Re: compilation status of current (2004-09-13) on HP-UX 11.11

[Guy Harris <guy () alum mit edu>]

On Sep 13, 2004, at 4:24 PM, Rick Jones wrote:

> For other nefarious porpoises I downloaded libpcap and tcpudmp 
> "currents" on 2004-09-13 and did straight-up ./configure;make on HP-UX 
> 11.11 (aka 11i v1) using the HP compiler.  This system did not have 
> the "TOUR" installed to get IPv6 functionality.
>
> The libpcap compiled cleanly. Just a couple warnings IIRC, and nothing 
> that looked earthshattering.
>
> The compilation of tcpdump was clean.  This is a big step from the 
> last time I tried.
>
> The linking of tcpdump was not clean:

        ...

> /usr/ccs/bin/ld: Duplicate symbol "pcap_list_datalinks" in files 
> datalinks.o and ./../libpcap/libpcap.a(pcap.o)
> /usr/ccs/bin/ld: Duplicate symbol "pcap_datalink_val_to_name" in files 
> dlnames.o and ./../libpcap/libpcap.a(pcap.o)
> /usr/ccs/bin/ld: Duplicate symbol "pcap_datalink_name_to_val" in files 
> dlnames.o and ./../libpcap/libpcap.a(pcap.o)
> /usr/ccs/bin/ld: Duplicate symbol "pcap_datalink_val_to_description" 
> in files dlnames.o and ./../libpcap/libpcap.a(pcap.o)

It appears that the configure script did not correctly determine that 
the libpcap with which to link tcpdump already had the functions in 
question, so it set up the Makefile to build tcpdump's fallback 
implementations of them.

Could you send us the config.log file from the tcpdump directory?

> PS - I'm looking for worked examples of reconstructing a TCP stream 
> (separate each way is fine/preferred) from a tcpdump format (binary) 
> trace.

Well, there's the Ethereal code for "Follow TCP Stream", but it drags 
in a lot of the Ethereal framework.

You might look at tcpflow:

        http://www.circlemud.org/~jelson/software/tcpflow/

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.