Tcpreplay is a suite of GPLv3 licensed utilities for UNIX operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/Wireshark.
It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 packets and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS’s.
It supports both single and dual NIC modes for testing both sniffing and in-line devices.
It is also used by numerous firewall, IDS, IPS, NetFlow and other networking vendors, enterprises, universities, labs and open source projects.
If your organization uses Tcpreplay, please let us know who you are and what you use it for so that I can continue to add features which are useful.
Tcpreplay is designed to work with network hardware and normally does not penetrate deeper than Layer 2.
As of version 4.0, Tcpreplay has been enhanced to address the complexities of testing and tuning IP Flow/NetFlow hardware. Enhancements include:
Also Read:Novahot – A Webshell Framework For Penetration Testers
You will need to compile the source code, but first you must ensure that you have compiling tools and prerequisite software installed. For example, on a base Ubuntu or Debian system you may need to do the following:
sudo apt-get install build-essential libpcap-dev
Next extract tarball, change to root directory, then do:
./configure
make
sudo make install
Optionally you can run the tests to ensure that your installation is fully functional:
sudo make test
Consider Windows support for Tcpreplay is experimental – beta quality if you will. We strongly recommend you read the page about how to get support for Tcpreplay.
With that said, you’ll need Cygwin to compile/run tcpreplay. You’ll also need to install Winpcap – the port of libpcap for Windows. For whatever reason, it seems important that you install the Winpcap files in the Cygwin root directory (/Wpdpack).
Be sure to install both the driver and DLL files AND developer pack. Then when you run ./configure, you’ll need to specify the location for Winpcap using the --with-libpcap
flag, but use all lowercase: ./configure --with-libpcap=/wpdpack
.
Note: We’ve been informed that the guile Cygwin package is broken. This horribly breaks parts of GNU Autogen – specifically the parts which allow you to build Tcpreplay via GitHub. Hence, I strongly recommend grabbing a tarball release.
Credit: Aaron Turner, Yazan Siam & Fred Klassen(Version 4.0)
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…