I am interested in starting an effort to create an interface between TCL and WinPCAP.
First off, does anyone know of anything done in this area so far.
SS 9Dec2004: You may want to check hping3 at http://wiki.hping.org .
Thanks for the link SS. Very interesting package.
Craig French has decided to work on creating a Tcl Interface to WinPCAP in a windows environment. It is very much in an alpha state right now so check back to this page if you are interested.
JN 12Feb2005: Jose Nazario has written a simple Tcl-pcap interface (dubbed tcap). It's written for UNIX but should be extendable to any POSIX pcap implementation. Tcap is a very minimal interface to pcap(3) for Tclers.
MJ - I am implementing a binding to WinPcap. Currently the extension can open network interfaces and dump files, receive packets and apply filters. It is functional enough to implement a tcpdump[L1 ] clone. Things to be done are cleanup of the code, testing on different Windows platforms and implementing packet transmission functionality. Project is hosted at [L2 ].
DD - I noticed that it is currently not possible to determine the source/destination IP's and ports per every packet received, would it be possible to implement such functionality?
MJ - Extraction of source and destination IP has been added in v0.4. This is not very robust, but should work fine for 'normal' IPv4 packets. I am not sure if I will add anything else because I don't see the use in rewriting something as ethereal.
DD - Very nice, however my biggest interest was in getting the port numbers. There could be multiple local applications accessing the same remote service, and to know which application the current packet belongs to, it would be required to know the local (SRC/DST) ports. I might be able to implement it myself, as it seems, no C coding needs to be done, just need to see where the port number is stored in the raw packet and add some TCL to the package file.
Other references: