Documentation

There is quite a bit of online documentation available for the tcpreplay suite:

Online Manual

• Introduction/Installation
• Using tcpreplay
• Using tcpprep
• Using tcprewrite
• Using tcpbridge
• flowreplay
• Common Arguments
• Usage Examples

Other Documentation & Information

• Frequently Asked Questions
• Use Cases for Tcpreplay
• How to get help
• The history of Tcpreplay
• Win32/Cygwin Installation Directions and Notes
• Security Power Tools has some good examples of using Tcpreplay

Man Pages

Note that these man pages may be out of date and may not reflect the options available with the version of tcpreplay you have installed on your system. For the most accurate copies of the man pages, please see the man pages which came with your tcpreplay distribution (source code or compiled package).

• tcpprep
• tcprewrite
• tcpreplay
• tcpbridge
• flowreplay

Design Documents

• Doxygen View
• Flowreplay Design Notes
• libtcpedit API Overview
• libtcpedit Design Doc
• libtcpedit Developer HowTo

Interesting (White)papers

Whitepapers, reviews and other documents which refer to tcpreplay or network traffic generation/testing in general

• Insertion Evasion and Denial of Service Eluding Network Intrusion Detection
• Cleaning Packet Captures for Network IPS Testing
• Background Traffic and Network IPS Testing
• Generation and Validation of Empirically-Derived TCP Application Workloads
• ;login: Intrusion Detection (Nov 2001)
• TCPOpera (RAID 2005)
• Self-Configuring Network Traffic Generation
• Top 75 Security Tools of 2003
• Don't Just Kick the Tires
• NetVCR: A High-Performance Packet Replay Engine
• Precision and Accuracy of Network Traffic Generators for Packet-by-Packet Traffic Analysis
• How To Test an IPS
• Packet Trace Manipulation Framework for Test Labs
• Design and Implementation of a High-Performance Network Intrusion Prevention System
• Packet capture in 10G Using Contemporary Commodity Hardware
• Performance evaluation of packet capturing systems for high-speed networks
• High Performance Packet Capture

Related Tools

There are a number of other good tools which work with pcap files. If you know of any I've missed, let me know.

• tcpdump/libpcap The defacto-standard for capturing packets on *NIX systems.
• Wireshark A great network analyzer/decoder for *NIX/Windows systems. Offical fork of Ethereal.
• Fragroute Now integrated into tcprewrite!
• Ettercap Tool for running man-in-the-middle attacks
• NetDude GTK based pcap capture file editor. Allows editing most anything in the packet.
• tcpflow Extracts and reassembles the data portion on a per-flow basis on live traffic or pcap capture files.
• tomahawk Inline based packet replay tool which detects dropped packets
• TCPivo A high-performance network replay tool
• Wireshark Tools mergecap, editcap, capinfos, text2pcap
• Bit-Twist Another packet replay and editing tool

Finding Pcap Files

There are a few sites which have repositories of pcap files. If you know of any more, let me know.

• OpenPacket.org
• Wireshark sample captures

Tools Using Tcpreplay Code

If your application is utilizing code from Tcpreplay (which is not only allowed, but encouraged by it's author as long as you follow the terms of the license) let me know and I'll list your project here:

• SIPp SIPp is a free Open Source test tool / traffic generator for the SIP protocol.

Note

This product includes software developed by the University of California, Berkeley and its contributors.

Error: Failed to load processor TagIt

No macro or processor named 'TagIt' found