Tcpreplay is a suite of GPLv3 licensed utilities for UNIX operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/Wireshark.
It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 packets and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS’s.
It supports both single and dual NIC modes for testing both sniffing and in-line devices.
It is also used by numerous firewall, IDS, IPS, NetFlow and other networking vendors, enterprises, universities, labs and open source projects.
If your organization uses Tcpreplay, please let us know who you are and what you use it for so that I can continue to add features which are useful.
Tcpreplay is designed to work with network hardware and normally does not penetrate deeper than Layer 2.
As of version 4.0, Tcpreplay has been enhanced to address the complexities of testing and tuning IP Flow/NetFlow hardware. Enhancements include:
Also Read:Novahot – A Webshell Framework For Penetration Testers
You will need to compile the source code, but first you must ensure that you have compiling tools and prerequisite software installed. For example, on a base Ubuntu or Debian system you may need to do the following:
sudo apt-get install build-essential libpcap-dev
Next extract tarball, change to root directory, then do:
./configure
make
sudo make install
Optionally you can run the tests to ensure that your installation is fully functional:
sudo make test
Consider Windows support for Tcpreplay is experimental – beta quality if you will. We strongly recommend you read the page about how to get support for Tcpreplay.
With that said, you’ll need Cygwin to compile/run tcpreplay. You’ll also need to install Winpcap – the port of libpcap for Windows. For whatever reason, it seems important that you install the Winpcap files in the Cygwin root directory (/Wpdpack).
Be sure to install both the driver and DLL files AND developer pack. Then when you run ./configure, you’ll need to specify the location for Winpcap using the --with-libpcap flag, but use all lowercase: ./configure --with-libpcap=/wpdpack.
Note: We’ve been informed that the guile Cygwin package is broken. This horribly breaks parts of GNU Autogen – specifically the parts which allow you to build Tcpreplay via GitHub. Hence, I strongly recommend grabbing a tarball release.
Credit: Aaron Turner, Yazan Siam & Fred Klassen(Version 4.0)
General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…
How to Send POST Requests Using curl in Linux If you work with APIs, servers,…
If you are a Linux user, you have probably seen commands like chmod 777 while…
Vim and Vi are among the most powerful text editors in the Linux world. They…
Working with compressed files is a common task for any Linux user. Whether you are…
In the digital era, an email address can reveal much more than just a contact…