0

Documentation for suricata windows compile: https://redmine.openinfosecfoundation.org/attachments/download/1175/SuricataWinInstallationGuide_v1.4.3.pdf 1

I have installed all the dependencies as mentioned in the documentation. Cloned the files.

To install libpcap, I followed the below steps:

Installed the winpcap installer: WinPcap · Download Downloaded the Development pack as mentioned in the document: WinPcap · Developer Resources Copied all the headers and include files from development pack to the location mentioned in the documentation. When I run the below command, I get the error: “configure: error: pcap.h not found”:

./configure --enable-luajit --enable-pie --enable-geoip --disable-gccmarch-native --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ --with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr

Below is the attachment for the same:

enter image description here

How to solve this issue?

Prateek
  • 1

2 Answers2

0

There are (at least) two different types of "libraries for Windows that came from UN*X":

  1. libraries intended to be used in native Windows applications (whether written for Windows or ported from UN*X, without Cygwin, to work as native Windows applications);
  2. libraries from Cygwin, or ported to Windows using Cygwin, and intended to be used when porting programs from UN*X using Cygwin.

Both WinPcap and Npcap are in the first category, making using it more complicated to use them from within Cygwin.

It would be nice if there were a libpcap package for Cygwin. Suck a package would either 1) not support packet capture or 2) require that WinPcap or Npcap were installed. The first type of package would probably not be too complicated to build; the second type might be tricky, given that the code in libpcap that uses the WinPcap or Npcap driver and packet library is written assuming that the code will be used on Windows. and makes calls to Windows APIs (for exapmle, to translate Windows error codes to error message strings).

But there isn't such a package, as far as I know.

This post from 2021 suggests how to set up WinPcap or Npcap to make it usable from Cygwin. I have not tried it (I don't have ygwin installed on my main Windows virtual machines), so I can't say how well it works.

user16139739
  • 862
  • 3
  • 5
0

I suggest that you try the windows msi installer found in Suricata page: https://suricata.io/download/

If that doesn't work, it would be very welcome if you could report that in the project issue tracker or at least reach out in the suricata forum, so we can figure out what is wrong.

If for some reason you don't want or can't use the installer, I'd try these steps, in case you haven't: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Windows

That guide has been updated more recently than the guide you've shared. Plus the pdf you're following has links to an unofficial Suricata repo, and shows a rather old version (current is Suri 6.0.x).

Jufajardini
  • 61
  • 5