1TCPREPLAY(1) Programmer's Manual TCPREPLAY(1)
2
6 tcpreplay - Replay network traffic stored in pcap files
7
9 tcpreplay [-flag [value]]... [--opt-name [[=| ]value]]...
10 <pcap_file(s)>
11 tcpreplay is a tool for replaying network traffic from files saved with
13 tcpdump or other tools which write pcap(3) files.
14
16 This manual page documents, briefly, the tcpreplay command. The basic
17 operation of tcpreplay is to resend all packets from the input
18 file(s) at the speed at which they were recorded, or a specified data
19 rate, up to as fast as the hardware is capable.
20 Optionally, the traffic can be split between two interfaces, written to
22 files, filtered and edited in various ways, providing the means to test
23 firewalls, NIDS and other network devices.
24 For more details, please see the Tcpreplay Manual at: http://tcpre‐
26 play.synfin.net/trac/wiki/manual
27
29 -r string, --portmap=string
31 Rewrite TCP/UDP ports. This option may appear up to 1 times.
32 Specify a list of comma delimited port mappingings consisting of
34 colon delimited port number pairs. Each colon delimited port
35 pair consists of the port to match followed by the port number
36 to rewrite.
37 Example:
39 --portmap=80:8000,8080:80
40 -s number, --seed=number
42 Randomize src/dst IP addresses w/ given seed. This option may
43 appear up to 1 times. This option takes an integer number as
44 its argument.
45 Causes the source and destination IP addresses to be pseudo ran‐
47 domized but still maintain client/server relationships. Since
48 the randomization is deterministic based on the seed, you can
49 reuse the same seed value to recreate the traffic.
50 -N string, --pnat=string
52 Rewrite IP addresses using pseudo-NAT. This option may appear
53 up to 2 times. This option must not appear in combination with
54 any of the following options: srcipmap.
55 Takes a comma delimited series of colon delimited CIDR netblock
57 pairs. Each netblock pair is evaluated in order against the IP
58 addresses. If the IP address in the packet matches the first
59 netblock, it is rewriten using the second netblock as a mask
60 against the high order bits.
61 Example:
63 --pnat=192.168.0.0/16:10.77.0.0/16,172.16.0.0/12:10.1.0.0/24
64 -S string, --srcipmap=string
66 Rewrite source IP addresses using pseudo-NAT. This option may
67 appear up to 1 times. This option must not appear in combina‐
68 tion with any of the following options: pnat.
69 Works just like the --pnat option, but only affects the source
71 IP addresses in the IPv4 header.
72 -D string, --dstipmap=string
74 Rewrite destination IP addresses using pseudo-NAT. This option
75 may appear up to 1 times. This option must not appear in combi‐
76 nation with any of the following options: pnat.
77 Works just like the --pnat option, but only affects the destina‐
79 tion IP addresses in the IPv4 header.
80 -e string, --endpoints=string
82 Rewrite IP addresses to be between two endpoints. This option
83 may appear up to 1 times. This option must appear in combina‐
84 tion with the following options: cachefile.
85 Takes a pair of colon delimited IP addresses which will be used
87 to rewrite all traffic to appear to be between the two IP's.
88 Example:
90 --endpoints=172.16.0.1:172.16.0.2
91 -b, --skipbroadcast
93 Skip rewriting broadcast/multicast IP's.
94 By default --seed, --pnat and --endpoints will rewrite broadcast
96 and multicast IP and MAC addresses. Setting this flag will keep
97 broadcast/multicast IP and MAC addresses from being rewritten.
98 -C, --fixcsum
100 Force recalculation of IP/TCP/UDP checksums.
101 Causes each IP packet to have it's checksums recalcualted and
103 fixed. Automatically enabled for packets modified with --seed,
104 --pnat, --endpoints or --fixlen.
105 -m number, --mtu=number
107 Override default MTU length (1500 bytes). This option may
108 appear up to 1 times. This option takes an integer number as
109 its argument. The value of number is constrained to being:
110 in the range 1 through MAXPACKET
111 Override the default 1500 byte MTU size for determining the max‐
113 imum padding length.
114 -E, --efcs
116 Remove Ethernet checksums (FCS) from end of frames.
117 Note, this option is pretty dangerous! We don't actually check
119 to see if a FCS actually exists in the frame, we just blindly
120 delete the last two bytes. Hence, you should only use this if
121 you know know that your OS provides the FCS when reading raw
122 packets.
123 --ttl=string
125 Modify the IPv4 TTL.
126 Allows you to modify the TTL of all the IPv4 packets. Specify a
128 number to hard-code the value or +/-value to increase or
129 decrease by the value provided (limited to 1-255).
130 Examples:
132 --ttl=10
133 --ttl=+7
134 --ttl=-64
135 -F string, --fixlen=string
137 Pad or truncate packet data to match header length. This option
138 may appear up to 1 times.
139 Packets may be truncated during capture if the snaplen is
141 smaller then the packet. This option allows you to modify the
142 packet to pad the packet back out to the size stored in the IPv4
143 header or rewrite the IP header total length to reflect the
144 stored packet length.
145 pad Truncated packets will be padded out so that the packet
147 length matches the IPv4 total length
148 trunc Truncated packets will have their IPv4 total length field
150 rewritten to match the actual packet length
151 del Delete the packet
153 --skipl2broadcast
155 Skip rewriting broadcast/multicast Layer 2 addresses.
156 By default, editing Layer 2 addresses will rewrite broadcast and
158 multicast MAC addresses. Setting this flag will keep broad‐
159 cast/multicast MAC addresses from being rewritten.
160 --dlt=string
162 Override output DLT encapsulation. This option may appear up to
163 1 times.
164 By default, no DLT (data link type) conversion will be made. To
166 change the DLT type of the output pcap, select one of the fol‐
167 lowing values:
168 enet Ethernet aka DLT_EN10MB
170 hdlc Cisco HDLC aka DLT_C_HDLC
172 user User specified Layer 2 header and DLT type
174 --enet-dmac=string
176 Override destination ethernet MAC addresses. This option may
177 appear up to 1 times.
178 Takes a pair of comma deliminated ethernet MAC addresses which
180 will replace the destination MAC address of outbound packets.
181 The first MAC address will be used for the server to client
182 traffic and the optional second MAC address will be used for the
183 client to server traffic.
184 Example:
186 --enet-dmac=00:12:13:14:15:16,00:22:33:44:55:66
187 --enet-smac=string
189 Override source ethernet MAC addresses. This option may appear
190 up to 1 times.
191 Takes a pair of comma deliminated ethernet MAC addresses which
193 will replace the source MAC address of outbound packets. The
194 first MAC address will be used for the server to client traffic
195 and the optional second MAC address will be used for the client
196 to server traffic.
197 Example:
199 --enet-smac=00:12:13:14:15:16,00:22:33:44:55:66
200 --enet-vlan=string
202 Specify ethernet 802.1q VLAN tag mode. This option may appear
203 up to 1 times.
204 Allows you to rewrite ethernet frames to add a 802.1q header to
206 standard 802.3 ethernet headers or remove the 802.1q VLAN tag
207 information.
208 add Rewrites the existing 802.3 ethernet header as an 802.1q
210 VLAN header
211 del Rewrites the existing 802.1q VLAN header as an 802.3 ether‐
213 net header
214 --enet-vlan-tag=number
216 Specify the new ethernet 802.1q VLAN tag value. This option may
217 appear up to 1 times. This option must appear in combination
218 with the following options: enet-vlan. This option takes an
219 integer number as its argument. The value of number is con‐
220 strained to being:
221 in the range 0 through 4095
222 --enet-vlan-cfi=number
226 Specify the ethernet 802.1q VLAN CFI value. This option may
227 appear up to 1 times. This option must appear in combination
228 with the following options: enet-vlan. This option takes an
229 integer number as its argument. The value of number is con‐
230 strained to being:
231 in the range 0 through 1
232 --enet-vlan-pri=number
236 Specify the ethernet 802.1q VLAN priority. This option may
237 appear up to 1 times. This option must appear in combination
238 with the following options: enet-vlan. This option takes an
239 integer number as its argument. The value of number is con‐
240 strained to being:
241 in the range 0 through 7
242 --hdlc-control=number
246 Specify HDLC control value. This option may appear up to 1
247 times. This option takes an integer number as its argument.
248 The Cisco HDLC header has a 1 byte "control" field. Apparently
250 this should always be 0, but if you can use any 1 byte value.
251 --hdlc-address=number
253 Specify HDLC address. This option may appear up to 1 times.
254 This option takes an integer number as its argument.
255 The Cisco HDLC header has a 1 byte "address" field which has two
257 valid values:
258 0x0F Unicast
260 0xBF Broadcast
262 You can however specify any single byte value.
263 --user-dlt=number
265 Set output file DLT type. This option may appear up to 1 times.
266 This option takes an integer number as its argument.
267 Set the DLT value of the output pcap file.
269 --user-dlink=string
271 Rewrite Data-Link layer with user specified data. This option
272 may appear up to 2 times.
273 Provide a series of comma deliminated hex values which will be
275 used to rewrite or create the Layer 2 header of the packets.
276 The first instance of this argument will rewrite both server and
277 client traffic, but if this argument is specified a second time,
278 it will be used for the client traffic.
279 Example:
281 --user-dlink=01,02,03,04,05,06,00,1A,2B,3C,4D,5E,6F,08,00
282 -d number, --dbug=number
284 Enable debugging output. This option may appear up to 1 times.
285 This option takes an integer number as its argument. The value
286 of number is constrained to being:
287 in the range 0 through 5
288 The default number for this option is:
289 0
290 If configured with --enable-debug, then you can specify a ver‐
292 bosity level for debugging output. Higher numbers increase ver‐
293 bosity.
294 -q, --quiet
296 Quiet mode.
297 Print nothing except the statistics at the end of the run
299 -T string, --timer=string
301 Select packet timing mode: select, ioport, rdtsc, gtod, nano,
302 abstime. This option may appear up to 1 times. The default
303 string for this option is:
304 gtod
305 Allows you to select the packet timing method to use:
307 nano - Use nanosleep() API
309 select - Use select() API
311 ioport - Write to the i386 IO Port 0x80
313 rdtsc - Use the x86/x86_64/PPC RDTSC
315 gtod [default] - Use a gettimeofday() loop
317 abstime - Use OS X's AbsoluteTime API
319 --sleep-accel=number
322 Reduce the amount of time to sleep by specified usec. This
323 option takes an integer number as its argument. The default
324 number for this option is:
325 0
326 Reduce the amount of time we would normally sleep between two
328 packets by the specified number of usec. This provides a "fuzz
329 factor" to compensate for running on a non-RTOS and other pro‐
330 cesses using CPU time. Default is disabled.
331 --rdtsc-clicks=number
333 Specify the RDTSC clicks/usec. This option may appear up to 1
334 times. This option takes an integer number as its argument.
335 The default number for this option is:
336 0
337 Override the calculated number of RDTSC clicks/usec which is
339 often the speed of the CPU in Mhz. Only useful if you specified
340 --timer=rdtsc
341 -v, --verbose
343 Print decoded packets via tcpdump to STDOUT. This option may
344 appear up to 1 times.
345 -A string, --decode=string
349 Arguments passed to tcpdump decoder. This option may appear up
350 to 1 times. This option must appear in combination with the
351 following options: verbose.
352 When enabling verbose mode (-v) you may also specify one or more
354 additional arguments to pass to tcpdump to modify the way pack‐
355 ets are decoded. By default, -n and -l are used. Be sure to
356 quote the arguments like: -A "-axxx" so that they are not inter‐
357 preted by tcpreplay. Please see the tcpdump(1) man page for a
358 complete list of options.
359 -K, --enable-file-cache
361 Enable caching of packets to internal memory. This option must
362 appear in combination with the following options: loop.
363 Cache pcap file(s) the first time they are cached in RAM so that
365 subsequent loops don't incurr any disk I/O latency in order to
366 increase performance. Make sure you have enough free RAM to
367 store the entire pcap file(s) in memory or the system will swap
368 and performance will suffer.
369 -c string, --cachefile=string
371 Split traffic via a tcpprep cache file. This option may appear
372 up to 1 times.
373 -i string, --intf1=string
377 Server/primary traffic output interface. This option may appear
378 up to 1 times.
379 -I string, --intf2=string
383 Client/secondary traffic output interface. This option may
384 appear up to 1 times. This option must appear in combination
385 with the following options: cachefile.
386 -l number, --loop=number
390 Loop through the capture file X times. This option may appear
391 up to 1 times. This option takes an integer number as its argu‐
392 ment. The value of number is constrained to being:
393 greater than or equal to 0
394 The default number for this option is:
395 1
396 --pktlen
400 Override the snaplen and use the actual packet len. This option
401 may appear up to 1 times.
402 By default, tcpreplay will send packets based on the size of the
404 "snaplen" stored in the pcap file which is usually the correct
405 thing to do. However, occasionally, tools will store more bytes
406 then told to. By specifying this option, tcpreplay will ignore
407 the snaplen field and instead try to send packets based on the
408 original packet length. Bad things may happen if you specify
409 this option.
410 -L number, --limit=number
412 Limit the number of packets to send. This option may appear up
413 to 1 times. This option takes an integer number as its argu‐
414 ment. The value of number is constrained to being:
415 greater than or equal to 1
416 The default number for this option is:
417 -1
418 By default, tcpreplay will send all the packets. Alternatively,
420 you can specify a maximum number of packets to send.
421 -x string, --multiplier=string
423 Modify replay speed to a given multiple. This option may appear
424 up to 1 times. This option must not appear in combination with
425 any of the following options: pps, mbps, oneatatime, topspeed.
426 Specify a floating point value to modify the packet replay
428 speed. Examples:
429 2.0 will replay traffic at twice the speed captured
430 0.7 will replay traffic at 70% the speed captured
431 -p number, --pps=number
433 Replay packets at a given packets/sec. This option may appear
434 up to 1 times. This option must not appear in combination with
435 any of the following options: multiplier, mbps, oneatatime, top‐
436 speed. This option takes an integer number as its argument.
437 -M string, --mbps=string
441 Replay packets at a given Mbps. This option may appear up to 1
442 times. This option must not appear in combination with any of
443 the following options: multiplier, pps, oneatatime, topspeed.
444 Specify a floating point value for the Mbps rate that tcpreplay
446 should send packets at.
447 -t, --topspeed
449 Replay packets as fast as possible. This option must not appear
450 in combination with any of the following options: mbps, multi‐
451 plier, pps, oneatatime.
452 -o, --oneatatime
456 Replay one packet at a time for each user input. This option
457 must not appear in combination with any of the following
458 options: mbps, pps, multiplier, topspeed.
459 Allows you to step through one or more packets at a time.
461 -P, --pid
463 Print the PID of tcpreplay at startup.
464 -V, --version
468 Print version information.
469 -h, --less-help
473 Display less usage information and exit.
474 -H, --help
478 Display usage information and exit.
479 -!, --more-help
481 Extended usage information passed thru pager.
482 - [rcfile], --save-opts[=rcfile]
484 Save the option state to rcfile. The default is the last con‐
485 figuration file listed in the OPTION PRESETS section, below.
486 - rcfile, --load-opts=rcfile, --no-load-opts
488 Load options from rcfile. The no-load-opts form will disable
489 the loading of earlier RC/INI files. --no-load-opts is handled
490 early, out of order.
491
493 Any option that is not marked as not presettable may be preset by load‐
494 ing values from configuration ("RC" or ".INI") file(s). The homerc
495 file is "$$/", unless that is a directory. In that case, the file
496 ".tcpreplayrc" is searched for within that directory.
497
499 tcpreplay understands the following signals:
500 SIGUSR1 Suspend tcpreplay
502 SIGCONT Restart tcpreplay
504
507 tcpreplay-edit(1), tcpdump(1), tcpprep(1), tcprewrite(1), libnet(3)
508
511 tcpreplay can only send packets as fast as your computer's interface,
512 processor, disk and system bus will allow.
513 Packet timing at high speeds is a black art and very OS/CPU dependent.
515 Replaying captured traffic may simulate odd or broken conditions on
517 your network and cause all sorts of problems.
518 In most cases, you can not replay traffic back to/at a server.
520 Some operating systems by default do not allow for forging source MAC
522 addresses. Please consult your operating system's documentation and
523 the tcpreplay FAQ if you experience this issue.
524
526 Copyright 2000-2008 Aaron Turner
527 For support please use the tcpreplay-users@lists.sourceforge.net mail‐
529 ing list.
530 The latest version of this software is always available from:
532 http://tcpreplay.synfin.net/
533 Released under the Free BSD License.
535 This manual page was AutoGen-erated from the tcpreplay option defini‐
537 tions.
538(tcpreplay ) 2008-05-15 TCPREPLAY(1)