdPack. (It is
>>>>>>>> not written in argus install file, if it should be build
>>>>>>>> (There is just: "download and unzip")).
>>>>>>>>
>>>>>>>> I found this solution for build WpdPack:
>>>>>>>> (http://stackoverflow.com/questions/2396251/help-installing-libpcap-on-cygwin)
>>>>>>>>
>>>>>>>> "
>>>>>>>> Setup Winpcap
>>>>>>>> 1.
>>>>>>>> Download and unzip the pack. We will use for this
>>>>>>>> example WpdPack_4_0_1.zip.
>>>>>>>> Copy libraries like this:
>>>>>>>>
>>>>>>>> WpdPack\Lib\libpacket.a to cygwin\lib\
>>>>>>>> WpdPack\Lib\libwpcap.a to cygwin\lib\
>>>>>>>> Create a folder cygwin\usr\include\pcap\
>>>>>>>> Copy all headers from WpdPack\Include to
>>>>>>>> cygwin\usr\include\winpcap\
>>>>>>>> Be sure you have installed Winpcap libraries and
>>>>>>>> that they are in your path by typing:
>>>>>>>> 2.
>>>>>>>> which packet.dll
>>>>>>>> which wpcap.dll
>>>>>>>> For me they are in /cygdrive/c/WINDOWS/system32/
>>>>>>>>
>>>>>>>> 3.
>>>>>>>> Building example using Cygwin
>>>>>>>>
>>>>>>>> Open a cygwin prompt to
>>>>>>>> WpdPack\Examples-pcap\basic_dump\ and execute:
>>>>>>>>
>>>>>>>> basic_dump:
>>>>>>>>
>>>>>>>> CFLAGS="-g -Wall -mno-cygwin -I /usr/include/pcap"
>>>>>>>> LIBS="-lwpcap"
>>>>>>>> PROG="basic_dump"
>>>>>>>> gcc $CFLAGS -c $PROG.c
>>>>>>>> gcc $CFLAGS -o $PROG.exe $PROG.o $LIBS
>>>>>>>> ./$PROG.exe
>>>>>>>> basic_dump_ex:
>>>>>>>>
>>>>>>>> CFLAGS="-g -Wall -mno-cygwin -I /usr/include/pcap"
>>>>>>>> LIBS="-lwpcap"
>>>>>>>> PROG="basic_dump_ex"
>>>>>>>> gcc $CFLAGS -c $PROG.c
>>>>>>>> gcc $CFLAGS -o $PROG.exe $PROG.o $LIBS
>>>>>>>> ./$PROG.exe
>>>>>>>> iflist:
>>>>>>>>
>>>>>>>> CFLAGS="-g -Wall -mno-cygwin -I /usr/include/pcap"
>>>>>>>> LIBS="-lwpcap"
>>>>>>>> PROG="iflist"
>>>>>>>> gcc $CFLAGS -c $PROG.c
>>>>>>>> gcc $CFLAGS -o $PROG.exe $PROG.o $LIBS
>>>>>>>> ./$PROG.exe
>>>>>>>> pcap_filter (and others):
>>>>>>>>
>>>>>>>> I think you can catch the pattern ;) Only replace
>>>>>>>> PROG=... by the program name and it should compile.
>>>>>>>> UDPdump:
>>>>>>>>
>>>>>>>> CFLAGS="-g -Wall -mno-cygwin -I /usr/include/pcap"
>>>>>>>> LIBS="-lwpcap -lwsock32"
>>>>>>>> PROG="UDPdump"
>>>>>>>> gcc $CFLAGS -c $PROG.c
>>>>>>>> gcc $CFLAGS -o $PROG.exe $PROG.o $LIBS
>>>>>>>> ./$PROG.exe
>>>>>>>> "
>>>>>>>>
>>>>>>>> First and second steps were ok. However third step about
>>>>>>>> building does not work. The problem is with "-mno-cygwin"
>>>>>>>> because if I try to compile this:
>>>>>>>>
>>>>>>>> "
>>>>>>>> CFLAGS="-g -Wall -mno-cygwin -I /usr/include/pcap"
>>>>>>>> LIBS="-lwpcap"
>>>>>>>> PROG="basic_dump"
>>>>>>>> gcc $CFLAGS -c $PROG.c
>>>>>>>> gcc $CFLAGS -o $PROG.exe $PROG.o $LIBS
>>>>>>>> ./$PROG.exe
>>>>>>>> "
>>>>>>>>
>>>>>>>> It gives me:
>>>>>>>> "gcc: error: unrecognized command line option
>>>>>>>> ‘-mno-cygwin’"
>>>>>>>>
>>>>>>>>
>>>>>>>> First I found out, that I could do by "min-gw", which could
>>>>>>>> provide to me compiling without "-mno-cygwin".
>>>>>>>> 1. I compile with "-mno-cygwin". It says, that it does not know it.
>>>>>>>> 2. With out "-mno-cygwin", nothing
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> After more searching, I found out, that "-mno-cygwin" was in
>>>>>>>> gcc3 and now in my cygwin32 is gcc5. And I could not switch
>>>>>>>> to gcc3. If I look at to cygwin installer,
>>>>>>>> there was no old version gcc for installation.
>>>>>>>>
>>>>>>>> I could find, that in newer versions gcc I should use intead
>>>>>>>> of "-mno-cygwin" just "mingw". However it does not work, it
>>>>>>>> gives me: "gcc: error: mingw: No such file or directory".
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> <INSTALL>
>>
>>
>>
>>
More information about the argus
mailing list