Cannot Install TCPDump on RHEL
search cancel

Cannot Install TCPDump on RHEL

book

Article ID: 184397

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor

Issue/Introduction

When trying to run tcpdump command getting following error on server:tcpdump: symbol lookup error: tcpdump: undefined symbol: pcap_set_tstamp_precision

 

Cause

The pcap_set_tstamp_precision symbol is provided by /lib64/libpcap.so.1 library which comes from libpcap package:

Resolution

Reinstall tcpdump and libpcap package on the system. If the problem persist then check and remove third party shared libraries from the system.

# yum reinstall tcpdump libpcap

# mv /etc/ld.so.conf.d/symantec-dlp-x86_64.conf /tmp/

Run ldconfig command to create the necessary links and update cache to the most recent shared libraries found in the directories specified on the command line, in the file /etc/ld.so.conf, and in the trusted directories, /lib and /usr/lib (on some 64-bit architectures such as x86-64, lib and /usr/lib are the trusted directories for 32-bit libraries, while /lib64 and /usr/lib64 are used for 64-bit libraries).

# ldconfig

# nm -D /lib64/libpcap.so.1 | grep pcap_set_tstamp_precision

0000000000011040 T pcap_set_tstamp_precision

# rpm -qf /lib64/libpcap.so.1

libpcap-1.5.3-11.el7.x86_64

The ldd command output shows that tcpdump is using third party libraries on affected system which doesn't have the required symbols.

# ldd $(which tcpdump)

  
linux-vdso.so.1 => (0x00007ffd249f0000)

  libcap-ng.so.0 => /lib64/libcap-ng.so.0 (0x00007f9e840af000)

  libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f9e83c4e000)

  libpcap.so.1 => /opt/SymantecDLP/Protect/lib/native/libpcap.so.1 (0x00007f9e83a02000)   <<====== Third Party library

  libc.so.6 => /lib64/libc.so.6 (0x00007f9e8363f000)

  /lib64/ld-linux-x86-64.so.2 (0x000055716bc47000)

  libdl.so.2 => /lib64/libdl.so.2 (0x00007f9e8343b000)

  libz.so.1 => /opt/SymantecDLP/Protect/lib/native/libz.so.1 (0x00007f9e8321d000)      <<====== Third Party library

The third party library entry was defined in /etc/ld.so.conf.d/symantec-dlp-x86_64.conf file.


 

 

Compare the output of below commands on affected system and make sure it's identical:

# which tcpdump

/usr/sbin/tcpdump



# ldd `which tcpdump`

linux-vdso.so.1 => (0x00007ffc427af000)

libcap-ng.so.0 => /lib64/libcap-ng.so.0 (0x00007f92ad7ae000)

libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f92ad34d000)

libpcap.so.1 => /lib64/libpcap.so.1 (0x00007f92ad10b000)

libc.so.6 => /lib64/libc.so.6 (0x00007f92acd3e000)

/lib64/ld-linux-x86-64.so.2 (0x000055e4f4bff000)

libdl.so.2 => /lib64/libdl.so.2 (0x00007f92acb3a000)

libz.so.1 => /lib64/libz.so.1 (0x00007f92ac923000)
Powered by Wolken Software