autogen definitions options; copyright = { date = "2012"; owner = "Yazan Siam"; type = "bsd"; author = <<- EOText Copyright 2012 Yazan Siam For support please use the tcpreplay-users@lists.sourceforge.net mailing list. The latest version of this software is always available from: http://tcpreplay.appneta.com EOText; }; package = "tcpliveplay"; prog-name = "tcpliveplay"; prog-title = "Replays network traffic stored in a pcap file on live networks using new TCP connections"; long-opts; gnu-usage; help-value = "H"; save-opts-value = ""; load-opts-value = ""; argument = " <'random' dst port OR specify dport #>"; config-header = "config.h"; include = "#include \"defines.h\"\n" "#include \"tcpliveplay.h\"\n" "#include \"common.h\"\n" "#include \"config.h\"\n" "#include \"common/sendpacket.h\"\n" "#include \"send_packets.h\"\n" "#include \n" "#include \n" "#include \n" "#include \n" "#include \n"; homerc = "$$/"; #ifdef TCPREPLAY_EDIT #include tcpedit/tcpedit_opts.def #endif explain = <<- EOExplain This program, 'tcpliveplay' replays a captured set of packets using new TCP connections with the captured TCP payloads against a remote host in order to do comprehensive vulnerability testing. EOExplain; detail = <<- EODetail The basic operation of tcpliveplay is it rewrites the given pcap file in a scheduled event format and responds with the appropriate packet if the remote host meets tcp protocal's SEQ/ACK expectation. Once expectations are met, then the local packets are sent with the same payload except with new tcp SEQ & ACK numbers meeting the response from the remote hose. The input pcap file are rewritten to start at the first encounter of the SYN packet for correct operation making this packet be the first action in the event schedule of local host doing the replay. For more details, please see the Tcpreplay Manual at: http://tcpreplay.appneta.com EODetail; man-doc = <<- EOMan .SH "SIGNALS" tcpliveplay understands the following signals: @enumerate @item @var{SIGUSR1} Suspend tcpliveplay @item @var{SIGCONT} Restart tcpliveplay @end enumerate .SH "SEE ALSO" tcpdump(1), tcpprep(1), tcprewrite(1), tcpreplay(1) .SH "BUGS" tcpliveplay can only send packets as fast as your computer's interface, processor and system bus will allow. If the remote host responds differently than expected (meaning differently than remote captured data) due to network changes then the replay abort and ask you to try again. The replay only modifies layer 2 and 3 of each packet during the replay. The payload is replayed exactly the same as the original capture. Timing may be an issue because the tcpliveplay sends the appropriate packet once the remote host's packet meets the correct expectation. EOMan; /* * Debugging */ flag = { ifdef = DEBUG; name = dbug; value = d; arg-type = number; max = 1; immediate; arg-range = "0->5"; arg-default = 0; descrip = "Enable debugging output"; doc = <<- EOText If configured with --enable-debug, then you can specify a verbosity level for debugging output. Higher numbers increase verbosity. EOText; }; /* * Outputs: -i, -I */ flag = { name = version; value = V; descrip = "Print version information"; flag-code = <<- EOVersion fprintf(stderr, "tcpliveplay version: %s (build %s)", VERSION, git_version()); #ifdef DEBUG fprintf(stderr, " (debug)"); #endif fprintf(stderr, "\n"); fprintf(stderr, "Copyright 2012 by Yazan Siam \n"); #ifdef HAVE_LIBDNET fprintf(stderr, "Compiled against libdnet: %s\n", LIBDNET_VERSION); #else fprintf(stderr, "Not compiled with libdnet.\n"); #endif #ifdef HAVE_WINPCAP fprintf(stderr, "Compiled against winpcap: %s\n", get_pcap_version()); #elif defined HAVE_PF_RING_PCAP fprintf(stderr, "Compiled against PF_RING libpcap: %s\n", get_pcap_version()); #else fprintf(stderr, "Compiled against libpcap: %s\n", get_pcap_version()); #endif #ifdef ENABLE_64BITS fprintf(stderr, "64 bit packet counters: enabled\n"); #else fprintf(stderr, "64 bit packet counters: disabled\n"); #endif #ifdef ENABLE_VERBOSE fprintf(stderr, "Verbose printing via tcpdump: enabled\n"); #else fprintf(stderr, "Verbose printing via tcpdump: disabled\n"); #endif fprintf(stderr, "Injection method: %s\n", sendpacket_get_method(NULL)); exit(0); EOVersion; doc = ""; }; flag = { name = less-help; value = "h"; immediate; descrip = "Display less usage information and exit"; flag-code = <<- EOHelp USAGE(EXIT_FAILURE); EOHelp; doc = ""; };