一、基本介绍
tcpdump工具鼎鼎大名,无人不知。tcpdump是网络数据分析中最重要的工具之一,摘一段百度百科对它的介绍(
http://baike.baidu.com/view/76504.htm)。
“用简单的话来定义tcpdump,就是:dump the traffic on a network,根据使用者的定义对网络上的数据包进行截获的包分析工具”。
“作为互联网上经典的的系统管理员必备工具,tcpdump以其强大的功能,灵活的截取策略,成为每个高级的系统管理员分析网络,排查问题等所必备的东东之一”。
然而对于TCP协议,tcpflow是对tcpdump的一个很好的补充。tcpflow能够获取tcp数据流,并以便于协议分析和调试的方式记录这些流数据。在存在重传、乱序的情况下,tcpflow依然能够解读TCP序号并对数据流进行重建。每个数据流都保存成一个单独的文件,方便后续分析。
二、源码获取方法
本文中使用的是Version 0.21 source tarball
三、编译方法
Step 1: 解压 tar xzvf tcpflow-0.21.tar.gz
Step 2: cd tcpflow-0.21 & ./configure
此步中会出现两个问题:
creating cache ./config.cache
checking host system type... Invalid configuration `x86_64-unknown-linux-gnu': machine `x86_64-unknown' not recognized
checking host system type... Invalid configuration `x86_64-unknown-linux-gnu': machine `x86_64-unknown' not recognized
checking target system type... Invalid configuration `x86_64-unknown-linux-gnu': machine `x86_64-unknown' not recognized
checking build system type... Invalid configuration `x86_64-unknown-linux-gnu': machine `x86_64-unknown' not recognized
checking for a BSD compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking whether make sets ${MAKE}... yes
checking for working aclocal... found
checking for working autoconf... found
checking for working automake... found
checking for working autoheader... found
checking for working makeinfo... found
checking for special system dependencies... none
checking for gcc... gcc
checking whether the C compiler (gcc ) works... yes
checking whether the C compiler (gcc ) is a cross-compiler... no
checking whether we are using GNU C... yes
checking whether gcc accepts -g... yes
checking whether gcc -Wall also needs -Wno-char-subscripts... no
checking whether gcc accepts -Wno-unused... yes
checking whether gcc accepts -Wno-char-subscripts... yes
checking for gethostbyaddr... yes
checking for socket... yes
checking for pcap_lookupdev in -lpcap... no
configure: error:
Can't find the pcap library (libpcap.a); install the pcap library (from
ftp://ftp.ee.lbl.gov/libpcap.tar.Z ) and/or use
--with-pcap to specify the path to it on your system
checking whether build environment is sane... yes
checking whether make sets ${MAKE}... yes
checking for working aclocal... found
checking for working autoconf... found
checking for working automake... found
checking for working autoheader... found
checking for working makeinfo... found
checking for special system dependencies... none
checking for gcc... gcc
checking whether the C compiler (gcc ) works... yes
checking whether the C compiler (gcc ) is a cross-compiler... no
checking whether we are using GNU C... yes
checking whether gcc accepts -g... yes
checking whether gcc -Wall also needs -Wno-char-subscripts... no
checking whether gcc accepts -Wno-unused... yes
checking whether gcc accepts -Wno-char-subscripts... yes
checking for gethostbyaddr... yes
checking for socket... yes
checking for pcap_lookupdev in -lpcap... no
configure: error:
Can't find the pcap library (libpcap.a); install the pcap library (from
ftp://ftp.ee.lbl.gov/libpcap.tar.Z ) and/or use
--with-pcap to specify the path to it on your system
When installing libpcap do both 'make install' and 'make install-incl'
- 错误1解决办法
-
- cp /usr/share/libtool/config.guess .
- cp /usr/share/libtool/config.sub .
- 错误2解决办法
- 安装libpcap
Step 3: make
中间出现的错误有两点:
一个是出现了找不到depcomp的错误---解决办法 automake -a
aclocal.m4出错 --- 解决办法: 先删除自带的aclocal.m4,再运行aclocal
Step 4: make install
