Welcome to Tcpreplay
Table of Contents
- Technical Support
- Developer Notes
Tcpreplay is a suite of
BSD GPLv3 licensed tools written by Aaron Turner for UNIX (and Win32 under Cygwin) operating systems which gives you the ability to use previously captured traffic in libpcap format to test a variety of network devices. It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 headers and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS's. Tcpreplay supports both single and dual NIC modes for testing both sniffing and inline devices.
Tcpreplay is used by numerous firewall, IDS, IPS and other networking vendors, enterprises, universities, labs and open source projects. If your organization uses Tcpreplay, please let me know who you are and what you use it for so that I can continue to add features which are useful.
The Tcpreplay suite includes the following tools:
- tcpprep - multi-pass pcap file pre-processor which determines packets as client or server and creates cache files used by tcpreplay and tcprewrite
- tcprewrite - pcap file editor which rewrites TCP/IP and Layer 2 packet headers
- tcpreplay - replays pcap files at arbitrary speeds onto the network
- tcpliveplay - Replays network traffic stored in a pcap file on live networks using new TCP connections
- tcpreplay-edit - replays & edits pcap files at arbitrary speeds onto the network
- tcpbridge - bridge two network segments with the power of tcprewrite
- tcpcapinfo - raw pcap file decoder and debugger
Generally speaking, most people would first run tcpprep against a pcap file to create a cache file which splits traffic between client and server if they are testing an inline device like a firewall or IPS. Then depending on their network setup and where the pcap was captured, they would use tcprewrite to edit the packets so that the device under test will examine them properly. Finally, tcpreplay is used to replay the pcap onto the network to do the test, while tcpliveplay is used to replay pcaps with TCP-only traffic onto the network. For more info, check out these use cases.
How you can help
- Vote for your favorite DLT's
- Report a Bug or Feature Request
- Write a DLT Plugin
- Google Summer of Code Ideas