Subsections
- Full TCP/IP support, including IP fragments and
TCP stream reassembly.
- Support replaying TCP and UDP flows.
- Code should handle each flow/service independently.
- Should be able to connect to the server(s) in the
pcap file or to a user specified IP address.
- Support a plug-in architecture to allow adding application
layer intelligence.
- Plug-ins must be able to support multi-flow protocols
like FTP.
- Ship with a default plug-in which will work ``well
enough'' for simple single-flow protocols like HTTP and telnet.
- Flows being replayed ``correctly'' is more important
then performance (Mbps).
- Portable to run on common flavors of Unix and Unix-like
systems.
- Support clients connecting to flowreplay on a limited
basis. Flowreplay would replay the server side of the connection.
- Support other IP based traffic (ICMP, VRRP, OSPF,
etc) via plug-ins.
- Support non-IP traffic (ARP, STP, CDP, etc) via
plug-ins.
- Limit which flows are replayed using user defined
filters. (bpf filter syntax?)
- Process pcap files directly with no intermediary
file conversions.
- Should be able to scale to pcap files in the 100's
of MB in size and 100+ simultaneous flows on a P3 500MHz w/ 256MB
of RAM.
Aaron Turner
2005-06-28