tcpreplay/src/tcprewrite.1

.de1 NOP
.  it 1 an-trap
.  if \\n[.$] \,\\$*\/
..
.ie t \
.ds B-Font [CB]
.ds I-Font [CI]
.ds R-Font [CR]
.el \
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH tcprewrite 1 "12 Jul 2024" "tcprewrite" "User Commands"
.\"
.\" DO NOT EDIT THIS FILE (in-mem file)
.\"
.\" It has been AutoGen-ed
.\" From the definitions ../../src/tcprewrite_opts.def
.\" and the template file agman-cmd.tpl
.SH NAME
\f\*[B-Font]tcprewrite\fP
\- Rewrite the packets in a pcap file.
.SH SYNOPSIS
\f\*[B-Font]tcprewrite\fP
.\" Mixture of short (flag) options and long options
[\f\*[B-Font]\-flags\f[]]
[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
.sp \n(Ppu
.ne 2

All arguments must be options.
.sp \n(Ppu
.ne 2

.SH "DESCRIPTION"
Tcprewrite is a tool to rewrite packets stored in \fIpcap(3)\fP file format,
such as created by tools such as \fItcpdump(1)\fP and \fIwireshark(1)\fP.
Once a pcap file has had it's packets rewritten, they can be replayed back
out on the network using \fItcpreplay(1)\fP.
.sp
tcprewrite currently supports reading the following DLT types:
.sp 1
\fBDLT_C_HDLC\fP aka Cisco HDLC
.sp 1
\fBDLT_EN10MB\fP aka Ethernet
.sp 1
\fBDLT_LINUX_SLL\fP aka Linux Cooked Socket
.sp 1
\fBDLT_LINUX_SLL2\fP aka Linux Cooked Socket v2
.sp 1
\fBDLT_RAW\fP aka RAW IP
.sp 1
\fBDLT_NULL\fP aka BSD Loopback
.sp 1
\fBDLT_LOOP\fP aka OpenBSD Loopback
.sp 1
\fBDLT_IEEE802_11\fP aka 802.11a/b/g
.sp 1
\fBDLT_IEEE802_11_RADIO\fP aka 802.11a/b/g with Radiotap headers
.sp 1
\fBDLT_JUNIPER_ETHER\fP aka Juniper Encapsulated Ethernet
.sp 1
\fBDLT_PPP_SERIAL\fP aka PPP over Serial
.sp
Please see the \--dlt option for supported DLT types for writing.
.sp
The packet editing features of tcprewrite which distinguish between "client"
and "server" traffic requires a tcpprep(1) cache file.
.sp
For more details, please see the Tcpreplay Manual at:
http://tcpreplay.appneta.com
.SH "OPTIONS"
.SS ""
.TP
.NOP \f\*[B-Font]\-r\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-portmap\f[]=\f\*[I-Font]string\f[]
Rewrite TCP/UDP ports.
This option may appear up to 9999 times.
.sp
Specify a list of comma delimited port mappings consisting of
colon delimited port number pairs.  Each colon delimited port pair
consists of the port to match followed by the port number to rewrite.
.sp
Examples:
.nf
    \--portmap=80:8000 \--portmap=8080:80    # 80->8000 and 8080->80
    \--portmap=8000,8080,88888:80           # 3 different ports become 80
    \--portmap=8000-8999:80                 # ports 8000 to 8999 become 80
.fi
.TP
.NOP \f\*[B-Font]\-s\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-seed\f[]=\f\*[I-Font]number\f[]
Randomize src/dst IPv4/v6 addresses w/ given seed.
This option may appear up to 1 times.
This option must not appear in combination with any of the following options:
fuzz-seed.
This option takes an integer number as its argument.
.sp
Causes the source and destination IPv4/v6 addresses to be pseudo
randomized but still maintain client/server relationships.
Since the randomization is deterministic based on the seed,
you can reuse the same seed value to recreate the traffic.
.TP
.NOP \f\*[B-Font]\-N\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-pnat\f[]=\f\*[I-Font]string\f[]
Rewrite IPv4/v6 addresses using pseudo-NAT.
This option may appear up to 2 times.
This option must not appear in combination with any of the following options:
srcipmap.
.sp
Takes a comma delimited series of colon delimited CIDR
netblock pairs.  Each netblock pair is evaluated in order against
the IP addresses.  If the IP address in the packet matches the
first netblock, it is rewritten using the second netblock as a
mask against the high order bits.
.sp
IPv4 Example:
.nf
    \--pnat=192.168.0.0/16:10.77.0.0/16,172.16.0.0/12:10.1.0.0/24
.fi
IPv6 Example:
.nf
    \--pnat=[2001:db8::/32]:[dead::/16],[2001:db8::/32]:[::ffff:0:0/96]
.fi
.TP
.NOP \f\*[B-Font]\-S\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-srcipmap\f[]=\f\*[I-Font]string\f[]
Rewrite source IPv4/v6 addresses using pseudo-NAT.
This option may appear up to 1 times.
This option must not appear in combination with any of the following options:
pnat.
.sp
Works just like the \--pnat option, but only affects the source IP
addresses in the IPv4/v6 header.
.TP
.NOP \f\*[B-Font]\-D\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-dstipmap\f[]=\f\*[I-Font]string\f[]
Rewrite destination IPv4/v6 addresses using pseudo-NAT.
This option may appear up to 1 times.
This option must not appear in combination with any of the following options:
pnat.
.sp
Works just like the \--pnat option, but only affects the destination IP
addresses in the IPv4/v6 header.
.TP
.NOP \f\*[B-Font]\-e\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-endpoints\f[]=\f\*[I-Font]string\f[]
Rewrite IP addresses to be between two endpoints.
This option may appear up to 1 times.
This option must appear in combination with the following options:
cachefile.
.sp
Takes a pair of colon delimited IPv4/v6 addresses which will be used to rewrite
all traffic to appear to be between the two IP addresses.
.sp
IPv4 Example:
.nf
    \--endpoints=172.16.0.1:172.16.0.2
.fi
IPv6 Example:
.nf
    \--endpoints=[2001:db8::dead:beef]:[::ffff:0:0:ac:f:0:2]
.fi
.TP
.NOP \f\*[B-Font]\-\-tcp\-sequence\f[]=\f\*[I-Font]number\f[]
Change TCP Sequence (and ACK) numbers /w given seed.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
greater than or equal to 1
.fi
.in -4
The default
\f\*[I-Font]number\f[]
for this option is:
.ti +4
 0
.sp
Change all TCP sequence numbers, and related sequence-acknowledgement numbers.
They will be shifted by a random amount based on the provided seed.
.TP
.NOP \f\*[B-Font]\-b\f[], \f\*[B-Font]\-\-skipbroadcast\f[]
Skip rewriting broadcast/multicast IPv4/v6 addresses.
.sp
By default \--seed, \--pnat and \--endpoints will rewrite
broadcast and multicast IPv4/v6 and MAC addresses.	Setting this flag
will keep broadcast/multicast IPv4/v6 and MAC addresses from being rewritten.
.TP
.NOP \f\*[B-Font]\-C\f[], \f\*[B-Font]\-\-fixcsum\f[]
Force recalculation of IPv4/TCP/UDP header checksums.
.sp
Causes each IPv4/v6 packet to have their checksums recalculated and
fixed.  Automatically enabled for packets modified with \fB--seed\fP,
\fB--pnat\fP, \fB--endpoints\fP or \fB--fixlen\fP.
.TP
.NOP \f\*[B-Font]\-\-fixhdrlen\f[]
Alter IP/TCP header len to match packet length.
.sp
By default, tcpreplay will send packets with the original packet length,
However, you may want the packet length revised to minimum packet size.
Using this option, tcpreplay will rewrite (fix) the packet length,
and recalculate checksums when packet length changes.
Caution: undesired packet changes may occur when this option is specified.
.TP
.NOP \f\*[B-Font]\-m\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-mtu\f[]=\f\*[I-Font]number\f[]
Override default MTU length (1500 bytes).
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  1 through MAX_SNAPLEN
.fi
.in -4
.sp
Override the default 1500 byte MTU size for determining the maximum padding length
(--fixlen=pad) or when truncating (--mtu-trunc).
.TP
.NOP \f\*[B-Font]\-\-mtu\-trunc\f[]
Truncate packets larger then specified MTU.
This option may appear up to 1 times.
.sp
Similar to \--fixlen, this option will truncate data in packets from Layer 3 and above to be
no larger then the MTU.
.TP
.NOP \f\*[B-Font]\-E\f[], \f\*[B-Font]\-\-efcs\f[]
Remove Ethernet checksums (FCS) from end of frames.
.sp
Note, this option is pretty dangerous!  We do not actually check to see if a FCS
actually exists in the frame, we just blindly delete the last 4 bytes.  Hence,
you should only use this if you know know that your OS provides the FCS when
reading raw packets.
.TP
.NOP \f\*[B-Font]\-\-ttl\f[]=\f\*[I-Font]string\f[]
Modify the IPv4/v6 TTL/Hop Limit.
.sp
Allows you to modify the TTL/Hop Limit of all the IPv4/v6 packets.  Specify a number to hard-code
the value or +/-value to increase or decrease by the value provided (limited to 1-255).
.sp
Examples:
.nf
    \--ttl=10
    \--ttl=+7
    \--ttl=-64
.fi
.TP
.NOP \f\*[B-Font]\-\-tos\f[]=\f\*[I-Font]number\f[]
Set the IPv4 TOS/DiffServ/ECN byte.
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  0 through 255
.fi
.in -4
.sp
Allows you to override the TOS (also known as DiffServ/ECN) value in IPv4.
.TP
.NOP \f\*[B-Font]\-\-tclass\f[]=\f\*[I-Font]number\f[]
Set the IPv6 Traffic Class byte.
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  0 through 255
.fi
.in -4
.sp
Allows you to override the IPv6 Traffic Class field.
.TP
.NOP \f\*[B-Font]\-\-flowlabel\f[]=\f\*[I-Font]number\f[]
Set the IPv6 Flow Label.
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  0 through 1048575
.fi
.in -4
.sp
Allows you to override the 20bit IPv6 Flow Label field.  Has no effect on IPv4
packets.
.TP
.NOP \f\*[B-Font]\-F\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-fixlen\f[]=\f\*[I-Font]string\f[]
Pad or truncate packet data to match header length.
This option may appear up to 1 times.
.sp
Packets may be truncated during capture if the snaplen is smaller then the
packet.  This option allows you to modify the packet to pad the packet back
out to the size stored in the IPv4/v6 header or rewrite the IP header total length
to reflect the stored packet length.
.sp 1
\fBpad\fP
Truncated packets will be padded out so that the packet length matches the
IPv4 total length
.sp 1
\fBtrunc\fP
Truncated packets will have their IPv4 total length field rewritten to match
the actual packet length
.sp 1
\fBdel\fP
Delete the packet
.TP
.NOP \f\*[B-Font]\-\-fuzz\-seed\f[]=\f\*[I-Font]number\f[]
Fuzz 1 in X packets. Edit bytes, length, or emulate packet drop.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
greater than or equal to 0
.fi
.in -4
The default
\f\*[I-Font]number\f[]
for this option is:
.ti +4
 0
.sp
This fuzzing was designed as to test layer 7 protocols such as voip protocols.
It modifies randomly 1 out of X packets (where X = \fB--fuzz-factor\fP) in order
for stateful protocols to cover more of their code.  The random fuzzing actions
focus on data start and end because it often is the part of the data application
protocols base their decisions on.
.sp
Possible fuzzing actions list:
 * drop packet
 * reduce packet size
 * edit packet Bytes:
   * Not all Bytes have the same probability of appearance in real life.
     Replace with 0x00, 0xFF, or a random byte with equal likelihood.
   * Not all Bytes have the same significance in a packet.
     Replace the start, the end, or the middle of the packet with equal likelihood.
 * do nothing (7 out of 8 packets)
.TP
.NOP \f\*[B-Font]\-\-fuzz\-factor\f[]=\f\*[I-Font]number\f[]
Set the Fuzz 1 in X packet ratio (default 1 in 8 packets).
This option must appear in combination with the following options:
fuzz-seed.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
greater than or equal to 1
.fi
.in -4
The default
\f\*[I-Font]number\f[]
for this option is:
.ti +4
 8
.sp
Sets the ratio of for \fB--fuzz-seed\fP option. By default this value is 8,
which means 1 in 8 packets are modified by fuzzing. Note that this ratio is
based on the random number generated by the supplied fuzz seed. Therefore by
default you cannot expect that exactly every eighth packet will be modified.
.TP
.NOP \f\*[B-Font]\-\-skipl2broadcast\f[]
Skip rewriting broadcast/multicast Layer 2 addresses.
.sp
By default, editing Layer 2 addresses will rewrite 
broadcast and multicast MAC addresses.	Setting this flag
will keep broadcast/multicast MAC addresses from being rewritten.
.TP
.NOP \f\*[B-Font]\-\-dlt\f[]=\f\*[I-Font]string\f[]
Override output DLT encapsulation.
This option may appear up to 1 times.
.sp
By default, no DLT (data link type) conversion will be made.  
To change the DLT type of the output pcap, select one of the following values:
.sp 1
\fBenet\fP
Ethernet aka DLT_EN10MB
.sp 1
\fBhdlc\fP
Cisco HDLC aka DLT_C_HDLC
.sp 1
\fBjnpr_eth\fP
Juniper Ethernet DLT_C_JNPR_ETHER
.sp 1
\fBpppserial\fP
PPP Serial aka DLT_PPP_SERIAL
.sp 1
\fBuser\fP
User specified Layer 2 header and DLT type
.br
.TP
.NOP \f\*[B-Font]\-\-enet\-dmac\f[]=\f\*[I-Font]string\f[]
Override destination ethernet MAC addresses.
This option may appear up to 1 times.
.sp
Takes a pair of comma deliminated ethernet MAC addresses which
will replace the destination MAC address of outbound packets.
The first MAC address will be used for the server to client traffic
and the optional second MAC address will be used for the client
to server traffic.
.sp
Example:
.nf
    \--enet-dmac=00:12:13:14:15:16,00:22:33:44:55:66
.fi
.TP
.NOP \f\*[B-Font]\-\-enet\-smac\f[]=\f\*[I-Font]string\f[]
Override source ethernet MAC addresses.
This option may appear up to 1 times.
.sp
Takes a pair of comma deliminated ethernet MAC addresses which
will replace the source MAC address of outbound packets.
The first MAC address will be used for the server to client traffic
and the optional second MAC address will be used for the client 
to server traffic.
.sp
Example:
.nf
    \--enet-smac=00:12:13:14:15:16,00:22:33:44:55:66
.fi
.TP
.NOP \f\*[B-Font]\-\-enet\-subsmac\f[]=\f\*[I-Font]string\f[]
Substitute MAC addresses.
This option may appear up to 9999 times.
.sp
Allows you to rewrite ethernet MAC addresses of packets. It takes
comma delimited pair or MACs address and rewrites all occurrences of
the first MAC with the value of the second MAC.
Example:
.nf
    \--enet-subsmac=00:12:13:14:15:16,00:22:33:44:55:66
.fi
.TP
.NOP \f\*[B-Font]\-\-enet\-mac\-seed\f[]=\f\*[I-Font]number\f[]
Randomize MAC addresses.
This option may appear up to 1 times.
This option must not appear in combination with any of the following options:
enet-smac, enet-dmac, enet-subsmac.
This option takes an integer number as its argument.
.sp
Allows you to randomize ethernet MAC addresses of packets, mostly
like what \fB--seed\fP option does for IPv4/IPv6 addresses.
.TP
.NOP \f\*[B-Font]\-\-enet\-mac\-seed\-keep\-bytes\f[]=\f\*[I-Font]number\f[]
Randomize MAC addresses.
This option may appear up to 1 times.
This option must appear in combination with the following options:
enet-mac-seed.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  1 through 6
.fi
.in -4
.sp
Keep some bytes untouched when usinging \fB--enet-mac-seed\fP option.
.TP
.NOP \f\*[B-Font]\-\-enet\-vlan\f[]=\f\*[I-Font]string\f[]
Specify ethernet 802.1q VLAN tag mode.
This option may appear up to 1 times.
.sp
Allows you to rewrite ethernet frames to add a 802.1q header to standard 802.3
ethernet headers or remove the 802.1q VLAN tag information.
.sp 1
\fBadd\fP
Adds an 802.1q VLAN header to the existing 802.3 ethernet header. If
a VLAN header already exists, a new VLAN header is added outside of the
existing header.
.sp
Note that you will be allowed to run this option multiple times to create
more than 2 VLAN headers, however those packets will be valid. At most
you should have 2 X 802.1q VLAN tags, or outer an 802.1ad and an inner 802.1q
VLAN tag.
.sp 1
\fBdel\fP
Rewrites the existing 802.1q VLAN header as an 802.3 ethernet header
.TP
.NOP \f\*[B-Font]\-\-enet\-vlan\-tag\f[]=\f\*[I-Font]number\f[]
Specify the new ethernet 802.1q VLAN tag value.
This option may appear up to 1 times.
This option must appear in combination with the following options:
enet-vlan.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  0 through 4095
.fi
.in -4
.sp
.TP
.NOP \f\*[B-Font]\-\-enet\-vlan\-cfi\f[]=\f\*[I-Font]number\f[]
Specify the ethernet 802.1q VLAN CFI value.
This option may appear up to 1 times.
This option must appear in combination with the following options:
enet-vlan.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  0 through 1
.fi
.in -4
.sp
.TP
.NOP \f\*[B-Font]\-\-enet\-vlan\-pri\f[]=\f\*[I-Font]number\f[]
Specify the ethernet 802.1q VLAN priority.
This option may appear up to 1 times.
This option must appear in combination with the following options:
enet-vlan.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  0 through 7
.fi
.in -4
.sp
.TP
.NOP \f\*[B-Font]\-\-enet\-vlan\-proto\f[]=\f\*[I-Font]string\f[]
Specify VLAN tag protocol 802.1q or 802.1ad.
This option may appear up to 1 times.
.sp
Allows you to specify the protocol of the added VLAN tags.
.sp 1
\fB802.1q\fP
Specifies that 802.1q VLAN headers are to be added. This is the default.
.sp 1
\fB802.1ad\fP
Specifies that 802.1ad Q-in-Q VLAN headers are to be added. To make valid packets,
input packets must already have 802.1q VLAN headers.
.TP
.NOP \f\*[B-Font]\-\-hdlc\-control\f[]=\f\*[I-Font]number\f[]
Specify HDLC control value.
This option may appear up to 1 times.
This option takes an integer number as its argument.
.sp
The Cisco HDLC header has a 1 byte "control" field.  Apparently this should 
always be 0, but if you can use any 1 byte value.
.TP
.NOP \f\*[B-Font]\-\-hdlc\-address\f[]=\f\*[I-Font]number\f[]
Specify HDLC address.
This option may appear up to 1 times.
This option takes an integer number as its argument.
.sp
The Cisco HDLC header has a 1 byte "address" field which has two valid 
values:
.sp 1
\fB0x0F\fP
Unicast
.sp 1
\fB0xBF\fP
Broadcast
.br
You can however specify any single byte value.
.TP
.NOP \f\*[B-Font]\-\-user\-dlt\f[]=\f\*[I-Font]number\f[]
Set output file DLT type.
This option may appear up to 1 times.
This option takes an integer number as its argument.
.sp
Set the DLT value of the output pcap file.
.TP
.NOP \f\*[B-Font]\-\-user\-dlink\f[]=\f\*[I-Font]string\f[]
Rewrite Data-Link layer with user specified data.
This option may appear up to 2 times.
.sp
Provide a series of comma deliminated hex values which will be
used to rewrite or create the Layer 2 header of the packets.
The first instance of this argument will rewrite both server
and client traffic, but if this argument is specified a second
time, it will be used for the client traffic.
.sp
Example:
.nf
    \--user-dlink=01,02,03,04,05,06,00,1A,2B,3C,4D,5E,6F,08,00
.fi
.TP
.NOP \f\*[B-Font]\-d\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-dbug\f[]=\f\*[I-Font]number\f[]
Enable debugging output.
This option may appear up to 1 times.
This option takes an integer number as its argument.
The value of
\f\*[I-Font]number\f[]
is constrained to being:
.in +4
.nf
.na
in the range  0 through 5
.fi
.in -4
The default
\f\*[I-Font]number\f[]
for this option is:
.ti +4
 0
.sp
If configured with \--enable-debug, then you can specify a verbosity 
level for debugging output.  Higher numbers increase verbosity.
.TP
.NOP \f\*[B-Font]\-i\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-infile\f[]=\f\*[I-Font]string\f[]
Input pcap file to be processed.
This option may appear up to 1 times.
.sp
.TP
.NOP \f\*[B-Font]\-o\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-outfile\f[]=\f\*[I-Font]string\f[]
Output pcap file.
This option may appear up to 1 times.
.sp
.TP
.NOP \f\*[B-Font]\-c\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-cachefile\f[]=\f\*[I-Font]string\f[]
Split traffic via tcpprep cache file.
This option may appear up to 1 times.
.sp
Use tcpprep cache file to split traffic based upon client/server relationships.
.TP
.NOP \f\*[B-Font]\-v\f[], \f\*[B-Font]\-\-verbose\f[]
Print decoded packets via tcpdump to STDOUT.
This option may appear up to 1 times.
.sp
.TP
.NOP \f\*[B-Font]\-A\f[] \f\*[I-Font]string\f[], \f\*[B-Font]\-\-decode\f[]=\f\*[I-Font]string\f[]
Arguments passed to tcpdump decoder.
This option may appear up to 1 times.
This option must appear in combination with the following options:
verbose.
.sp
When enabling verbose mode (\fB-v\fP) you may also specify one or
more additional arguments to pass to \fBtcpdump\fP to modify
the way packets are decoded.  By default, \-n and \-l are used.
Be sure to quote the arguments so that they are not interpreted
by tcprewrite.   Please see the tcpdump(1) man page for a complete list of
options.
.TP
.NOP \f\*[B-Font]\-\-fragroute\f[]=\f\*[I-Font]string\f[]
Parse fragroute configuration file.
This option may appear up to 1 times.
.sp
Enable advanced evasion techniques using the built-in fragroute(8)
engine.  See the fragroute(8) man page for more details.  Important:
tcprewrite does not support the delay, echo or print commands.
.TP
.NOP \f\*[B-Font]\-\-fragdir\f[]=\f\*[I-Font]string\f[]
Which flows to apply fragroute to: c2s, s2c, both.
This option may appear up to 1 times.
This option must appear in combination with the following options:
cachefile.
.sp
Apply the fragroute engine to packets going c2s, s2c or both when
using a cache file.
.TP
.NOP \f\*[B-Font]\-\-skip\-soft\-errors\f[]
Skip writing packets with soft errors.
This option may appear up to 1 times.
.sp
In some cases, packets can not be decoded or the requested editing
is not possible.  Normally these packets are written to the output
file unedited so that tcpprep cache files can still be used, but if
you wish, these packets can be suppressed.
.sp
One example of this is 802.11 management frames which contain no data.
.TP
.NOP \f\*[B-Font]\-V\f[], \f\*[B-Font]\-\-version\f[]
Print version information.
.sp
.TP
.NOP \f\*[B-Font]\-h\f[], \f\*[B-Font]\-\-less\-help\f[]
Display less usage information and exit.
.sp
.TP
.NOP \f\*[B-Font]\-w\f[], \f\*[B-Font]\-\-suppress\-warnings\f[]
suppress printing warning messages.
.sp
.TP
.NOP \f\*[B-Font]\-H\f[], \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
.TP
.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
Pass the extended usage information through a pager.
.TP
.NOP \f\*[B-Font]\-\-save-opts\f[] [=\f\*[I-Font]cfgfile\f[]]
Save the option state to \fIcfgfile\fP.  The default is the \fIlast\fP
configuration file listed in the \fBOPTION PRESETS\fP section, below.
The command will exit after updating the config file.
.TP
.NOP \f\*[B-Font]\-\-load-opts\f[]=\f\*[I-Font]cfgfile\f[], \f\*[B-Font]\-\-no-load-opts\f[]
Load options from \fIcfgfile\fP.
The \fIno-load-opts\fP form will disable the loading
of earlier config/rc/ini files.  \fI\-\-no-load-opts\fP is handled early,
out of order.
.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from configuration ("RC" or ".INI") file(s).
The \fIhomerc\fP file is "\fI$$/\fP", unless that is a directory.
In that case, the file "\fI.tcprewriterc\fP"
is searched for within that directory.
.SH "FILES"
See \fBOPTION PRESETS\fP for configuration files.
.SH "EXIT STATUS"
One of the following exit values will be returned:
.TP
.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
.TP
.NOP 1 " (EXIT_FAILURE)"
The operation failed or the command syntax was not valid.
.TP
.NOP 66 " (EX_NOINPUT)"
A specified configuration file could not be loaded.
.TP
.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error.  Please report
it to autogen-users@lists.sourceforge.net.  Thank you.
.PP
.SH "AUTHORS"
Copyright 2013-2024 Fred Klassen \- AppNeta
Copyright 2000-2012 Aaron Turner
For support please use the tcpreplay-users@lists.sourceforge.net mailing list.
The latest version of this software is always available from:
http://tcpreplay.appneta.com/
.SH "COPYRIGHT"
Copyright (C) 2000-2024 Aaron Turner and Fred Klassen all rights reserved.
This program is released under the terms of the GNU General Public License, version 3 or later.
.SH "BUGS"
Please send bug reports to: tcpreplay-users@lists.sourceforge.net
.SH "NOTES"
This manual page was \fIAutoGen\fP-erated from the \fBtcprewrite\fP
option definitions.