Tcpreplay is a suite of [GPLv3] licensed utilities for UNIX (and Win32 under
[Cygwin]) operating systems for editing and replaying network traffic which
was previously captured by tools like [tcpdump] and [Ethereal]/[Wireshark].
It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4
packets and finally replay the traffic back onto the network and through other
devices such as switches, routers, firewalls, NIDS and IPS's. Tcpreplay supports
both single and dual NIC modes for testing both sniffing and in-line devices.
Tcpreplay is used by numerous firewall, IDS, IPS, NetFlow and other networking
vendors, enterprises, universities, labs and open source projects. If your
organization uses Tcpreplay, please let us know who you are and what you use
it for so that I can continue to add features which are useful.
Tcpreplay is designed to work with network hardware and normally does not
penetrate deeper than Layer 2. Yazan Siam with sponsorship from [Cisco] developed
*tcpliveplay* to replay TCP pcap files directly to servers. Use this utility
if you want to test the entire network stack and into the application.
As of version 4.0, Tcpreplay has been enhanced to address the complexities of
testing and tuning [IP Flow][flow]/[NetFlow] hardware. Enhancements include:
* Support for [netmap] modified network drivers for 10GigE wire-speed performance
* Increased accuracy for playback speed
* Increased accuracy of results reporting
* Flow statistics including Flows Per Second (fps)
* Flow analysis for analysis and fine tuning of flow expiry timeouts
* Hundreds of thousands of flows per second (dependent flow sizes in pcap file)
Version 4.0 is the first version delivered by Fred Klassen and sponsored by
[AppNeta]. Many thanks to the author of Tcpreplay, Aaron Turner who has supplied
the world with a a solid and full-featured test product thus far. The new author
strives to take Tcprelay performance to levels normally only seen in commercial
network test equipment.
Products
========
The Tcpreplay suite includes the following tools:
Network playback products:
--------------------------
* **tcpreplay** - replays pcap files at arbitrary speeds onto the network with an
option to replay with random IP addresses
* **tcpreplay-edit** - replays pcap files at arbitrary speeds onto the network with
numerous options to modify packets packets on the fly
* **tcpliveplay** - replays TCP network traffic stored in a pcap file on live
networks in a manner that a remote server will respond to
Pcap file editors and utilities:
--------------------------------
* **tcpprep** - multi-pass pcap file pre-processor which determines packets as
client or server and splits them into creates output files for use by tcpreplay and tcprewrite
* **tcprewrite** - pcap file editor which rewrites TCP/IP and Layer 2 packet headers
* **tcpbridge** - bridge two network segments with the power of tcprewrite
* **tcpcapinfo** - raw pcap file decoder and debugger
Install package
===============
Please visit our [downloads](http://tcpreplay.appneta.com/wiki/installation.html#downloads)
page on our [wiki](http://tcpreplay.appneta.com)
for detailed download and installation instructions.
Simple directions for Unix users:
---------------------------------
```
./configure
make
sudo make install
```
Build Quick TX feature
----------------------
Quick TX allows Tcpreplay to bypass the kernel network stack and write
directly to the network driver. Doing so allows up to wire-rate
transmissions (tested up to 10Gbps). For detailed installation information
see INSTALL.
**NOTE:** This feature still an experimental and may not work with every
kernel version or with every network driver.
If you would like to have Quick TX installed, do the following:
```
./configure --enable-quick-tx
make
sudo make install
```
To use the Quick TX module, run tcpreplay with interface names prefixed
with 'qtx:', e.g.
```
tcpreplay -i qtx:eth0
```
Build netmap feature
--------------------
This feature will detect [netmap](http://info.iet.unipi.it/~luigi/netmap/)
capable network drivers on Linux and BSD
systems. If detected, the network driver is bypassed for the execution
duration of tcpreplay and tcpreplay-edit, and network buffers will be
written to directly. This will allow you to achieve full line rates on
commodity network adapters, similar to rates achieved by commercial network
traffic generators.
**Note** that bypassing the network driver will disrupt other applications connected
through the test interface. Don't test on the same interface you ssh'ed into.
Download latest and install netmap from
Details:
--------
You will find that you will not be able to contribute to the Tcpreplay project directly if you
use clone the appneta/tcpreplay repo. If you believe that you may someday contribute to the
repository, GitHub provides an innovative approach. Forking the @appneta/tcpreplay repository
allows you to work on your own copy of the repository and submit code changes without first
asking permission from the authors. Forking is also considered to be a compliment so fork away:
* if you haven't already done so, get yourself a free [GitHub](https://github.com) ID and visit @appneta/tcpreplay
* click the **Fork** button to get your own private copy of the repository
* on your build system clone your private repository:
```
git clone [email protected]: