Table of Contents

Name

tcpreplay - replay traffic from a saved tcpdump file

Synopsis

tcpreplay [ -i intf ] [ -l loop count ] [ -r rate | -m multiplier ] file ...

Description

Tcpreplay is a program for replaying network traffic saved in packet-trace files generated using tcpdump(8) 's -w flag.

The basic operation of tcpreplay is to resend all packets from its input file(s) at the speed at which they were recorded, at some specified data rate , or as fast as the hardware is capable of. If no rate or multiplier are given, tcpreplay will replay packets as fast as the hardware will allow. If no file is given, tcpreplay will accept packet data from stdin .

Options

-i
Specify the interface to send packets out on.
-r
Resend the packets at the rate specified (in Mbps).
-m
Resend the packets at a multiple of the speed at which they were recorded.
-l
Resend the pcap file(s) loop count times.

See Also

tcpdump(8)

Author

Matt Undy, Anzen Computing.

The current version is available via HTTP:

http://www.anzen.com/research/nidsbench/

Bugs

tcpreplay can only send packets as fast as your machine's interface, processor, and disk will allow.

``N write attempts failed from full buffers and were repeated'' does not indicate that these packets were not sent, but that the send was retried N times until it succeeded.

Looping captured traffic may simulate odd conditions on a network. For example, opening the same TCP connection multiple times may exhaust resources on machines tracking the connection. The -l flag is provided to allow faster sending on machines with greater I/O constraints.

On BSD-based systems, kernel modifications are required to preserve outgoing link layer source addresses. Refer to the libnet(3) documentation for more information on how to do this.

Please send bug reports to nidsbench@anzen.com.


Table of Contents