tcap: Tcl pcap interface

homepage: http://monkey.org/~jose/software/tcap/

1. install

edit the makefile for your local paths, then run "make install" as root or via sudo

2. use:

   $ tclsh
   % package require tcap
   % tcap help

3. more? see test.tcl for some info on how to use tcap



a minimal sniffer in Tcl using tcap:

 #!/usr/bin/env tclsh

 package require tcap

 tcap open fxp0 0 1500
 set dl [tcap dloff]
 tcap filter "tcp"
 while {1} {
         set g [tcap get]
         if {[llength [split $g]] > 0} {
                 puts [lrange $g $dl end]
         }
 }
 tcap close

Tcap was built and tested on BSD UNIX, should work on Linux, and has a few problems on OS X. Testing on Windows is incomplete. 

Tcap uses a couple of routines from Dug Song's dsniff utility to streamline the pcap interface. As a result, '''tcap open''' lets you call an interface or a file for parsing.

The tcap command is global, so use Tcl namespaces to have more than one sniffer active. 

The '''pcap_inject()''' command is not implemented. For writing packets in Tcl look up Clif Flynt's Packet Master library (a Tcl interface to libdnet). Very useful when combined with tcap.