tcpreplay/src/tcpreplay.1

.de1 NOP
.  it 1 an-trap
.  if \\n[.$] \,\\$*\/
..
.ie t \
.ds B-Font [CB]
.ds I-Font [CI]
.ds R-Font [CR]
.el \
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH tcpreplay-edit 1 "26 Apr 2017" "tcpreplay" "User Commands"
.\"
.\" DO NOT EDIT THIS FILE (in-mem file)
.\"
.\" It has been AutoGen-ed
.\" From the definitions tcpreplay_opts.def
.\" and the template file agman-cmd.tpl
.SH NAME
\f\*[B-Font]tcpreplay-edit\fP
\- Replay network traffic stored in pcap files
.SH SYNOPSIS
\f\*[B-Font]tcpreplay-edit\fP
.\" Mixture of short (flag) options and long options
[\f\*[B-Font]\-flags\f[]]
[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
<pcap_file(s)>
.sp \n(Ppu
.ne 2

tcpreplay is a tool for replaying network traffic from files saved with
tcpdump or other tools which write pcap(3) files.
.SH "DESCRIPTION"
The basic operation of tcpreplay is to resend  all  packets  from  the
input file(s) at the speed at which they were recorded, or a specified 
data rate, up to as fast as the hardware is capable.
.sp
Optionally, the traffic can be split between two interfaces, written to
files, filtered and edited in various ways, providing the means to test
firewalls, NIDS and other network devices.
.sp
For more details, please see the Tcpreplay Manual at:
http://tcpreplay.appneta.com
.SH "OPTIONS"
.SS ""
.TP
.NOP \f\*[B-Font]\-r\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-portmap\f[]=\f\*[I-Font]string\f[]
Rewrite TCP/UDP ports.
This option may appear up to \-1 times.
.sp
Specify a list of comma delimited port mappingings consisting of
colon delimited port number pairs.  Each colon delimited port pair
consists of the port to match followed by the port number to rewrite.
.sp
Examples:
.nf
    \--portmap=80:8000 \--portmap=8080:80    # 80->8000 and 8080->80
    \--portmap=8000,8080,88888:80           # 3 different ports become 80
    \--portmap=8000-8999:80                 # ports 8000 to 8999 become 80
.fi
.TP
.NOP \f\*[B-Font]\-s\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-seed\f[]=\f\*[I-Font]number\f[]
Randomize src/dst IPv4/v6 addresses w/ given seed.
This option may appear up to 1 times.
This option must not appear in combination with any of the following options:
fuzz-seed.
This option takes an integer number as its argument.
.sp
Causes the source and destination IPv4/v6 addresses to be pseudo 
randomized but still maintain client/server relationships.
Since the randomization is deterministic based on the seed, 
you can reuse the same seed value to recreate the traffic.
.TP
.NOP \f\*[B-Font]\-N\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-pnat\f[]=\f\*[I-Font]string\f[]
Rewrite IPv4/v6 addresses using pseudo-NAT.
This option may appear up to 2 times.
This option must not appear in combination with any of the following options:
srcipmap.
.sp
Takes a comma delimited series of colon delimited CIDR
netblock pairs.  Each netblock pair is evaluated in order against
the IP addresses.  If the IP address in the packet matches the
first netblock, it is rewritten using the second netblock as a
mask against the high order bits.
.sp
IPv4 Example:
.nf
    \--pnat=192.168.0.0/16:10.77.0.0/16,172.16.0.0/12:10.1.0.0/24
.fi
IPv6 Example:
.nf
    \--pnat=[2001:db8::/32]:[dead::/16],[2001:db8::/32]:[::ffff:0:0/96]
.fi
.TP
.NOP \f\*[B-Font]\-S\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-srcipmap\f[]=\f\*[I-Font]string\f[]
Rewrite source IPv4/v6 addresses using pseudo-NAT.
This option may appear up to 1 times.
This option must not appear in combination with any of the following options:
pnat.
.sp
Works just like the \--pnat option, but only affects the source IP
addresses in the IPv4/v6 header.
.TP
.NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-dstipmap\f[]=\f\*[I-Font]string\f[]
Rewrite destination IPv4/v6 addresses using pseudo-NAT.
This option may appear up to 1 times.
This option must not appear in combination with any of the following options:
pnat.
.sp
Works just like the \--pnat option, but only affects the destination IP
addresses in the IPv4/v6 header.
.TP
.NOP \f\*[B-Font]\-e\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-endpoints\f[]=\f\*[I-Font]string\f[]
Rewrite IP addresses to be between two endpoints.
This option may appear up to 1 times.
This option must appear in combination with the following options:
cachefile.
.sp
Takes a pair of colon delimited IPv4/v6 addresses which will be used to rewrite
all traffic to appear to be between the two IP addresses.
.sp
IPv4 Example:
.nf
    \--endpoints=172.16.0.1:172.16.0.2
.fi
IPv6 Example:
.nf
    \--endpoints=[2001:db8::dead:beef]:[::ffff:0:0:ac:f:0:2]
.fi
.TP
.NOP \f\*[B-Font]\-b\f[], \f\*[B-Font]\-\-skipbroadcast\f[]
Skip rewriting broadcast/multicast IPv4/v6 addresses.
.sp
By default \--seed, \--pnat and \--endpoints will rewrite 
broadcast and multicast IPv4/v6 and MAC addresses.	Setting this flag
will keep broadcast/multicast IPv4/v6 and MAC addresses from being rewritten.
.TP
.NOP \f\*[B-Font]\-C\f[], \f\*[B-Font]\-\-fixcsum\f[]
Force recalculation of IPv4/TCP/UDP header checksums.
.sp
Causes each IPv4/v6 packet to have their checksums recalculated and
fixed.  Automatically enabled for packets modified with \fB--seed\fP, 
\fB--pnat\fP, \fB--endpoints\fP or \fB--fixlen\fP.
.TP
.NOP \f\*[B-Font]\-m\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-mtu\f[]=\f\*[I-Font]number\f[]
Override default MTU length (1500 bytes).
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  1 through MAXPACKET
.fi
.in -4
.sp
Override the default 1500 byte MTU size for determining the maximum padding length 
(--fixlen=pad) or when truncating (--mtu-trunc).
.TP
.NOP \f\*[B-Font]\-\-mtu\-trunc\f[]
Truncate packets larger then specified MTU.
This option may appear up to 1 times.
.sp
Similar to \--fixlen, this option will truncate data in packets from Layer 3 and above to be 
no larger then the MTU.
.TP
.NOP \f\*[B-Font]\-E\f[], \f\*[B-Font]\-\-efcs\f[]
Remove Ethernet checksums (FCS) from end of frames.
.sp
Note, this option is pretty dangerous!  We do not actually check to see if a FCS
actually exists in the frame, we just blindly delete the last 4 bytes.  Hence,
you should only use this if you know know that your OS provides the FCS when 
reading raw packets.
.TP
.NOP \f\*[B-Font]\-\-ttl\f[]=\f\*[I-Font]string\f[]
Modify the IPv4/v6 TTL/Hop Limit.
.sp
Allows you to modify the TTL/Hop Limit of all the IPv4/v6 packets.  Specify a number to hard-code
the value or +/-value to increase or decrease by the value provided (limited to 1-255).
.sp
Examples:
.nf
    \--ttl=10
    \--ttl=+7
    \--ttl=-64
.fi
.TP
.NOP \f\*[B-Font]\-\-tos\f[]=\f\*[I-Font]number\f[]
Set the IPv4 TOS/DiffServ/ECN byte.
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  0 through 255
.fi
.in -4
.sp
Allows you to override the TOS (also known as DiffServ/ECN) value in IPv4.
.TP
.NOP \f\*[B-Font]\-\-tclass\f[]=\f\*[I-Font]number\f[]
Set the IPv6 Traffic Class byte.
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  0 through 255
.fi
.in -4
.sp
Allows you to override the IPv6 Traffic Class field.
.TP
.NOP \f\*[B-Font]\-\-flowlabel\f[]=\f\*[I-Font]number\f[]
Set the IPv6 Flow Label.
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  0 through 1048575
.fi
.in -4
.sp
Allows you to override the 20bit IPv6 Flow Label field.  Has no effect on IPv4 
packets.
.TP
.NOP \f\*[B-Font]\-F\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-fixlen\f[]=\f\*[I-Font]string\f[]
Pad or truncate packet data to match header length.
This option may appear up to 1 times.
.sp
Packets may be truncated during capture if the snaplen is smaller then the
packet.  This option allows you to modify the packet to pad the packet back
out to the size stored in the IPv4/v6 header or rewrite the IP header total length
to reflect the stored packet length.
.sp 1
\fBpad\fP
Truncated packets will be padded out so that the packet length matches the 
IPv4 total length
.sp 1
\fBtrunc\fP
Truncated packets will have their IPv4 total length field rewritten to match
the actual packet length
.sp 1
\fBdel\fP
Delete the packet
.TP
.NOP \f\*[B-Font]\-\-fuzz\-seed\f[]=\f\*[I-Font]number\f[]
Fuzz 1/8 packet. Edit Bytes, length, or emulate packet drop.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
greater than or equal to 0
.fi
.in -4
The default
\f\*[I-Font]number\f[]
for this option is:
.ti +4
 0
.sp
This fuzzing was designed as to test layer 7 protocols such as voip protocols.
It modifies randomly 1 out of 8 packets in order for stateful protocols to cover
more of their code.  The random fuzzing actions focus on data start and end
because it often is the part of the data application protocols base their
decisions on.
.sp
Possible fuzzing actions list:
 * drop packet
 * reduce packet size
 * edit packet Bytes:
   * Not all Bytes have the same probability of appearance in real life.
     Replace with 0x00, 0xFF, or a random byte with equal likelyhook
   * Not all Bytes have the same significance in a packet.
     Replace the start, the end, or the middle of the packet with equal likelihood.
 * do nothing (7 out of 8 packets)
.TP
.NOP \f\*[B-Font]\-\-skipl2broadcast\f[]
Skip rewriting broadcast/multicast Layer 2 addresses.
.sp
By default, editing Layer 2 addresses will rewrite 
broadcast and multicast MAC addresses.	Setting this flag
will keep broadcast/multicast MAC addresses from being rewritten.
.TP
.NOP \f\*[B-Font]\-\-dlt\f[]=\f\*[I-Font]string\f[]
Override output DLT encapsulation.
This option may appear up to 1 times.
.sp
By default, no DLT (data link type) conversion will be made.  
To change the DLT type of the output pcap, select one of the following values:
.sp 1
\fBenet\fP
Ethernet aka DLT_EN10MB
.sp 1
\fBhdlc\fP
Cisco HDLC aka DLT_C_HDLC
.sp 1
\fBjnpr_ether\fP
Juniper Ethernet DLT_C_JNPR_ETHER
.sp 1
\fBpppserial\fP
PPP Serial aka DLT_PPP_SERIAL
.sp 1
\fBuser\fP
User specified Layer 2 header and DLT type
.br
.TP
.NOP \f\*[B-Font]\-\-enet\-dmac\f[]=\f\*[I-Font]string\f[]
Override destination ethernet MAC addresses.
This option may appear up to 1 times.
.sp
Takes a pair of comma deliminated ethernet MAC addresses which
will replace the destination MAC address of outbound packets.
The first MAC address will be used for the server to client traffic
and the optional second MAC address will be used for the client
to server traffic.
.sp
Example:
.nf
    \--enet-dmac=00:12:13:14:15:16,00:22:33:44:55:66
.fi
.TP
.NOP \f\*[B-Font]\-\-enet\-smac\f[]=\f\*[I-Font]string\f[]
Override source ethernet MAC addresses.
This option may appear up to 1 times.
.sp
Takes a pair of comma deliminated ethernet MAC addresses which
will replace the source MAC address of outbound packets.
The first MAC address will be used for the server to client traffic
and the optional second MAC address will be used for the client 
to server traffic.
.sp
Example:
.nf
    \--enet-smac=00:12:13:14:15:16,00:22:33:44:55:66
.fi
.TP
.NOP \f\*[B-Font]\-\-enet\-subsmac\f[]=\f\*[I-Font]string\f[]
Substitute MAC addresses.
This option may appear up to 9999 times.
.sp
Allows you to rewrite ethernet MAC addresses of packets. It takes
comma delimited pair or MACs address and rewrites all occurrences of
the first MAC with the value of the second MAC.
Example:
.nf
    \--enet-subsmac=00:12:13:14:15:16,00:22:33:44:55:66
.fi
.TP
.NOP \f\*[B-Font]\-\-enet\-mac\-seed\f[]=\f\*[I-Font]number\f[]
Randomize MAC addresses.
This option may appear up to 1 times.
This option must not appear in combination with any of the following options:
enet-smac, enet-dmac, enet-subsmac.
This option takes an integer number as its argument.
.sp
Allows you to randomize ethernet MAC addresses of packets, mostly
like what \fB--seed\fP option does for IPv4/IPv6 addresses.
.TP
.NOP \f\*[B-Font]\-\-enet\-mac\-seed\-keep\-bytes\f[]=\f\*[I-Font]number\f[]
Randomize MAC addresses.
This option may appear up to 1 times.
This option must appear in combination with the following options:
enet-mac-seed.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  1 through 6
.fi
.in -4
.sp
Keep some bytes untouched when usinging \fB--enet-mac-seed\fP option.
.TP
.NOP \f\*[B-Font]\-\-enet\-vlan\f[]=\f\*[I-Font]string\f[]
Specify ethernet 802.1q VLAN tag mode.
This option may appear up to 1 times.
.sp
Allows you to rewrite ethernet frames to add a 802.1q header to standard 802.3
ethernet headers or remove the 802.1q VLAN tag information.
.sp 1
\fBadd\fP
Rewrites the existing 802.3 ethernet header as an 802.1q VLAN header
.sp 1
\fBdel\fP
Rewrites the existing 802.1q VLAN header as an 802.3 ethernet header
.TP
.NOP \f\*[B-Font]\-\-enet\-vlan\-tag\f[]=\f\*[I-Font]number\f[]
Specify the new ethernet 802.1q VLAN tag value.
This option may appear up to 1 times.
This option must appear in combination with the following options:
enet-vlan.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  0 through 4095
.fi
.in -4
.sp
.TP
.NOP \f\*[B-Font]\-\-enet\-vlan\-cfi\f[]=\f\*[I-Font]number\f[]
Specify the ethernet 802.1q VLAN CFI value.
This option may appear up to 1 times.
This option must appear in combination with the following options:
enet-vlan.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  0 through 1
.fi
.in -4
.sp
.TP
.NOP \f\*[B-Font]\-\-enet\-vlan\-pri\f[]=\f\*[I-Font]number\f[]
Specify the ethernet 802.1q VLAN priority.
This option may appear up to 1 times.
This option must appear in combination with the following options:
enet-vlan.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  0 through 7
.fi
.in -4
.sp
.TP
.NOP \f\*[B-Font]\-\-hdlc\-control\f[]=\f\*[I-Font]number\f[]
Specify HDLC control value.
This option may appear up to 1 times.
This option takes an integer number as its argument.
.sp
The Cisco HDLC header has a 1 byte "control" field.  Apparently this should 
always be 0, but if you can use any 1 byte value.
.TP
.NOP \f\*[B-Font]\-\-hdlc\-address\f[]=\f\*[I-Font]number\f[]
Specify HDLC address.
This option may appear up to 1 times.
This option takes an integer number as its argument.
.sp
The Cisco HDLC header has a 1 byte "address" field which has two valid 
values:
.sp 1
\fB0x0F\fP
Unicast
.sp 1
\fB0xBF\fP
Broadcast
.br
You can however specify any single byte value.
.TP
.NOP \f\*[B-Font]\-\-user\-dlt\f[]=\f\*[I-Font]number\f[]
Set output file DLT type.
This option may appear up to 1 times.
This option takes an integer number as its argument.
.sp
Set the DLT value of the output pcap file.
.TP
.NOP \f\*[B-Font]\-\-user\-dlink\f[]=\f\*[I-Font]string\f[]
Rewrite Data-Link layer with user specified data.
This option may appear up to 2 times.
.sp
Provide a series of comma deliminated hex values which will be
used to rewrite or create the Layer 2 header of the packets.
The first instance of this argument will rewrite both server
and client traffic, but if this argument is specified a second
time, it will be used for the client traffic.
.sp
Example:
.nf
    \--user-dlink=01,02,03,04,05,06,00,1A,2B,3C,4D,5E,6F,08,00
.fi
.TP
.NOP \f\*[B-Font]\-d\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-dbug\f[]=\f\*[I-Font]number\f[]
Enable debugging output.
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  0 through 5
.fi
.in -4
The default
\f\*[I-Font]number\f[]
for this option is:
.ti +4
 0
.sp
If configured with \--enable-debug, then you can specify a verbosity 
level for debugging output.  Higher numbers increase verbosity.
.TP
.NOP \f\*[B-Font]\-q\f[], \f\*[B-Font]\-\-quiet\f[]
Quiet mode.
.sp
Print nothing except the statistics at the end of the run
.TP
.NOP \f\*[B-Font]\-T\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-timer\f[]=\f\*[I-Font]string\f[]
Select packet timing mode: select, ioport, gtod, nano.
This option may appear up to 1 times.
The default
\f\*[I-Font]string\f[]
for this option is:
.ti +4
 gtod
.sp
Allows you to select the packet timing method to use:
.sp
.IR "nano"
- Use nanosleep() API
.sp
.IR "select"
- Use select() API
.sp
.IR "ioport"
- Write to the i386 IO Port 0x80
.sp
.IR "gtod [default]"
- Use a gettimeofday() loop
.br
.TP
.NOP \f\*[B-Font]\-\-maxsleep\f[]=\f\*[I-Font]number\f[]
Sleep for no more then X milliseconds between packets.
This option takes an integer number as its argument.
The default
\f\*[I-Font]number\f[]
for this option is:
.ti +4
 0
.sp
Set a limit for the maximum number of milliseconds that tcpreplay will sleep
between packets.  Effectively prevents long delays between packets without
effecting the majority of packets.  Default is disabled.
.TP
.NOP \f\*[B-Font]\-v\f[], \f\*[B-Font]\-\-verbose\f[]
Print decoded packets via tcpdump to STDOUT.
This option may appear up to 1 times.
.sp
.TP
.NOP \f\*[B-Font]\-A\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-decode\f[]=\f\*[I-Font]string\f[]
Arguments passed to tcpdump decoder.
This option may appear up to 1 times.
This option must appear in combination with the following options:
verbose.
.sp
When enabling verbose mode (\fB-v\fP) you may also specify one or more
additional  arguments to pass to \fBtcpdump\fP to modify the way packets
are decoded.  By default, \-n and \-l are used.   Be  sure  to
quote the arguments like: \-A "-axxx" so that they are not interpreted
by tcpreplay.   Please see the tcpdump(1) man page for a complete list of 
options.
.TP
.NOP \f\*[B-Font]\-K\f[], \f\*[B-Font]\-\-preload\-pcap\f[]
Preloads packets into RAM before sending.
.sp
This option loads the specified pcap(s) into RAM before starting to send in order
to improve replay performance while introducing a startup performance hit.
Preloading can be used with or without \fB--loop\fP. This option also suppresses
flow statistics collection for every iteration, which can significantly reduce
memory usage. Flow statistics are predicted based on options supplied and
statistics collected from the first loop iteration.
.TP
.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-cachefile\f[]=\f\*[I-Font]string\f[]
Split traffic via a tcpprep cache file.
This option may appear up to 1 times.
This option must appear in combination with the following options:
intf2.
This option must not appear in combination with any of the following options:
dualfile.
.sp
If you have a pcap file you would like to use to send bi-directional
traffic through a device (firewall, router, IDS, etc) then using tcpprep
you can create a cachefile which tcpreplay will use to split the traffic
across two network interfaces.
.TP
.NOP \f\*[B-Font]\-2\f[], \f\*[B-Font]\-\-dualfile\f[]
Replay two files at a time from a network tap.
This option may appear up to 1 times.
This option must appear in combination with the following options:
intf2.
This option must not appear in combination with any of the following options:
cachefile.
.sp
If you captured network traffic using a network tap, then you can end up with
two pcap files- one for each direction.  This option will replay these two
files at the same time, one on each interface and inter-mix them using the 
timestamps in each.
.TP
.NOP \f\*[B-Font]\-i\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-intf1\f[]=\f\*[I-Font]string\f[]
Client to server/RX/primary traffic output interface.
This option may appear up to 1 times.
.sp
Required network interface used to send either all traffic or traffic which is 
marked as 'primary' via tcpprep.  Primary traffic is usually client-to-server 
or inbound (RX) on khial virtual interfaces.
.TP
.NOP \f\*[B-Font]\-I\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-intf2\f[]=\f\*[I-Font]string\f[]
Server to client/TX/secondary traffic output interface.
This option may appear up to 1 times.
.sp
Optional network interface used to send traffic which is marked as 'secondary' 
via tcpprep.  Secondary traffic is usually server-to-client or outbound 
(TX) on khial virtual interfaces.  Generally, it only makes sense to use this
option with \--cachefile.
.TP
.NOP \f\*[B-Font]\-\-listnics\f[]
List available network interfaces and exit.
.sp
.TP
.NOP \f\*[B-Font]\-l\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-loop\f[]=\f\*[I-Font]number\f[]
Loop through the capture file X times.
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
greater than or equal to 0
.fi
.in -4
The default
\f\*[I-Font]number\f[]
for this option is:
.ti +4
 1
.sp
.TP
.NOP \f\*[B-Font]\-\-loopdelay\-ms\f[]=\f\*[I-Font]number\f[]
Delay between loops in milliseconds.
This option must appear in combination with the following options:
loop.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
greater than or equal to 0
.fi
.in -4
The default
\f\*[I-Font]number\f[]
for this option is:
.ti +4
 0
.sp
.TP
.NOP \f\*[B-Font]\-\-pktlen\f[]
Override the snaplen and use the actual packet len.
This option may appear up to 1 times.
.sp
By default, tcpreplay will send packets based on the size of the "snaplen"
stored in the pcap file which is usually the correct thing to do.  However,
occasionally, tools will store more bytes then told to.  By specifying this
option, tcpreplay will ignore the snaplen field and instead try to send
packets based on the original packet length.  Bad things may happen if
you specify this option.
.TP
.NOP \f\*[B-Font]\-L\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-limit\f[]=\f\*[I-Font]number\f[]
Limit the number of packets to send.
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
greater than or equal to 1
.fi
.in -4
The default
\f\*[I-Font]number\f[]
for this option is:
.ti +4
 \-1
.sp
By default, tcpreplay will send all the packets.  Alternatively, you can 
specify a maximum number of packets to send.  
.TP
.NOP \f\*[B-Font]\-\-duration\f[]=\f\*[I-Font]number\f[]
Limit the number of seconds to send.
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
greater than or equal to 1
.fi
.in -4
The default
\f\*[I-Font]number\f[]
for this option is:
.ti +4
 \-1
.sp
By default, tcpreplay will send all the packets.  Alternatively, you can
specify a maximum number of seconds to transmit.
.TP
.NOP \f\*[B-Font]\-x\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-multiplier\f[]=\f\*[I-Font]string\f[]
Modify replay speed to a given multiple.
This option may appear up to 1 times.
This option must not appear in combination with any of the following options:
pps, mbps, oneatatime, topspeed.
.sp
Specify a value to modify the packet replay speed.
Examples:
.nf
        2.0 will replay traffic at twice the speed captured
        0.7 will replay traffic at 70% the speed captured
.fi
.TP
.NOP \f\*[B-Font]\-p\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-pps\f[]=\f\*[I-Font]string\f[]
Replay packets at a given packets/sec.
This option may appear up to 1 times.
This option must not appear in combination with any of the following options:
multiplier, mbps, oneatatime, topspeed.
.sp
Specify a value to regulate the packet replay to a specific packet-per-second rate.
Examples:
.nf
        200 will replay traffic at 200 packets per second
        0.25 will replay traffic at 15 packets per minute
.fi
.TP
.NOP \f\*[B-Font]\-M\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-mbps\f[]=\f\*[I-Font]string\f[]
Replay packets at a given Mbps.
This option may appear up to 1 times.
This option must not appear in combination with any of the following options:
multiplier, pps, oneatatime, topspeed.
.sp
Specify a floating point value for the Mbps rate that tcpreplay
should send packets at.
.TP
.NOP \f\*[B-Font]\-t\f[], \f\*[B-Font]\-\-topspeed\f[]
Replay packets as fast as possible.
This option must not appear in combination with any of the following options:
mbps, multiplier, pps, oneatatime.
.sp
.TP
.NOP \f\*[B-Font]\-o\f[], \f\*[B-Font]\-\-oneatatime\f[]
Replay one packet at a time for each user input.
This option must not appear in combination with any of the following options:
mbps, pps, multiplier, topspeed.
.sp
Allows you to step through one or more packets at a time.
.TP
.NOP \f\*[B-Font]\-\-pps\-multi\f[]=\f\*[I-Font]number\f[]
Number of packets to send for each time interval.
This option must appear in combination with the following options:
pps.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
greater than or equal to 1
.fi
.in -4
The default
\f\*[I-Font]number\f[]
for this option is:
.ti +4
 1
.sp
When trying to send packets at very high rates, the time between each packet
can be so short that it is impossible to accurately sleep for the required
period of time.  This option allows you to send multiple packets at a time,
thus allowing for longer sleep times which can be more accurately implemented.
.TP
.NOP \f\*[B-Font]\-\-unique\-ip\f[]
Modify IP addresses each loop iteration to generate unique flows.
This option must appear in combination with the following options:
loop.
This option must not appear in combination with any of the following options:
seed, fuzz-seed.
.sp
Ensure IPv4 and IPv6 packets will be unique for each \fB--loop\fP iteration. 
This is done in a way that will not alter packet CRC, and therefore will genrally
not affect performance. This option will significantly increase the flows/sec over
generated over multiple loop iterations.
.TP
.NOP \f\*[B-Font]\-\-unique\-ip\-loops\f[]=\f\*[I-Font]string\f[]
Number of times to loop before assigning new unique ip.
This option may appear up to 1 times.
This option must appear in combination with the following options:
unique-ip.
.sp
Number of \fB--loop\fP iterations before a new unique IP is assigned. Default
is 1. Assumes both \fB--loop\fP and \fB--unique-ip\fP.
.TP
.NOP \f\*[B-Font]\-\-netmap\f[]
Write packets directly to netmap enabled network adapter.
.sp
This feature will detect netmap capable network drivers on Linux and BSD
systems. If detected, the network driver is bypassed for the execution
duration, and network buffers will be written to directly. This will allow
you to achieve full line rates on commodity network adapters, similar to rates
achieved by commercial network traffic generators. Note that bypassing the network
driver will disrupt other applications connected through the test interface. See
INSTALL for more information.
.sp
This feature can also be enabled by specifying an interface as 'netmap:<intf>'
or 'vale:<intf>. For example 'netmap:eth0' specifies netmap over interface eth0.
.TP
.NOP \f\*[B-Font]\-\-nm\-delay\f[]=\f\*[I-Font]number\f[]
Netmap startup delay.
This option takes an integer number as its argument.
The default
\f\*[I-Font]number\f[]
for this option is:
.ti +4
 10
.sp
Number of seconds to delay after netmap is loaded. Required to ensure interfaces
are fully up before netmap transmit. Requires netmap option. Default is 10 seconds.
.TP
.NOP \f\*[B-Font]\-\-no\-flow\-stats\f[]
Suppress printing and tracking flow count, rates and expirations.
.sp
Suppress the collection and printing of flow statistics. This option may
improve performance when not using \fB--preload-pcap\fP option, otherwise
its only function is to suppress printing. 
.sp
The flow feature will track and print statistics of the flows being sent. 
A flow is loosely defined as a unique combination of a 5-tuple, i.e. 
source IP, destination IP, source port, destination port and protocol.
.sp
If \fB--loop\fP is specified, the flows from one iteration to the next
will not be unique, unless the packets are altered. Use \fB--unique-ip\fP
or \fBtcpreplay-edit\fP to alter packets between iterations. 
.TP
.NOP \f\*[B-Font]\-\-flow\-expiry\f[]=\f\*[I-Font]number\f[]
Number of inactive seconds before a flow is considered expired.
This option must not appear in combination with any of the following options:
no-flow-stats.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
greater than or equal to 0
.fi
.in -4
The default
\f\*[I-Font]number\f[]
for this option is:
.ti +4
 0
.sp
This option will track and report flow expirations based on the flow idle
times. The timestamps within the pcap file are used to determine the expiry,
not the actual timestamp of the packets are replayed. For example, a value of
30 suggests that if no traffic is seen on a flow for 30 seconds, any
subsequent traffic would be considered a new flow, and thereby will increment
the flows and flows per second (fps) statistics. 
.sp
This option can be used to optimize flow timeout settings for flow products.
Setting the timeout low may lead to flows being dropped when in fact the flow
is simply slow to respond. Configuring your flow timeouts too high may
increase resources required by your flow product.
.sp
Note that using this option while replaying at higher than original speeds
can lead to inflated flows and fps counts.
.sp
Default is 0 (no expiry) and a typical value is 30-120 seconds.
.TP
.NOP \f\*[B-Font]\-P\f[], \f\*[B-Font]\-\-pid\f[]
Print the PID of tcpreplay at startup.
.sp
.TP
.NOP \f\*[B-Font]\-\-stats\f[]=\f\*[I-Font]number\f[]
Print statistics every X seconds, or every loop if '0'.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
greater than or equal to 0
.fi
.in -4
.sp
Note that timed delays are a "best effort" and long delays between
sending packets may cause equally long delays between printing statistics.
.TP
.NOP \f\*[B-Font]\-V\f[], \f\*[B-Font]\-\-version\f[]
Print version information.
.sp
.TP
.NOP \f\*[B-Font]\-h\f[], \f\*[B-Font]\-\-less\-help\f[]
Display less usage information and exit.
.sp
.TP
.NOP \f\*[B-Font]\-H\f[], \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
.NOP \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
Save the option state to \fIcfgfile\fP.  The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
.TP
.NOP \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
Load options from \fIcfgfile\fP.
The \fIno-load-opts\fP form will disable the loading
of earlier config/rc/ini files.  \fI\-\-no-load-opts\fP is handled early,
out of order.
.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from configuration ("RC" or ".INI") file(s).
The \fIhomerc\fP file is "\fI$$/\fP", unless that is a directory.
In that case, the file "\fI.tcpreplay-editrc\fP"
is searched for within that directory.
.SH "FILES"
See \fBOPTION PRESETS\fP for configuration files.
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
.NOP 66 " (EX_NOINPUT)"
A specified configuration file could not be loaded.
.TP
.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error.  Please report
it to autogen-users@lists.sourceforge.net.  Thank you.
.PP
.SH "AUTHORS"
Copyright 2013-2017 Fred Klassen \- AppNeta
Copyright 2000-2012 Aaron Turner
For support please use the tcpreplay-users@lists.sourceforge.net mailing list.
The latest version of this software is always available from:
http://tcpreplay.appneta.com/
.SH "COPYRIGHT"
Copyright (C) 2000-2017 Aaron Turner and Fred Klassen all rights reserved.
This program is released under the terms of the GNU General Public License, version 3 or later.
.SH "BUGS"
Please send bug reports to: tcpreplay-users@lists.sourceforge.net
.SH "NOTES"
This manual page was \fIAutoGen\fP-erated from the \fBtcpreplay-edit\fP
option definitions.