index.html 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281
  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  2. <html>
  3. <head>
  4. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  5. <title>Tcpreplay: Pcap editing and replay tools for *NIX</title>
  6. <link rel="stylesheet" type="text/css" title="normal" media="screen" href="web.css" >
  7. </head>
  8. <body>
  9. <table border=0 cellpadding=3 cellspacing=0 width="100%">
  10. <tr>
  11. <td align=center class=title colspan=1>
  12. Tcpreplay: Pcap editing and replay tools for *NIX
  13. </td>
  14. </tr>
  15. <tr>
  16. <td align=right class=menubar>
  17. <!--
  18. <a href="http://sourceforge.net/project/showfiles.php?group_id=48862">Downloads</a> |
  19. <a href="manual.html">Manual</a> |
  20. <a href="faq.html">FAQ</a> |
  21. <a href="http://sourceforge.net/mail/?group_id=48862">Mailing Lists</a> |
  22. <a href="https://www.synfin.net/cgi-bin/viewcvs.cgi/tcpreplay/">SVN
  23. Repository</a>
  24. -->
  25. <a href="#about">About</a> |
  26. <a href="#details">Details</a> |
  27. <a href="#news">News</a> |
  28. <a href="#downloads">Downloads</a> |
  29. <a href="#docs">Documentation</a> |
  30. <a href="#support">Support</a>
  31. </td>
  32. </tr>
  33. </table>
  34. <P>&nbsp;<P>
  35. <table border=0 cellpadding=3 cellspacing=0 width="100%" class=fill>
  36. <a name="about"></a>
  37. <tr><td class=sechdr>About</td></tr>
  38. <tr><td class=section>
  39. Tcpreplay is a suite of BSD licensed tools written by Aaron Turner for *NIX
  40. operating systems which gives you the ability to use previously captured
  41. traffic in <a href="http://www.tcpdump.org">libpcap format</a> to test a
  42. variety of network devices. &nbsp;It allows you to classify traffic as
  43. client or server, rewrite Layer 2, 3 and 4 headers and finally replay the
  44. traffic back onto the network and through other devices such as switches,
  45. routers, firewalls, NIDS and IPS's.
  46. <P>
  47. Voted as <a href="http://www.insecure.org/tools.html"> one of the top 75
  48. security tools</a>, tcpreplay is used by numerous firewall, IDS, IPS and
  49. other networking vendors, enterprises, universities, and open source
  50. projects. If your organization uses tcpreplay, please let me know who you
  51. are and what you use it for so that I can continue to add features which are
  52. useful.
  53. </td>
  54. </tr>
  55. <a name="details"></a>
  56. <tr><td>&nbsp;</td></tr>
  57. <tr><td class=sechdr>Details</td></tr>
  58. <tr><td class=section>
  59. Tcpreplay includes the following tools:
  60. <ul>
  61. <li>tcpprep - multi-pass pcap file pre-processor which
  62. determines packets as client or server and creates cache files
  63. used by tcpreplay and tcprewrite</li>
  64. <li>tcprewrite - pcap file
  65. editor which rewrites TCP/IP and Layer 2 packet headers</li>
  66. <li>tcpreplay - replays pcap files at arbitrary speeds onto the
  67. network</li>
  68. <li>tcpbridge - bridge two network segments with
  69. the power of tcprewrite</li>
  70. <li>flowreplay - emulates a network
  71. client using a pcap file as the basis of a TCP or UDP connection
  72. (currently in alpha)</li>
  73. </ul>
  74. <P>
  75. Generally speaking, most people would first run tcpprep against a pcap file
  76. to create a cache file which splits traffic between client and server if
  77. they are testing an inline device like a firewall or IPS. &nbsp;Then
  78. depending on their network setup and where the pcap was captured, they would
  79. use tcprewrite to edit the packets so that the device under test will
  80. examine them properly. &nbsp;Finally, tcpreplay is used to replay the pcap
  81. onto the network to do the test.
  82. </td>
  83. </tr>
  84. <a name="news"></a>
  85. <tr><td>&nbsp;</td></tr>
  86. <tr><td class=sechdr>News</td></tr>
  87. <tr>
  88. <td class=section>
  89. 2005-07-03<br>
  90. Tcpreplay 2.3.5 is released which fixes a long standing bug
  91. in tcpprep with auto/router mode. Note that *all* tcpprep
  92. releases up to now in all three branches of code (1.x, 2.x
  93. and 3.x) have this bug. 3.0.beta7 will have the fix, but
  94. 1.x is EOL.
  95. <P>
  96. 2005-06-29<br>
  97. Many thanks to <a href="http://www.cse.scu.edu/send.cgi?Z&people/parttime/DorrClark.htm">Dorr
  98. Clark</a> of Santa Clara University who provided me a
  99. really nice <a href="http://www.doxygen.org">doxygen</a>
  100. file for documenting the 3.0 source code.
  101. <P>
  102. 2005-06-28<br>
  103. Beta6 is out. Fixes a number of user reported bugs. Thanks
  104. to all the beta testers who have been giving me such great
  105. feedback. Keep it comming!
  106. <P>
  107. 2005-06-14<br>
  108. Well I got a lot of good feedback on the beta4 release, so
  109. beta5 fixes a number of key bugs and adds a few enhancements
  110. which should help people out. Let me know...
  111. <P>
  112. 2005-06-05<br>
  113. Released 3.0.beta4 and 2.3.4. Both fix problems compiling
  114. under OpenBSD and add support for libpcap 0.5 although some
  115. features may be disabled. 3.0.beta4 also fixes a number of
  116. bugs during both compile and runtime... check the changelog
  117. for details.
  118. <P>
  119. 2005-05-28<br>
  120. Ugh. <a href="http://libnids.sourceforge.net/">libnids</a>
  121. is so close and yet so far away. It handles the basic
  122. functionality of doing IP defragmentation and TCP stream
  123. reassembly which I need for flowreplay, but yet misses the
  124. boat on a number of key requirements... the biggest of which
  125. are no multi-thread support or proper handling of multiple
  126. pcap files.
  127. <P>
  128. Unfortunately, doing proper multi-thread support would
  129. require an API change... something that the libnids author
  130. is unwilling to do. The only option seems to be a fork of
  131. the code, but that's plain ugly... Suggestions?
  132. <P>
  133. 2005-05-12<br>
  134. Oops. I thought I fixed a compile problem with dlt2desc
  135. in 3.0.beta3, but apparently I goofed. If you get an error
  136. complaining about multiple definitions, then go into
  137. src/edit_packet.c and delete the line:<P>
  138. <pre>
  139. #include "dlt_names.h"
  140. </pre>
  141. <P>
  142. 2005-03-09<br>
  143. Just re-posted a <a
  144. href="https://sourceforge.net/people/viewjob.php?group_id=48862&job_id=21661">job
  145. posting for a technical writer/editor</a> to help me
  146. with the tcpreplay documentation. If you are interested in
  147. getting some good tech writing experiance in the
  148. networking/security space, then this might just be the
  149. opportunity for you!
  150. </td>
  151. </tr>
  152. <a name="download"></a>
  153. <tr><td>&nbsp;</td></tr>
  154. <tr><td class=sechdr>Get It</td></tr>
  155. <tr><td class=section>
  156. Releases:
  157. <ul>
  158. <li>Latest development release:
  159. <a
  160. href="http://prdownloads.sourceforge.net/tcpreplay/tcpreplay-3.0.beta6.tar.gz">tcpreplay-3.0.beta6.tar.gz</a>
  161. (<a
  162. href="CHANGELOG">Changelog</a>)
  163. </li>
  164. <li>
  165. Latest stable release:
  166. <a href="http://prdownloads.sourceforge.net/tcpreplay/tcpreplay-2.3.5.tar.gz">tcpreplay-2.3.5.tar.gz</a>
  167. (<a
  168. href="http://sourceforge.net/project/shownotes.php?release_id=339538">release notes</a>)
  169. </li>
  170. <li>
  171. Last release supporting Libnet 1.0.x:
  172. <a href="http://prdownloads.sourceforge.net/tcpreplay/tcpreplay-1.3.3.tar.gz">tcpreplay-1.3.3.tar.gz</a>
  173. (<a
  174. href="http://sourceforge.net/project/shownotes.php?release_id=156906">release
  175. notes</a>) Note that the 1.x series is EOL.
  176. </li>
  177. <li><a
  178. href="http://sourceforge.net/project/showfiles.php?group_id=48862">
  179. Past releases</a>
  180. </li>
  181. </ul>
  182. <P>
  183. Source via Subversion:<br>
  184. svn co https://www.synfin.net/svn/tcpreplay/trunk tcpreplay-trunk<br>
  185. or view it online using
  186. <a href="https://www.synfin.net/cgi-bin/viewcvs.cgi/tcpreplay/">
  187. the web interface</a>
  188. <P>
  189. Packages:
  190. <ul>
  191. <li>Apple OS X users can try Darian Lanx's Fink package: <i>fink install tcpreplay</i></li>
  192. <li>Debian users can try Noel Koethe's APT package: <i>apt-get install tcpreplay</i></li>
  193. <li>
  194. Win32 users can try
  195. <a
  196. href="http://sourceforge.net/project/showfiles.php?group_id=48862&package_id=144474">this
  197. UNOFFICAL and UNSUPPORTED</a> port. &nbsp;Note: anyone interested in helping with an offical Win32 port of tcpreplay should contact me.
  198. </li>
  199. </td>
  200. <a name="docs"></a>
  201. <tr><td>&nbsp;</td></tr>
  202. <tr><td class=sechdr>Documentation</td></tr>
  203. <tr>
  204. <td><table border=0 cellpadding=0 cellspacing=0 width="100%">
  205. <tr valign=top>
  206. <td class=section width="50%">
  207. 3.x Docs:
  208. <ul>
  209. <li><a href="manual/index.html">Manual</a></li>
  210. <li><a href="FAQ/index.html">Frequently Asked Questions</a></li>
  211. <li><a href="doxygen/html/index.html">Source code documentation via
  212. Doxygen</a></li>
  213. </ul>
  214. 3.x Man Pages:
  215. <ul>
  216. <li><a href="man/tcpreplay.html">tcpreplay</a></li>
  217. <li><a href="man/tcpprep.html">tcpprep</a></li>
  218. <li><a href="man/tcprewrite.html">tcprewrite</a></li>
  219. <li><a href="man/flowreplay.html">flowreplay</a></li>
  220. <li><a href="man/tcpbridge.html">tcpbridge</a></li>
  221. </ul>
  222. </td>
  223. <td class=section>
  224. 2.x Docs:
  225. <ul>
  226. <li><a href="tcpreplay-2-faq.html">Frequently Asked
  227. Questions</a></li>
  228. </uL>
  229. </td>
  230. </tr>
  231. </table>
  232. </td>
  233. </tr>
  234. <a name="support"></a>
  235. <tr><td>&nbsp;</td></tr>
  236. <tr><td class=sechdr>Support</td></tr>
  237. <tr><td class=section>
  238. Sourceforge has a support, bug and patch ticket tracking system which we <b>do not use</b>.
  239. &nbsp;So if you submit a ticket into any of those systems, it will likely be ignored for a few
  240. months, if not longer. &nbsp;Hence, you should be using the
  241. <a href="http://sourceforge.net/mail/?group_id=48862">tcpreplay-users mailing
  242. list</a> for support. (Note, due to spam, the
  243. tcpreplay-users list is a closed list, so you will need to
  244. subscribe in order to post.)
  245. <P>
  246. Please note that tcpreplay has a lot of documentation.
  247. &nbsp;Please read the documentation before asking for help.
  248. <P>
  249. You may also be interested in checking out
  250. <a href="http://www.sourceforge.net/projects/tcpreplay/">
  251. tcpreplay's SourceForge project page</a>.
  252. </ul>
  253. </td>
  254. </tr>
  255. <tr>
  256. <td align=center>
  257. <a href="http://sourceforge.net"><img
  258. src="http://sourceforge.net/sflogo.php?group_id=48862&type=1"
  259. width="88" height="31" border="0" alt="SourceForge.net
  260. Logo" /></a>
  261. </td>
  262. </tr>
  263. </table>
  264. </body>
  265. </html>