Tcpreplay is a suite of GPLv3 licensed utilities for UNIX operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/Wireshark.
It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 packets and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS’s.
It supports both single and dual NIC modes for testing both sniffing and in-line devices.
It is also used by numerous firewall, IDS, IPS, NetFlow and other networking vendors, enterprises, universities, labs and open source projects.
If your organization uses Tcpreplay, please let us know who you are and what you use it for so that I can continue to add features which are useful.
Tcpreplay is designed to work with network hardware and normally does not penetrate deeper than Layer 2.
As of version 4.0, Tcpreplay has been enhanced to address the complexities of testing and tuning IP Flow/NetFlow hardware. Enhancements include:
Also Read:Novahot – A Webshell Framework For Penetration Testers
You will need to compile the source code, but first you must ensure that you have compiling tools and prerequisite software installed. For example, on a base Ubuntu or Debian system you may need to do the following:
sudo apt-get install build-essential libpcap-dev
Next extract tarball, change to root directory, then do:
./configure
make
sudo make install
Optionally you can run the tests to ensure that your installation is fully functional:
sudo make test
Consider Windows support for Tcpreplay is experimental – beta quality if you will. We strongly recommend you read the page about how to get support for Tcpreplay.
With that said, you’ll need Cygwin to compile/run tcpreplay. You’ll also need to install Winpcap – the port of libpcap for Windows. For whatever reason, it seems important that you install the Winpcap files in the Cygwin root directory (/Wpdpack).
Be sure to install both the driver and DLL files AND developer pack. Then when you run ./configure, you’ll need to specify the location for Winpcap using the --with-libpcap flag, but use all lowercase: ./configure --with-libpcap=/wpdpack.
Note: We’ve been informed that the guile Cygwin package is broken. This horribly breaks parts of GNU Autogen – specifically the parts which allow you to build Tcpreplay via GitHub. Hence, I strongly recommend grabbing a tarball release.
Credit: Aaron Turner, Yazan Siam & Fred Klassen(Version 4.0)
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…