I am interested in starting an effort to create an interface between TCL and WinPCAP.
First off, does anyone know of anything done in this area so far.
SS 9Dec2004: You may want to check hping3 at http://wiki.hping.org .
Thanks for the link SS. Very interesting package.
Craig French has decided to work on creating a Tcl Interface to WinPCAP in a windows environment. It is very much in an alpha state right now so check back to this page if you are interested.
JN 12Feb2005: Jose Nazario has written a simple Tcl-pcap interface (dubbed tcap). It's written for UNIX but should be extendable to any POSIX pcap implementation. Tcap is a very minimal interface to pcap(3) for Tclers.
MJ - I am implementing a binding to WinPcap. Currently the extension can open network interfaces and dump files, receive packets and apply filters. It is functional enough to implement a tcpdump[L1 ] clone. Things to be done are cleanup of the code, testing on different Windows platforms and implementing packet transmission functionality. Project is hosted at [L2 ].
DD - I noticed that it is currently not possible to determine the source/destination IP's and ports per every packet received, would it be possible to implement such functionality?
MJ - Extraction of source and destination IP has been added in v0.4. This is not very robust, but should work fine for 'normal' IPv4 packets. I am not sure if I will add anything else because I don't see the use in rewriting something as ethereal.
Other references: