Documentation

There is quite a bit of online documentation available for the tcpreplay suite:

Online Manual

• Introduction/Installation
• Using tcpreplay
• Using tcpprep
• Using tcprewrite/tcpreplay-edit
• Using tcpbridge
• Using tcpcapinfo
• flowreplay
• Common Arguments
• Usage Examples
• Changes in Version 4.x

Other Documentation & Information

• Frequently Asked Questions
• Use Cases for Tcpreplay
• Tcpreplay Performance Database
• How to get help
• The history of Tcpreplay
• Win32/Cygwin Installation Directions and Notes
•  Security Power Tools has some good examples of using Tcpreplay

Man Pages

Note that these man pages may be out of date and may not reflect the options available with the version of tcpreplay you have installed on your system. For the most accurate copies of the man pages, please see the man pages which came with your tcpreplay distribution (source code or compiled package).

• tcpprep
• tcprewrite
• tcpreplay
• tcpreplay-edit (available in v3.4.1+)
• tcpbridge

Design Documents

• Doxygen of trunk (updated daily)
• Doxygen of branches/3.4 (updated daily)
• Flowreplay Design Notes
• libtcpedit API Overview
• libtcpedit Design Doc
• libtcpedit Developer HowTo
• Tcpreplay GUI/4.0
• Tcpreplay 4.0 API

Interesting (White)papers

Whitepapers, reviews and other documents which refer to tcpreplay or network traffic generation/testing in general

•  Insertion Evasion and Denial of Service Eluding Network Intrusion Detection
•  Cleaning Packet Captures for Network IPS Testing
•  Background Traffic and Network IPS Testing
•  Generation and Validation of Empirically-Derived TCP Application Workloads
•  ;login: Intrusion Detection (Nov 2001)
•  TCPOpera (RAID 2005)
•  Self-Configuring Network Traffic Generation
•  Top 75 Security Tools of 2003
•  Don't Just Kick the Tires
•  NetVCR: A High-Performance Packet Replay Engine
•  Precision and Accuracy of Network Traffic Generators for Packet-by-Packet Traffic Analysis
•  How To Test an IPS
•  Packet Trace Manipulation Framework for Test Labs
•  Design and Implementation of a High-Performance Network Intrusion Prevention System
•  Packet capture in 10G Using Contemporary Commodity Hardware
•  Performance evaluation of packet capturing systems for high-speed networks
•  High Performance Packet Capture
•  Sanitizing PCAP Files for Public Distrubution
•  Network Traffic Analyzer and Generator for FastEthernet - Excellent masters thesis by Vit Prajzler on creating an inexpensive capture/replay device which talks a lot about Tcpreplay and the technical challenges involved.
•  HAMOC - Hardware acceleration via FPGA's for 10Gbit/s tcpreplay! (Note, I have no personal experience with the product mentioned and can't validate any claims.)
•  A Tcpdump Tutorial and Primer

Related Tools

There are a number of other good tools which work with pcap files. If you know of any I've missed, let me know.

•  tcpdump/libpcap The defacto-standard for capturing packets on *NIX systems.
•  Wireshark A great network analyzer/decoder for *NIX/Windows systems. Offical fork of Ethereal.
•  Fragroute Now integrated into tcprewrite!
•  Ettercap Tool for running man-in-the-middle attacks
•  NetDude GTK based pcap capture file editor. Allows editing most anything in the packet.
•  tcpflow Extracts and reassembles the data portion on a per-flow basis on live traffic or pcap capture files.
•  tomahawk Inline based packet replay tool which detects dropped packets
•  TCPivo A high-performance network replay tool
•  Wireshark Tools mergecap, editcap, capinfos, text2pcap
•  Bit-Twist Another packet replay and editing tool
•  BackTrack 3 A security oriented Linux distro which includes tcpreplay and many other tools
•  DaemonLogger A mix of tcpdump & tcpbridge by Marty Roesch
•  PktAnon A pcap packet trace anonymizer
•  scrub-tcpdump Another pcap packet trace anonymizer
•  EtherApe A tool to visualize network traffic
•  NetworkExpect A framework for manipulating network packets, including packet crafting, injection, and reception.
•  SplitCap A C#/.Net 2.0 tool that splits large pcap files based on connections
•  Ostinato A C++/QT application for generating user defined packets.
•  PacketSquare A C/GTK+ GUI application for editing packets (Linux only)
•  CloudShark A web based version of Wireshark
•  Packet-o-Matic A real-time packet processor
•  Scapy A Python API for creating and parsing network traffic
•  Scruby A Ruby port of Scapy
•  Wireplay Replays TCP sessions to clients & servers
•  Libntoh Library for doing TCP/IP reassembly

Finding Pcap Files

There are a few sites which have repositories of pcap files. If you know of any more, let me know.

•  Wireshark sample captures
•  pcapr - A new pcap sharing site currently in beta with over 1,200 different packet captures!
•  PacketLife - A website all about networking and protocols
•  OpenPacket.org - Pretty much defunct now
•  DefCon 17 CTF - 7.5G uncompressed. See  DC17 for more info.

Tools Using Tcpreplay Code

If your application is utilizing code from Tcpreplay (which is not only allowed, but encouraged by it's author as long as you follow the terms of the license) let me know and I'll list your project here:

•  SIPp SIPp is a free Open Source test tool / traffic generator for the SIP protocol.

Note

This product includes software developed by the University of California, Berkeley and its contributors.