Tcpreplay is a suite of GPLv3 licensed utilities for UNIX (and Win32 under Cygwin) operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/Wireshark.It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 packets and finally replay the traffic back onto the network and through other devices such as. Tcpreplay Examples. Pcap command: Congratulations, you have now developed the firmware of a Network Interface Card! Extending the firmware to perform more elaborate match/action processing is now a 'simple matter of programming'. 4 launched an Undercover Mode that can be used to make the Kali desktop look like Windows 10 quickly. Tcpreplay: Import one or more of the packet capture files as new traffic and replay with the current timestamp. So-replay: Import all pcap samples in /opt/samples and replay them with the current timestamp. So-import-pcap: Import one or more capture files while keeping the timestamp the same as the original packet capture dates and times.
Name
tcpreplay - Replay network traffic stored in pcap files
Synopsis
tcpreplay [-flag [value]]... [--opt-name [[=| ]value]]...
- --sleep-accel=number
- Reduce the amount of time to sleep by specified usec. This option takes an integer number as its argument. The default number for this optionis: 0
Reduce the amount of time we would normally sleep between two packets by the specified number of usec. This provides a 'fuzz factor' to compensate forrunning on a non-RTOS and other processes using CPU time. Default is disabled.
Override the calculated number of RDTSC clicks/usec which is often the speed of the CPU in Mhz. Only useful if you specified --timer=rdtsc
When enabling verbose mode (-v) you may also specify one or more additional arguments to pass to tcpdump to modify the way packets aredecoded. By default, -n and -l are used. Be sure to quote the arguments like: -A '-axxx' so that they are not interpreted by tcpreplay. Please see thetcpdump(1) man page for a complete list of options.
Cache pcap file(s) the first time they are cached in RAM so that subsequent loops don't incurr any disk I/O latency in order to increase performance. Makesure you have enough free RAM to store the entire pcap file(s) in memory or the system will swap and performance will suffer.
This option loads the specified pcap(s) into RAM before starting to send in order to improve replay performance while introducing a startup performance hit.Preloading can be used with or without --loop and implies --enable-file-cache.
By default, tcpreplay will send packets based on the size of the 'snaplen' stored in the pcap file which is usually the correct thing to do. However,occasionally, tools will store more bytes then told to. By specifying this option, tcpreplay will ignore the snaplen field and instead try to send packetsbased on the original packet length. Bad things may happen if you specify this option.
By default, tcpreplay will send all the packets. Alternatively, you can specify a maximum number of packets to send.
What Is Tcpreplay
Modify replay speed to a given multiple. This option may appear up to 1 times. This option must not appear in combination with any of the following options:pps, mbps, oneatatime, topspeed.Specify a floating point value to modify the packet replay speed. Examples:
How To Install Tcpreplay On Windows 10
Specify a floating point value for the Mbps rate that tcpreplay should send packets at.
Allows you to step through one or more packets at a time.
When trying to send packets at very high rates, the time between each packet can be so short that it is impossible to accurately sleep for the requiredperiod of time. This option allows you to send multiple packets at a time, thus allowing for longer sleep times which can be more accuratelyimplemented.
Reduce the amount of time we would normally sleep between two packets by the specified number of usec. This provides a 'fuzz factor' to compensate forrunning on a non-RTOS and other processes using CPU time. Default is disabled.
Override the calculated number of RDTSC clicks/usec which is often the speed of the CPU in Mhz. Only useful if you specified --timer=rdtsc
When enabling verbose mode (-v) you may also specify one or more additional arguments to pass to tcpdump to modify the way packets aredecoded. By default, -n and -l are used. Be sure to quote the arguments like: -A '-axxx' so that they are not interpreted by tcpreplay. Please see thetcpdump(1) man page for a complete list of options.
Cache pcap file(s) the first time they are cached in RAM so that subsequent loops don't incurr any disk I/O latency in order to increase performance. Makesure you have enough free RAM to store the entire pcap file(s) in memory or the system will swap and performance will suffer.
This option loads the specified pcap(s) into RAM before starting to send in order to improve replay performance while introducing a startup performance hit.Preloading can be used with or without --loop and implies --enable-file-cache.
By default, tcpreplay will send packets based on the size of the 'snaplen' stored in the pcap file which is usually the correct thing to do. However,occasionally, tools will store more bytes then told to. By specifying this option, tcpreplay will ignore the snaplen field and instead try to send packetsbased on the original packet length. Bad things may happen if you specify this option.
By default, tcpreplay will send all the packets. Alternatively, you can specify a maximum number of packets to send.
What Is Tcpreplay
Modify replay speed to a given multiple. This option may appear up to 1 times. This option must not appear in combination with any of the following options:pps, mbps, oneatatime, topspeed.Specify a floating point value to modify the packet replay speed. Examples:
How To Install Tcpreplay On Windows 10
Specify a floating point value for the Mbps rate that tcpreplay should send packets at.
Allows you to step through one or more packets at a time.
When trying to send packets at very high rates, the time between each packet can be so short that it is impossible to accurately sleep for the requiredperiod of time. This option allows you to send multiple packets at a time, thus allowing for longer sleep times which can be more accuratelyimplemented.
Tcpreplay Example
Option Presets
Any option that is not marked as not presettable may be preset by loading values from configuration ('RC' or '.INI') file(s). The homerc fileis '$$/', unless that is a directory. In that case, the file '.tcpreplayrc' is searched for within that directory.
Signals
tcpreplay understands the following signals:
SIGUSR1 Suspend tcpreplay
SIGCONT Restart tcpreplay
See Also
tcpreplay-edit(1), tcpdump(1), tcpprep(1), tcprewrite(1), libnet(3)
Bugs
tcpreplay can only send packets as fast as your computer's interface, processor, disk and system bus will allow.
Packet timing at high speeds is a black art and very OS/CPU dependent.
Replaying captured traffic may simulate odd or broken conditions on your network and cause all sorts of problems.
In most cases, you can not replay traffic back to/at a server.
Tcpreplay Edit
Some operating systems by default do not allow for forging source MAC addresses. Please consult your operating system's documentation and the tcpreplay FAQif you experience this issue.
Author
Copyright 2000-2010 Aaron Turner
For support please use the tcpreplay-users@lists.sourceforge.net mailing list.
The latest version of this software is always available from: http://tcpreplay.synfin.net/
Released under the Free BSD License.
This manual page was AutoGen-erated from the tcpreplay option definitions.
Referenced By
tcpbridge(1)