Cross compile libpcap for Arm

This has been tested on Ubuntu 16.04.1 Desktop (64-bit), and assumes that arm-linux-gnuabi-gcc has already been installed, e.g. sudo apt-get install -y gcc-arm-linux-gnueabi Download the latest libpcap source tar ball from [http://www.tcpdump.org/#latest-releases], e.g. libpcap-1.8.1.tar.gz tar zxvf libpcap-1.8.1.tar.gz apt-get install flex bison byacc export CC = arm-linux-gnueabi-gcc ./configure –host=arm-linux –with-pcap=linux make Once the library has been compiled, it may be linked to other code, using the -L gcc flag and the location of the library.

Read More →

PCAP or it didn’t happen

“PCAP or it didn’t happen” is a good network security philosophy. The primary idea being to capture network traffic for analysis. In a non-corporate environment where a CentOS-based Linux host has been used as a dual homed firewall (refer to the lame ASCII art network diagram below), tcpdump was used for continuous traffic capture. _( )______ ________ +-----+ _( )__ ( Internet )---/ Router \----| F/W |----( DMZ ) (____________) \________/ +-----+ (________) Firstly, we create a location to save the pcap files.

Read More →