cbiedl
/
tcpreplay


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387
							<!--#exec cmd="header tcprewrite" -->
<ul>
</ul><H2>NAME </H2><ul>

tcprewrite - Rewrite the packets in a pcap file.

</ul><H2>SYNOPSIS </H2><ul>

<b>tcprewrite</b> 
[<b>-<i>flag</i></b> [<i>value</i>]]... [<b>--<i>opt-name</i></b> [[=| ]<i>value</i>]]...

<p>
All arguments must be options.

</ul><H2>DESCRIPTION </H2><ul>

This manual page documents, briefly, the <b>tcprewrite</b> command.
Tcprewrite is a tool to rewrite packets stored in <i>pcap(3)</i> file format, 
such as crated by tools such as <i>tcpdump(1)</i> and <i>ethereal(1)</i>.  
Once a pcap file has had it's packets rewritten, they can be replayed back 
out on the network using <i>tcpreplay(1)</i>.

<p>tcprewrite currently supports the following DLT types:
    * DLT_C_HDLC
    * DLT_EN10MB
    * DLT_LINUX_SSL
    * DLT_RAW

<p>The packet editing features of tcprewrite which distinguish between "client"
and "server" traffic requires a tcpprep(1) cache file.

</ul><H2>OPTIONS </H2><ul>

<p><dl compact><dt><b>-D</b> <i>string</i>, <b>--dmac</b>=<b><i>string</i></b>
<dd>Rewrite destination MAC addresses.
This option may appear up to 1 times.
</dl>
<p>
Takes a pair of comma deliminated ethernet MAC addresses which
will replace the destination MAC address of outbound packets.
The first MAC address will be used for the server traffic
and the optional second MAC address will be used for the client
traffic.

<p>Example:
<pre>
    --dmac=00:12:13:14:15:16,00:22:33:44:55:66
<br></pre>
<p><dl compact><dt><b>-S</b> <i>string</i>, <b>--smac</b>=<b><i>string</i></b>
<dd>Rewrite source MAC addresses.
This option may appear up to 1 times.
</dl>
<p>
Takes a pair of comma deliminated ethernet MAC addresses which
will replace the source MAC address of outbound packets.
The first MAC address will be used for the server traffic
and the optional second MAC address will be used for the client traffic.

<p>Example:
<pre>
    --smac=00:12:13:14:15:16,00:22:33:44:55:66
<br></pre>
<p><dl compact><dt><b>-P</b> <i>number</i>, <b>--proto</b>=<b><i>number</i></b>
<dd>Override L2 protocol type for DLT_RAW.
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of <i>number</i> is constrained to being:
<pre>
in the range  0 through 65535
<br></pre>
</dl>
<p>
By default, pcap files encapsulated using DLT_RAW will have their protocol
set to ETHERTYPE_IP (0x0800). 
<p><dl compact><dt><b>-l</b> <i>string</i>, <b>--dlink</b>=<b><i>string</i></b>
<dd>Rewrite Data-Link layer with specified data.
This option may appear up to 2 times.
</dl>
<p>
Provide a series of comma deliminated hex values which will be
used to rewrite or create the Layer 2 header of the packets.
The first instance of this argument will rewrite both server
and client traffic, but if this argument is specified a second
time, it will be used for the client traffic.

<p>Example:
<pre>
    --dlink=01,02,03,04,05,06,00,1A,2B,3C,4D,5E,6F,08,00
<br></pre>
<p><dl compact><dt><b>-r</b> <i>string</i>, <b>--portmap</b>=<b><i>string</i></b>
<dd>Rewrite TCP/UDP ports.
This option may appear up to 1 times.
</dl>
<p>
Specify a list of comma delimited port mappingings consisting of 
colon delimited port number pairs.  Each colon delimited port pair
consists of the port to match followed by the port number to rewrite.

<p>Example:
<pre>
    --portmap=80:8000,8080:80
<br></pre>
<p><dl compact><dt><b>-s</b> <i>number</i>, <b>--seed</b>=<b><i>number</i></b>
<dd>Randomize src/dst IP addresses w/ given seed.
This option may appear up to 1 times.
This option takes an integer number as its argument.
</dl>
<p>
Causes the source and destination IP addresses to be pseudo 
randomized but still maintain client/server relationships.
Since the randomization is deterministic based on the seed, 
you can reuse the same seed value to recreate the traffic.
<p><dl compact><dt><b>-N</b> <i>string</i>, <b>--pnat</b>=<b><i>string</i></b>
<dd>Rewrite IP addresses using pseudo-NAT.
This option may appear up to 2 times.
</dl>
<p>
Takes a comma delimited series of colon delimited CIDR
netblock pairs.  Each netblock pair is evaluated in order against
the IP addresses.  If the IP address in the packet matches the
first netblock, it is rewriten using the second netblock as a
mask against the high order bits.

<p>Example:
<pre>
    --pnat=192.168.0.0/16:10.77.0.0/16,172.16.0.0/12:10.1.0.0/24
<br></pre>
<p><dl compact><dt><b>-e</b> <i>string</i>, <b>--endpoints</b>=<b><i>string</i></b>
<dd>Rewrite IP addresses to be between two endpoints.
This option may appear up to 1 times.
This option must appear in combination with the following options:
cachefile.
</dl>
<p>
Takes a pair of colon delimited IP addresses which will be used to rewrite
all traffic to appear to be between the two IP's.

<p>Example:
<pre>
    --endpoints=172.16.0.1:172.16.0.2
<br></pre>
<p><dl compact><dt><b>-b</b>, <b>--skipbroadcast</b>
<dd>Skip rewriting broadcast/multicast IP's.
</dl>
<p>
By default, --dmac, --smac, --seed, --pnat and --endpoints will rewrite 
broadcast and multicast IP and MAC addresses.	Setting this flag
will keep broadcast/multicast IP and MAC addresses from being rewritten.
<p><dl compact><dt><b>-C</b>, <b>--fixcsum</b>
<dd>Force recalculation of IP/TCP/UDP checksums.
</dl>
<p>
Causes each IP packet to have it's checksums recalcualted and
fixed.  Automatically enabled for packets modified with <b>--seed</b>, 
<b>--pnat</b>, <b>--endpoints</b> or <b>--fixlen</b>.
<p><dl compact><dt><b>-m</b> <i>number</i>, <b>--mtu</b>=<b><i>number</i></b>
<dd>Override default MTU length (1500 bytes).
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of <i>number</i> is constrained to being:
<pre>
in the range  1 through MAXPACKET
<br></pre>
</dl>
<p>
Override the default 1500 byte MTU size for determining the maximum padding length.
<p><dl compact><dt><b>-F</b> <i>string</i>, <b>--fixlen</b>=<b><i>string</i></b>
<dd>Pad or truncate packet data to match header length.
This option may appear up to 1 times.
</dl>
<p>
Packets may be truncated during capture if the snaplen is smaller then the
packet.  This option allows you to modify the packet to pad the packet back
out to the size stored in the IPv4 header or rewrite the IP header total length
to reflect the stored packet length.

<p>
<b>pad</b>
Truncated packets will be padded out so that the packet length matches the 
IPv4 total length

<p>
<b>trunc</b>
Truncated packets will have their IPv4 total length field rewritten to match
the actual packet length

<p>
<b>del</b>
Delete the packet
<p><dl compact><dt><b>-T</b> <i>string</i>, <b>--vlan</b>=<b><i>string</i></b>
<dd>Specify 802.1q VLAN tag mode.
This option may appear up to 1 times.
</dl>
<p>
Allows you to rewrite ethernet frames to add a 802.1q header to standard 802.3
ethernet headers or remove the 802.1q VLAN tag information.

<p>
<b>add</b>
Rewrites the existing 802.3 ethernet header as an 802.1q VLAN header

<p>
<b>del</b>
Rewrites the existing 802.1q VLAN header as an 802.3 ethernet header
<p><dl compact><dt><b>-t</b> <i>number</i>, <b>--vlan-tag</b>=<b><i>number</i></b>
<dd>Specify the new 802.1q VLAN tag value.
This option may appear up to 1 times.
This option must appear in combination with the following options:
vlan.
This option takes an integer number as its argument.
The value of <i>number</i> is constrained to being:
<pre>
in the range  0 through 4095
<br></pre>
</dl>
<p>

<p><p><dl compact><dt><b>-f</b> <i>number</i>, <b>--vlan-cfi</b>=<b><i>number</i></b>
<dd>Specify the 802.1q VLAN CFI value.
This option may appear up to 1 times.
This option must appear in combination with the following options:
vlan.
This option takes an integer number as its argument.
The value of <i>number</i> is constrained to being:
<pre>
in the range  0 through 1
<br></pre>
</dl>
<p>

<p><p><dl compact><dt><b>-p</b> <i>number</i>, <b>--vlan-pri</b>=<b><i>number</i></b>
<dd>Specify the 802.1q VLAN priority.
This option may appear up to 1 times.
This option must appear in combination with the following options:
vlan.
This option takes an integer number as its argument.
The value of <i>number</i> is constrained to being:
<pre>
in the range  0 through 7
<br></pre>
</dl>
<p>

<p><p><dl compact><dt><b>-L</b> <i>number</i>, <b>--dlt</b>=<b><i>number</i></b>
<dd>Change DLT type for output pcap file.
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of <i>number</i> is constrained to being:
<pre>
in the range  0 through 65535
<br></pre>
</dl>
<p>
By default, tcprewrite uses the same DLT (data link type) for the 
output pcap as the input pcap.  However, if you are changing the 
Layer 2 data with --dlink, then you probably also want to change the
DLT type stored in the pcap.  Common DLT types are:

<p>
<b>0</b>
No Layer 2 header (DLT_NULL)

<p>
<b>1</b>
Ethernet (DLT_EN10MB)

<p>
<b>10</b>
FDDI (DLT_FDDI)

<p>
<b>12</b>
BSD Raw header (DLT_RAW)

<p>
<b>104</b>
Cisco HDLC (DLT_C_HDLC)

<p>
<b>113</b>
Linux SLL pseudo-header (DLT_LINUX_SLL)

<p>For a full list of DLT types, see: src/common/dlt_names.h

<p><p><dl compact><dt><b>-d</b> <i>number</i>, <b>--dbug</b>=<b><i>number</i></b>
<dd>Enable debugging output.
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of <i>number</i> is constrained to being:
<pre>
in the range  0 through 5
<br></pre>
The default <i>number</i> for this option is:
</dl><br>
 0

<p>
If configured with --enable-debug, then you can specify a verbosity 
level for debugging output.  Higher numbers increase verbosity.
<p><dl compact><dt><b>-i</b> <i>string</i>, <b>--infile</b>=<b><i>string</i></b>
<dd>Input pcap file to be processed.
This option may appear up to 1 times.
</dl>
<p>

<p><p><dl compact><dt><b>-o</b> <i>string</i>, <b>--outfile</b>=<b><i>string</i></b>
<dd>Output pcap file.
This option may appear up to 1 times.
</dl>
<p>

<p><p><dl compact><dt><b>-c</b> <i>string</i>, <b>--cachefile</b>=<b><i>string</i></b>
<dd>Split traffic via tcpprep cache file.
This option may appear up to 1 times.
</dl>
<p>
Use tcpprep cache file to split traffic based upon client/server relationships.
<p><dl compact><dt><b>-v</b>, <b>--verbose</b>
<dd>Print decoded packets via tcpdump to STDOUT.
This option may appear up to 1 times.
</dl>
<p>

<p><p><dl compact><dt><b>-A</b> <i>string</i>, <b>--decode</b>=<b><i>string</i></b>
<dd>Arguments passed to tcpdump decoder.
This option may appear up to 1 times.
This option must appear in combination with the following options:
verbose.
</dl>
<p>
When enabling verbose mode (<b>-v</b>) you may also specify one or
more additional arguments to pass to <b>tcpdump</b> to modify
the way packets are decoded.  By default, -n and -l are used.
Be sure to quote the arguments so that they are not interpreted
by tcprewrite.  The following arguments are valid:
    [ -aAeNqRStuvxX ]
    [ -E spi@ipaddr algo:secret,... ]
    [ -s snaplen ]
<p><dl compact><dt><b>-V</b>, <b>--version</b>
<dd>Print version information.
</dl>
<p>

<p><p><dl compact><dt><b>-h</b>, <b>--less-help</b>
<dd>Display less usage information and exit.
</dl>
<p>

<p><p><dl compact><dt><b>-H</b>,<b> --help</b>
<dd>Display usage information and exit.
<dt><b>-!</b>,<b> --more-help</b>
<dd>Extended usage information passed thru pager.
<dt><b>-</b> [<i>rcfile</i>],<b> --save-opts</b>[=<i>rcfile</i>]
<dd>Save the option state to <i>rcfile</i>.  The default is the <i>last</i>
configuration file listed in the <b>OPTION PRESETS</b> section, below.
<dt><b>-</b> <i>rcfile</i>,<b> --load-opts</b>=<i>rcfile</i>,<b> --no-load-opts</b>
<dd>Load options from <i>rcfile</i>.
The <i>no-load-opts</i> form will disable the loading
of earlier RC/INI files.  <i>--no-load-opts</i> is handled early,
out of order.
</dl>
</ul><H2>OPTION PRESETS </H2><ul>

Any option that is not marked as <i>not presettable</i> may be preset
by loading values from configuration ("RC" or ".INI") file(s).
The <i>homerc</i> file is "<i>$$/</i>", unless that is a directory.
In that case, the file "<i>.tcprewriterc</i>"
is searched for within that directory.

</ul><H2>SEE ALSO </H2><ul>

tcpdump(1), tcpprep(1), tcpreplay(1)

</ul><H2>AUTHOR </H2><ul>

Copyright 2004-2005 Aaron Turner

<p>For support please use the tcpreplay-users@lists.sourceforge.net mailing list.

<p>
Released under the Free BSD License.

<p>
This manual page was <i>AutoGen</i>-erated from the <b>tcprewrite</b>
option definitions.
</ul>
<!--#exec cmd="trailer" -->