Information Security

CentOS Linux: pyrit: pckttools.py:418: UserWarning: Failed to compile BPF-filter

Pyrit was recently upgraded on a server that I use and when I logged in to run it manually from the CLI I noticed an error. The error, which is explained in more detail below, complains that the libpcap is to old. The server that this pyrit installation is installed on is CentOS 5.4. CentOS 5.X only provides libpcap version 0.9.4-14 as the latest available libpcap version in the yum repositories. At first I searched for a newer libpcap in third party repos though I was unsuccessful so I upgraded libpcap using the source. Below is more information regarding the error and how it was resolved.

Technology Insights

Configure: error: Your operating system’s lex is insufficient to compile libpcap

This morning I was attempting to upgrade libpcap on a Cent OS server to a newer version.  I decided to get the newest version of libpcap from git.

When running the configure script I received the following error:

bash

  1. checking for flex... no
  2. checking for bison... no
  3. checking for capable lex... insufficient
  4. configure: error: Your operating system's lex is insufficient to compile
  5. libpcap.  flex is a lex replacement that has many advantages, including
  6. being able to compile libpcap.  For more information, see
  7. http://www.gnu.org/software/flex/flex.html .

Technology Errors

Error Building Pyrit On CentOS: cpyrit/_cpyrit_cpu.c:26:18: error: pcap.h: No such file or directory

When building pyrit, which is an application that uses GPU power to run dictionary attacks against WPA handshake captures, on CentOS Linux I ran into an error. The error was related to the pcap.h library which was not found by the pyrit setup.py python script. Resolving the problem is easy by simply installing the libpcap-devel RPM package using the yum package manager. Below I display more output surrounding the error, the log showing the libpcap-devel package installation, and finally the successful build of pyrit on CentOS Linux.

Technology Errors

dumpcap: That string isn’t a valid capture filter (syntax error), dumpcap filter syntax

I needed to capture some packets on a server to import into Wireshark on a Windows XP computer but hadn’t done this in awhile so I needed to refresh on how to do this. I ended up using dumpcap to capture the data, then obtain the dump file on the windows computer, and then imported into Wireshark. One thing I had a moment of trouble with was the dumpcap filter syntax. Below are some examples of how to use the filter that the dumpcap -f switch uses.

Basic dumpcap Capture[All Data]:

bash

  1. dumpcap -w /path/to/file