1. installedit the makefile for your local paths, then run "make install" as root or via sudo2. use:
$ tclsh
% package require tcap
% tcap help
tcap - Tcl pcap(3) interface
options:
list
list all available devices.
open dev promisc snaplen
opens a new packet capture interface.
dloff
returns the datalink offset in byes.
filter bpg_program
sets a bpf(3) filter on the pcap interface.
get
returns the next packet as a list of bytes.
close
closes the capture interface.3. more? see test.tcl for some info on how to use tcapa minimal sniffer in Tcl using tcap:
#!/usr/bin/env tclsh
package require tcap
tcap open fxp0 0 1500
set dl [tcap dloff]
tcap filter "tcp"
while {1} {
set g [tcap get]
if {[llength [split $g]] > 0} {
puts [lrange $g $dl end]
}
}
tcap closeTcap was built and tested on BSD UNIX and MacOS X, and should work on Linux. Testing on Windows is incomplete.Tcap uses a couple of routines from Dug Song's dsniff utility to streamline the pcap interface. As a result, tcap open lets you call an interface or a file for parsing.The tcap command is global, so use Tcl namespaces to have more than one sniffer active.The pcap_inject() command is not implemented. For writing packets in Tcl look up Clif Flynt's Packet Master library (a Tcl interface to libdnet). Very useful when combined with tcap. URL: http://noucorp.com/tcl/login/L/packetmstr0_1.zipAlso see pktsrc, the (formerly) QACafe Tcl packet creation and capture utility.[baski] - 2010-02-19 21:52:02Hi Jose,I compiled your tcap tool in linux fedora core but 'tcap get' always returns two hex chars are the output. thanks..baski
