Subsections

2 Features

2.1 Requirements

  1. Full TCP/IP support, including IP fragments and TCP stream reassembly.
  2. Support replaying TCP and UDP flows.
  3. Code should handle each flow/service independently.
  4. Should be able to connect to the server(s) in the pcap file or to a user specified IP address.
  5. Support a plug-in architecture to allow adding application layer intelligence.
  6. Plug-ins must be able to support multi-flow protocols like FTP.
  7. Ship with a default plug-in which will work ``well enough'' for simple single-flow protocols like HTTP and telnet.
  8. Flows being replayed ``correctly'' is more important then performance (Mbps).
  9. Portable to run on common flavors of Unix and Unix-like systems.

2.2 Wishes

  1. Support clients connecting to flowreplay on a limited basis. Flowreplay would replay the server side of the connection.
  2. Support other IP based traffic (ICMP, VRRP, OSPF, etc) via plug-ins.
  3. Support non-IP traffic (ARP, STP, CDP, etc) via plug-ins.
  4. Limit which flows are replayed using user defined filters. (bpf filter syntax?)
  5. Process pcap files directly with no intermediary file conversions.
  6. Should be able to scale to pcap files in the 100's of MB in size and 100+ simultaneous flows on a P3 500MHz w/ 256MB of RAM.

Aaron Turner 2005-08-07