tcpreplay/docs/web/FAQ/node2.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
original version by:  Nikos Drakos, CBLU, University of Leeds
* revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
  Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD>
<TITLE>1 General Info</TITLE>
<META NAME="description" CONTENT="1 General Info">
<META NAME="keywords" CONTENT="FAQ">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">

<LINK REL="STYLESHEET" HREF="FAQ.css">

<LINK REL="next" HREF="node3.html">
<LINK REL="previous" HREF="node1.html">
<LINK REL="up" HREF="FAQ.html">
<LINK REL="next" HREF="node3.html">
</HEAD>

<BODY >

<DIV CLASS="navigation"><!--Navigation Panel-->
<A NAME="tex2html132"
  HREF="node3.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
<A NAME="tex2html128"
  HREF="FAQ.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
<A NAME="tex2html122"
  HREF="node1.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
<A NAME="tex2html130"
  HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
<BR>
<B> Next:</B> <A NAME="tex2html133"
  HREF="node3.html">2 Bugs, Feature Requests,</A>
<B> Up:</B> <A NAME="tex2html129"
  HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
<B> Previous:</B> <A NAME="tex2html123"
  HREF="node1.html">Contents</A>
 &nbsp; <B>  <A NAME="tex2html131"
  HREF="node1.html">Contents</A></B> 
<BR>
<BR></DIV>
<!--End of Navigation Panel-->
<!--Table of Child-Links-->
<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>

<UL CLASS="ChildLinks">
<LI><A NAME="tex2html134"
  HREF="node2.html#SECTION00021000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">1</SPAN> What is this FAQ for?</A>
<LI><A NAME="tex2html135"
  HREF="node2.html#SECTION00022000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">2</SPAN> What tools come with tcpreplay?</A>
<LI><A NAME="tex2html136"
  HREF="node2.html#SECTION00023000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">3</SPAN> What tools no longer come with Tcpreplay?</A>
<LI><A NAME="tex2html137"
  HREF="node2.html#SECTION00024000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">4</SPAN> How can I get tcpreplay's source?</A>
<LI><A NAME="tex2html138"
  HREF="node2.html#SECTION00025000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">5</SPAN> What requirements does tcpreplay have?</A>
<LI><A NAME="tex2html139"
  HREF="node2.html#SECTION00026000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">6</SPAN> Are there binaries available?</A>
<LI><A NAME="tex2html140"
  HREF="node2.html#SECTION00027000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">7</SPAN> Is there a Microsoft Windows port?</A>
<LI><A NAME="tex2html141"
  HREF="node2.html#SECTION00028000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">8</SPAN> How is tcpreplay licensed?</A>
<LI><A NAME="tex2html142"
  HREF="node2.html#SECTION00029000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">9</SPAN> What is tcpreplay?</A>
<LI><A NAME="tex2html143"
  HREF="node2.html#SECTION000210000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">10</SPAN> What are some uses for tcpreplay?</A>
<LI><A NAME="tex2html144"
  HREF="node2.html#SECTION000211000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">11</SPAN> What are some uses for flowreplay?</A>
<LI><A NAME="tex2html145"
  HREF="node2.html#SECTION000212000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">12</SPAN> What is the history of tcpreplay?</A>
</UL>
<!--End of Table of Child-Links-->
<HR>

<H1><A NAME="SECTION00020000000000000000">
<SPAN CLASS="arabic">1</SPAN> General Info</A>
</H1>

<P>

<H2><A NAME="SECTION00021000000000000000">
<SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">1</SPAN> What is this FAQ for?</A>
</H2>

<P>
Tcpreplay is a suite of powerful tools, but with that power comes
complexity. While I have done my best to write good man pages for
tcpreplay and it's associated utilities, I understand that many people
may want more information then I can provide in the man pages. Additionally,
this FAQ attempts to cover material which I feel will be of use to
people using tcpreplay, as well as common questions that occur on
the Tcpreplay-Users &lt;tcpreplay-users@lists.sourceforge.net&gt; mailing
list.

<P>

<H2><A NAME="SECTION00022000000000000000">
<SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">2</SPAN> What tools come with tcpreplay?</A>
</H2>

<P>

<UL>
<LI>tcpreplay - replay ethernet packets stored in a pcap file as they
were captured 
</LI>
<LI>tcprewrite - edit packets stored in a pcap file
</LI>
<LI>tcpprep - a pcap pre-processor for tcpreplay
</LI>
<LI>flowreplay<A NAME="tex2html1"
  HREF="#foot136"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A> - connects to a server(s) and replays the client side of the connection
stored in a pcap file
</LI>
</UL>

<P>

<H2><A NAME="SECTION00023000000000000000">
<SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">3</SPAN> What tools no longer come with Tcpreplay?</A>
</H2>

<P>
Recently, other people and projects have developed better versions
of two applications that ship with tcpreplay 2.x:

<P>

<UL>
<LI>pcapmerge - merges two or more pcap files into one. Ethereal now ships
with a more powerful appliation called 'mergecap'.
</LI>
<LI>capinfo - displays basic information about a pcap file. Ethereal now
ships with a more powerful application of the same name.
</LI>
</UL>

<P>

<H2><A NAME="SECTION00024000000000000000">
<SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">4</SPAN> How can I get tcpreplay's source?</A>
</H2>

<P>
The source code is available in tarball format on the tcpreplay homepage:
http://tcpreplay.sourceforge.net/ I also encourage users familiar
with Subversion to try checking out the latest code as it often has
additional features and bugfixes not found in the tarballs.

<P>
svn checkout https://www.synfin.net:444/svn/tcpreplay/trunk tcpreplay

<P>

<H2><A NAME="SECTION00025000000000000000">
<SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">5</SPAN> What requirements does tcpreplay have?</A>
</H2>

<P>

<OL>
<LI>You'll need recent versions of the libnet<A NAME="tex2html2"
  HREF="#foot36"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A> and libpcap<A NAME="tex2html3"
  HREF="#foot37"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A> libraries.
</LI>
<LI>To support the packet decoding feature you'll need tcpdump<A NAME="tex2html4"
  HREF="#foot38"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A> installed.
</LI>
<LI>You'll also need a compatible operating system. Basically, any UNIX-like
or UNIX-based operating system should work. Linux, *BSD, Solaris,
OS X and others should all work. If you find any compatibility issues
with any UNIX-like/based OS, please let me know.
</LI>
</OL>

<P>

<H2><A NAME="SECTION00026000000000000000">
<SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">6</SPAN> Are there binaries available?</A>
</H2>

<P>
The tcpreplay project does not maintain binaries for any platforms.
However some operating systems such as Debian GNU/Linux (apt-get)
and OS X (fink) have packages available. Try searching on Google.

<P>

<H2><A NAME="SECTION00027000000000000000">
<SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">7</SPAN> Is there a Microsoft Windows port?</A>
</H2>

<P>
Not really. We had one user port the code over for an old version
of tcpreplay to Windows. Now we're looking for someone to help merge
and maintain the code in to the main development tree. If you're interested
in helping with this please contact Aaron Turner or the tcpreplay-users
list. Other then that, you can download the tcpreplay-win32.zip file
from the website and give it a go. Please understand that the Win32
port of tcpreplay comes with no support whatsoever, so if you run
into a problem you're on your own.

<P>

<H2><A NAME="SECTION00028000000000000000">
<SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">8</SPAN> How is tcpreplay licensed?</A>
</H2>

<P>
Tcpreplay is licensed under a three clause BSD-style license. For
details see the docs/LICENSE file included with the source code.

<P>

<H2><A NAME="SECTION00029000000000000000">
<SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">9</SPAN> What is tcpreplay?</A>
</H2>

<P>
In the simplest terms, tcpreplay is a tool to send network traffic
stored in pcap format back onto the network; basically the exact opposite
of tcpdump. Just to make things more confusing, tcpreplay is also
a suite of tools: tcpreplay, tcpprep, tcprewrite and flowreplay.

<P>

<H2><A NAME="SECTION000210000000000000000">
<SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">10</SPAN> What are some uses for tcpreplay?</A>
</H2>

<P>
Originally, tcpreplay was written to test network intrusion detection
systems (NIDS), however tcpreplay has been used to test firewalls,
routers, and other network devices. With the addition of flowreplay,
most<A NAME="tex2html5"
  HREF="#foot46"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A> any udp or tcp service on a server can be tested as well.

<P>

<H2><A NAME="SECTION000211000000000000000">
<SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">11</SPAN> What are some uses for flowreplay?</A>
</H2>

<P>
A lot of people wanted a tool like tcpreplay, but wanted to be able
to replay traffic <SPAN  CLASS="textit">to</SPAN> a server. Since tcpreplay was unable to
do this, I developed flowreplay which replays the data portion of
the flow, but recreates the connection to the specified server(s).
This makes flowreplay an ideal tool to test host intrusion detection
systems (HIDS) as well as captured exploits and security patches when
the actual exploit code is not available. Please note that flowreplay
is still alpha quality code which means it doesn't work very well
(some would argue it doesn't work at all) and is currently missing
some important features.

<P>

<H2><A NAME="SECTION000212000000000000000">
<SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">12</SPAN> What is the history of tcpreplay?</A>
</H2>

<P>
Tcpreplay has had quite a few authors over the past five or so years.
One of the advantages of the BSD and GPL licenses is that if someone
becomes unable or unwilling to continue development, anyone else can
take over.

<P>
Originally, Matt Undy of Anzen Computing wrote tcpreplay. Matt released
version 1.0.1 sometime in 1999. Sometime after that, Anzen Computing
was (at least partially) purchased by NFR and development ceased.

<P>
Then in 2001, two people independently started work on tcpreplay:
Matt Bing of NFR and Aaron Turner. After developing a series of patches
(the -adt branch), Aaron attempted to send the patches in to be included
in the main development tree.

<P>
After some discussion between Aaron and Matt Bing, they decided to
continue development together. Since then, two major rewrites have
occured, and more then thirty new features have been added, including
the addition of a number of accessory tools.

<P>
Today, Aaron continues active development of the code.

<P>
<BR><HR><H4>Footnotes</H4>
<DL>
<DT><A NAME="foot136">... flowreplay</A><A
 HREF="node2.html#tex2html1"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A></DT>
<DD>Flowreplay is still ``alpha'' quality and is not usable for most
situations. Anyone interested in helping me develop flowreplay is
encouraged to contact me.

</DD>
<DT><A NAME="foot36">... libnet</A><A
 HREF="node2.html#tex2html2"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A></DT>
<DD>http://www.packetfactory.net/libnet/

</DD>
<DT><A NAME="foot37">... libpcap</A><A
 HREF="node2.html#tex2html3"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A></DT>
<DD>http://www.tcpdump.org/

</DD>
<DT><A NAME="foot38">... tcpdump</A><A
 HREF="node2.html#tex2html4"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A></DT>
<DD>http://www.tcpdump.org/

</DD>
<DT><A NAME="foot46">...
most</A><A
 HREF="node2.html#tex2html5"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A></DT>
<DD>Note the flowreplay does not support protocols such as ftp which use
multiple connections.

</DD>
</DL>
<DIV CLASS="navigation"><HR>
<!--Navigation Panel-->
<A NAME="tex2html132"
  HREF="node3.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
<A NAME="tex2html128"
  HREF="FAQ.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
<A NAME="tex2html122"
  HREF="node1.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
<A NAME="tex2html130"
  HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
<BR>
<B> Next:</B> <A NAME="tex2html133"
  HREF="node3.html">2 Bugs, Feature Requests,</A>
<B> Up:</B> <A NAME="tex2html129"
  HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
<B> Previous:</B> <A NAME="tex2html123"
  HREF="node1.html">Contents</A>
 &nbsp; <B>  <A NAME="tex2html131"
  HREF="node1.html">Contents</A></B> </DIV>
<!--End of Navigation Panel-->
<ADDRESS>
Aaron Turner
2005-08-07
</ADDRESS>
</BODY>
</HTML>