After installing the Sniffer10G RPM from Sniffer10G Download Page, let's consider using wireshark with Sniffer10G.
These examples are specifically for the wireshark application; however, the procedure is similar for any application using libpcap.
-
Download wireshark. Create a link from pcap.h to pcap/pcap.h in /opt/snf, since that is what wireshark expects when it looks for pcap. And then configure wireshark using the --with-pcap=/opt/snf option.
% (cd /opt/snf; sudo ln -sf pcap/pcap.h pcap.h) % yum install bison flex gtk2 gtk2-devel % tar jxf wireshark-1.2.5.tar.bz2 % cd wireshark-1.2.5 % ./configure --prefix=/opt/wireshark --with-path=/opt/snf % make % sudo make install
-
Alternatively, if you do not want to recompile wireshark, there is another approach. While recompiling is the preferred and safest way to make use of Sniffer10G functionality, the following approach may work for you:
On RHEL 5.4, install the wireshark and wireshark-gnome packages. Doing ldd /usr/sbin/wireshark lists libpcap.so.0.9.4 as a dependent library. Once you install the Sniffer10G rpm, you can symlink libpcap.so. 0.9.4 to the one we distribute in the Sniffer10G rpm and change LD_LIBRARY_PATH. You shouldn't have to recompile wireshark. As in...
% cd /opt/snf/lib % sudo ln -s libpcap.so.1 libpcap.so.0.9.4 % LD_LIBRARY_PATH=/opt/snf/lib /usr/sbin/wireshark
You can rerun ldd to insure that the correct libpcap.so is being selected, as well as libsnf.so:
% LD_LIBRARY_PATH=/opt/snf/lib ldd /usr/sbin/wireshark
Despite bumping to version 1.0, libpcap has maintained API/ABI compatibility between 0.9 and 1.0.