node4.html 7.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213
  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
  2. <!--Converted with LaTeX2HTML 2002-2-1 (1.70)
  3. original version by: Nikos Drakos, CBLU, University of Leeds
  4. * revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
  5. * with significant contributions from:
  6. Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
  7. <HTML>
  8. <HEAD>
  9. <TITLE>3 Understanding tcpprep</TITLE>
  10. <META NAME="description" CONTENT="3 Understanding tcpprep">
  11. <META NAME="keywords" CONTENT="FAQ">
  12. <META NAME="resource-type" CONTENT="document">
  13. <META NAME="distribution" CONTENT="global">
  14. <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
  15. <META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
  16. <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
  17. <LINK REL="STYLESHEET" HREF="FAQ.css">
  18. <LINK REL="next" HREF="node5.html">
  19. <LINK REL="previous" HREF="node3.html">
  20. <LINK REL="up" HREF="FAQ.html">
  21. <LINK REL="next" HREF="node5.html">
  22. </HEAD>
  23. <BODY >
  24. <DIV CLASS="navigation"><!--Navigation Panel-->
  25. <A NAME="tex2html173"
  26. HREF="node5.html">
  27. <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
  28. <A NAME="tex2html169"
  29. HREF="FAQ.html">
  30. <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
  31. <A NAME="tex2html163"
  32. HREF="node3.html">
  33. <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
  34. <A NAME="tex2html171"
  35. HREF="node1.html">
  36. <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
  37. <BR>
  38. <B> Next:</B> <A NAME="tex2html174"
  39. HREF="node5.html">4 Common Error and</A>
  40. <B> Up:</B> <A NAME="tex2html170"
  41. HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
  42. <B> Previous:</B> <A NAME="tex2html164"
  43. HREF="node3.html">2 Bugs, Feature Requests,</A>
  44. &nbsp; <B> <A NAME="tex2html172"
  45. HREF="node1.html">Contents</A></B>
  46. <BR>
  47. <BR></DIV>
  48. <!--End of Navigation Panel-->
  49. <!--Table of Child-Links-->
  50. <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
  51. <UL CLASS="ChildLinks">
  52. <LI><A NAME="tex2html175"
  53. HREF="node4.html#SECTION00041000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">1</SPAN> What is tcpprep?</A>
  54. <LI><A NAME="tex2html176"
  55. HREF="node4.html#SECTION00042000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">2</SPAN> How does tcpprep work? </A>
  56. <LI><A NAME="tex2html177"
  57. HREF="node4.html#SECTION00043000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">3</SPAN> Does tcpprep modify my libpcap file?</A>
  58. <LI><A NAME="tex2html178"
  59. HREF="node4.html#SECTION00044000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">4</SPAN> Why use tcpprep?</A>
  60. <LI><A NAME="tex2html179"
  61. HREF="node4.html#SECTION00045000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">5</SPAN> Can a cache file be used for multiple (different) libpcap files? </A>
  62. <LI><A NAME="tex2html180"
  63. HREF="node4.html#SECTION00046000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">6</SPAN> Why would I want to use tcpreplay with two network cards? </A>
  64. <LI><A NAME="tex2html181"
  65. HREF="node4.html#SECTION00047000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">7</SPAN> How big are the cache files?</A>
  66. </UL>
  67. <!--End of Table of Child-Links-->
  68. <HR>
  69. <H1><A NAME="SECTION00040000000000000000">
  70. <SPAN CLASS="arabic">3</SPAN> Understanding tcpprep</A>
  71. </H1>
  72. <P>
  73. <H2><A NAME="SECTION00041000000000000000">
  74. <SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">1</SPAN> What is tcpprep?</A>
  75. </H2>
  76. <P>
  77. Tcpreplay can send traffic out two network cards, however it requires
  78. the calculations be done in real-time. These calculations can be expensive
  79. and can significantly reduce the throughput of tcpreplay.
  80. <P>
  81. Tcpprep is a libpcap pre-processor for tcpreplay which enables using
  82. two network cards to send traffic without the performance hit of doing
  83. the calculations in real-time.
  84. <P>
  85. <H2><A NAME="SECTION00042000000000000000">
  86. <SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">2</SPAN> How does tcpprep work? </A>
  87. </H2>
  88. <P>
  89. Tcpprep reads in a libpcap (tcpdump) formatted capture file and does
  90. some processing to generate a tcpreplay cache file. This cache file
  91. tells tcpreplay which interface a given packet should be sent out
  92. of.
  93. <P>
  94. <H2><A NAME="SECTION00043000000000000000">
  95. <SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">3</SPAN> Does tcpprep modify my libpcap file?</A>
  96. </H2>
  97. <P>
  98. No.
  99. <P>
  100. <H2><A NAME="SECTION00044000000000000000">
  101. <SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">4</SPAN> Why use tcpprep?</A>
  102. </H2>
  103. <P>
  104. There are three major reasons to use tcpprep:
  105. <P>
  106. <OL>
  107. <LI>Tcpprep can split traffic based upon more methods and criteria then
  108. tcpreplay.
  109. </LI>
  110. <LI>By pre-processing the pcap, tcpreplay has a higher theoretical maximum
  111. throughput.
  112. </LI>
  113. <LI>By pre-processing the pcap, tcpreplay can be more accurate in timing
  114. when replaying traffic at normal speed.
  115. </LI>
  116. </OL>
  117. <P>
  118. <H2><A NAME="SECTION00045000000000000000">
  119. <SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">5</SPAN> Can a cache file be used for multiple (different) libpcap files? </A>
  120. </H2>
  121. <P>
  122. Cache files have nothing linking them to a given libpcap file, so
  123. there is nothing to stop you from doing this. However running tcpreplay
  124. with a cache file from a different libpcap source file is likely to
  125. cause a lot of problems and is not supported.
  126. <P>
  127. <H2><A NAME="SECTION00046000000000000000">
  128. <SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">6</SPAN> Why would I want to use tcpreplay with two network cards? </A>
  129. </H2>
  130. <P>
  131. Tcpreplay traditionally is good for putting traffic on a given network,
  132. often used to test a network intrusion detection system (NIDS). However,
  133. there are cases where putting traffic onto a subnet in this manner
  134. is not good enough- you have to be able to send traffic *through*
  135. a device such as a router, firewall, or bridge.
  136. <P>
  137. In these cases, being able to use a single source file (libpcap) for
  138. both ends of the connection solves this problem.
  139. <P>
  140. <H2><A NAME="SECTION00047000000000000000">
  141. <SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">7</SPAN> How big are the cache files?</A>
  142. </H2>
  143. <P>
  144. Very small. Actual size depends on the number of packets in the dump
  145. file. Two bits of data is stored for each packet. On a test using
  146. a 900MB dump file containing over 500,000 packets, the cache file
  147. was only 150K.
  148. <P>
  149. <DIV CLASS="navigation"><HR>
  150. <!--Navigation Panel-->
  151. <A NAME="tex2html173"
  152. HREF="node5.html">
  153. <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
  154. <A NAME="tex2html169"
  155. HREF="FAQ.html">
  156. <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
  157. <A NAME="tex2html163"
  158. HREF="node3.html">
  159. <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
  160. <A NAME="tex2html171"
  161. HREF="node1.html">
  162. <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
  163. <BR>
  164. <B> Next:</B> <A NAME="tex2html174"
  165. HREF="node5.html">4 Common Error and</A>
  166. <B> Up:</B> <A NAME="tex2html170"
  167. HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
  168. <B> Previous:</B> <A NAME="tex2html164"
  169. HREF="node3.html">2 Bugs, Feature Requests,</A>
  170. &nbsp; <B> <A NAME="tex2html172"
  171. HREF="node1.html">Contents</A></B> </DIV>
  172. <!--End of Navigation Panel-->
  173. <ADDRESS>
  174. Aaron Turner
  175. 2005-08-07
  176. </ADDRESS>
  177. </BODY>
  178. </HTML>