Replay network captures in Linux using ‘tcpreplay’

tcpreplay_logo

Rewrite any source IP address and MAC address in traffic capture to 10.0.10.1 and 00:AB:DD:BB:58:1B. Source IP and MAC address should match with the interface on which traffic needs to be played.

# tcprewrite --srcipmap=192.168.1.10:10.0.10.1 --enet-smac=00:AB:DD:BB:58:1B --infile=capture.pcap --outfile=temp.pcap

if any source IP address needs to be re-written in the traffic capture then use

--srcipmap=0.0.0.0/0:10.0.10.1

Rewrite any destination IP address and MAC address in traffic dump to 10.0.100.20 and 00:AB:DD:BB:50:1A

# tcprewrite --dstipmap=0.0.0.0/0:10.0.10.1 --enet-dmac=00:AB:DD:BB:50:1A --infile=temp.pcap --outfile=final.pcap

After packet rewrite is done, traffic can be played using tcpreplay

# tcpreplay --intf1=eth0 final.pcap

To loop through a pcap file 10 number times, (use 0 for infinite loops or until CTRL-C is pressed)

# tcpreplay --intf1=eth0 --loop=10 final.pcap

If the pcap file(s) you are looping are small enough to fit in available RAM, consider using the – – enable-file-cache option. This option caches each packet in RAM so that subsequent reads don’t have to hit the slower disk.

Another useful option is – – quiet. This suppresses printing out to the screen each time tcpreplay starts a new iteration.

Options

 -q, --quiet                Quiet mode
   -T, --timer=str            Select packet timing mode: select, ioport, rdtsc, gtod, nano, abstime
       --sleep-accel=num      Reduce the amount of time to sleep by specified usec
       --rdtsc-clicks=num     Specify the RDTSC clicks/usec
   -v, --verbose              Print decoded packets via tcpdump to STDOUT
   -A, --decode=str           Arguments passed to tcpdump decoder
   -K, --enable-file-cache    Enable caching of packets to internal memory
       --preload-pcap         Preloads packets into RAM before sending
   -c, --cachefile=str        Split traffic via a tcpprep cache file
   -i, --intf1=str            Server/primary traffic output interface
   -I, --intf2=str            Client/secondary traffic output interface
       --listnics             List available network interfaces and exit
   -l, --loop=num             Loop through the capture file X times
       --pktlen               Override the snaplen and use the actual packet len
   -L, --limit=num            Limit the number of packets to send
   -x, --multiplier=str       Modify replay speed to a given multiple
   -p, --pps=num              Replay packets at a given packets/sec
   -M, --mbps=str             Replay packets at a given Mbps
   -t, --topspeed             Replay packets as fast as possible
   -o, --oneatatime           Replay one packet at a time for each user input
       --pps-multi=num        Number of packets to send for each time interval
   -P, --pid                  Print the PID of tcpreplay at startup
       --stats=num            Print statistics every X seconds
   -V, --version              Print version information
   -h, --less-help            Display less usage information and exit
   -H, --help                 Display usage information and exit
   -!, --more-help            Extended usage information passed thru pager
       --save-opts[=arg]      Save the option state to a config file
       --load-opts=str        Load options from a config file