tcap: Tcl pcap interface
homepage: http://monkey.org/~jose/software/tcap/
1. install
edit the makefile for your local paths, then run "make install" as root or via sudo
2. use:
$ tclsh % package require tcap % tcap help
3. more? see test.tcl for some info on how to use tcap
a minimal sniffer in Tcl using tcap:
#!/usr/bin/env tclsh
package require tcap
tcap open fxp0 0 1500
set dl [tcap dloff]
tcap filter "tcp"
while {1} {
set g [tcap get]
if {[llength [split $g]] > 0} {
puts [lrange $g $dl end]
}
}
tcap closeTcap was built and tested on BSD UNIX, should work on Linux, and has a few problems on OS X. Testing on Windows is incomplete.
Tcap uses a couple of routines from Dug Song's dsniff utility to streamline the pcap interface. As a result, tcap open lets you call an interface or a file for parsing.
The tcap command is global, so use Tcl namespaces to have more than one sniffer active.
The pcap_inject() command is not implemented. For writing packets in Tcl look up Clif Flynt's Packet Master library (a Tcl interface to libdnet). Very useful when combined with tcap.