Tcpreplay is a suite of BSD GPLv3 licensed tools written by Aaron Turner for UNIX (and Win32 under Cygwin) operating systems which gives you the ability to use previously captured traffic in libpcap format to test a variety of network devices. It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 headers and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS’s. Tcpreplay supports both single and dual NIC modes for testing both sniffing and inline devices.
Tcpreplay is used by numerous firewall, IDS, IPS and other networking vendors, enterprises, universities, labs and open source projects. If your organization uses Tcpreplay, please let me know who you are and what you use it for so that I can continue to add features which are useful.
The Tcpreplay suite includes the following tools:
- tcpprep – multi-pass pcap file pre-processor which determines packets as client or server and creates cache files used by tcpreplay and tcprewrite
- tcprewrite – pcap file editor which rewrites TCP/IP and Layer 2 packet headers
- tcpreplay – replays pcap files at arbitrary speeds onto the network
- tcpliveplay – Replays network traffic stored in a pcap file on live networks using new TCP connections
- tcpreplay-edit – replays & edits pcap files at arbitrary speeds onto the network
- tcpbridge – bridge two network segments with the power of tcprewrite
- tcpcapinfo – raw pcap file decoder and debugger