![]() Tcpreplay is used by numerous firewalls, IDS, IPS, NetFlow, and other networking vendors, enterprises, universities, labs, and open source projects. Tcpreplay supports both single and dual NIC modes for testing both sniffing and in-line devices. It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 packets and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS, and IPS’s. ![]() Note that if you do buy one of those tools, they have utilities that can do all the packet manipulation for you as part of the setup process.Tcpreplay is a suite of GPLv3 licensed utilities for UNIX (and Win32 under Cygwin) operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/ Wireshark. But if the traffic rate is fast, or you need it to be really precise, then you are going to be out of luck until you invest in special hardware from vendors like Spirent or Ixia. Depending on the speed of the original captures, and your tolerance for variance, you might be all set simply using tcpreplay -multiplier=XXX. The really difficult part is going to be playing them back with the timing options that you want. In that case, you can use editcap (another tool from wireshark) to modify the packet times. ![]() if you took foo.pcap a day before bar.pcap, they won't interleave). Note that when using mergecap, you might need to first edit the timestamps of the packets (e.g. Then use mergecap to merge the packets chronologically so you get them interleaved the way that you want. The first step is to use tcprewrite (part of tcpreplay) to edit the destination IPs of foo.pcap to be first address you are looking to send as, and bar.pcap to be the second. I've done this sort of thing before using tcpreplay and mergecap (one of the tools that is distributed with Wireshark). ![]() I will be working in Linux only (RHEL 6.5 primarily & also Ubuntu 12.04) I have looked in to tools such as tcpreplay and bittwist, but these tools either won't send on different groups, or won't synchronize the egress order across all the files. eg, at recorded speed 10x recorded speed 1 GB/sec etc. We also need to be able to tune the rate at which packets are replayed. In other words, the first 2 packets from foo.pcap should go out on to 239.255.0.1:30001, and then the first two packets from bar.pcap should go out on 239.255.0.2:30002, and then the past packet from foo.pcap should go out at the same time (or close to it) as the last packet from bar.pcap. So what I'm looking for is a way to replay these packets in an order synchronized accross both foo.pcap and bar.pcap. bar.pcap has packets recorded at time offsets (relative to foo.pcap) 3, 4, and 5. We want to replay foo.pcap packets on mcast group 239.255.0.1:30001, and the bar.pcap packets should be replayed on 239.255.0.2:30002.įoo.pcap has packets recorded at time offsets 0, 1, and 5. This ordering must be synchronized accross all of the files being played back.įor example, suppose we have two capture files, foo.pcap and bar.pcap. I want to replay these files back on to the network (possibly with ttl=0 or 1) in the order in which the packets were recorded, and on different (and specifyable) multicast groups. These pcap files are captured simultaneously, but on different multicast groups & ports. For the purposes of testing & benchmarking, we wish to replay these files in an isolated environment and in a controlled way. We capture many pcap files every day on many different multicast groups.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |