123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364 |
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
- <!--Converted with LaTeX2HTML 2002-2 (1.70)
- original version by: Nikos Drakos, CBLU, University of Leeds
- * revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
- * with significant contributions from:
- Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
- <HTML>
- <HEAD>
- <TITLE>1 General Info</TITLE>
- <META NAME="description" CONTENT="1 General Info">
- <META NAME="keywords" CONTENT="FAQ">
- <META NAME="resource-type" CONTENT="document">
- <META NAME="distribution" CONTENT="global">
- <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
- <META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
- <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
- <LINK REL="STYLESHEET" HREF="FAQ.css">
- <LINK REL="next" HREF="node3.html">
- <LINK REL="previous" HREF="node1.html">
- <LINK REL="up" HREF="FAQ.html">
- <LINK REL="next" HREF="node3.html">
- </HEAD>
- <BODY >
- <DIV CLASS="navigation"><!--Navigation Panel-->
- <A NAME="tex2html134"
- HREF="node3.html">
- <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
- <A NAME="tex2html130"
- HREF="FAQ.html">
- <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
- <A NAME="tex2html124"
- HREF="node1.html">
- <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
- <A NAME="tex2html132"
- HREF="node1.html">
- <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
- <BR>
- <B> Next:</B> <A NAME="tex2html135"
- HREF="node3.html">2 Bugs, Feature Requests,</A>
- <B> Up:</B> <A NAME="tex2html131"
- HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
- <B> Previous:</B> <A NAME="tex2html125"
- HREF="node1.html">Contents</A>
- <B> <A NAME="tex2html133"
- HREF="node1.html">Contents</A></B>
- <BR>
- <BR></DIV>
- <!--End of Navigation Panel-->
- <!--Table of Child-Links-->
- <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
- <UL CLASS="ChildLinks">
- <LI><A NAME="tex2html136"
- HREF="node2.html#SECTION00021000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">1</SPAN> What is this FAQ for?</A>
- <LI><A NAME="tex2html137"
- HREF="node2.html#SECTION00022000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">2</SPAN> What tools come with tcpreplay?</A>
- <LI><A NAME="tex2html138"
- HREF="node2.html#SECTION00023000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">3</SPAN> What tools no longer come with Tcpreplay?</A>
- <LI><A NAME="tex2html139"
- HREF="node2.html#SECTION00024000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">4</SPAN> How can I get tcpreplay's source?</A>
- <LI><A NAME="tex2html140"
- HREF="node2.html#SECTION00025000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">5</SPAN> What requirements does tcpreplay have?</A>
- <LI><A NAME="tex2html141"
- HREF="node2.html#SECTION00026000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">6</SPAN> Are there binaries available?</A>
- <LI><A NAME="tex2html142"
- HREF="node2.html#SECTION00027000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">7</SPAN> Is there a Microsoft Windows port?</A>
- <LI><A NAME="tex2html143"
- HREF="node2.html#SECTION00028000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">8</SPAN> How is tcpreplay licensed?</A>
- <LI><A NAME="tex2html144"
- HREF="node2.html#SECTION00029000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">9</SPAN> What is tcpreplay?</A>
- <LI><A NAME="tex2html145"
- HREF="node2.html#SECTION000210000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">10</SPAN> What are some uses for tcpreplay?</A>
- <LI><A NAME="tex2html146"
- HREF="node2.html#SECTION000211000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">11</SPAN> What are some uses for flowreplay?</A>
- <LI><A NAME="tex2html147"
- HREF="node2.html#SECTION000212000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">12</SPAN> What is the history of tcpreplay?</A>
- </UL>
- <!--End of Table of Child-Links-->
- <HR>
- <H1><A NAME="SECTION00020000000000000000">
- <SPAN CLASS="arabic">1</SPAN> General Info</A>
- </H1>
- <P>
- <H2><A NAME="SECTION00021000000000000000">
- <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">1</SPAN> What is this FAQ for?</A>
- </H2>
- <P>
- Tcpreplay is a suite of powerful tools, but with that power comes
- complexity. While I have done my best to write good man pages for
- tcpreplay and it's associated utilities, I understand that many people
- may want more information then I can provide in the man pages. Additionally,
- this FAQ attempts to cover material which I feel will be of use to
- people using tcpreplay, as well as common questions that occur on
- the Tcpreplay-Users <tcpreplay-users@lists.sourceforge.net> mailing
- list.
- <P>
- <H2><A NAME="SECTION00022000000000000000">
- <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">2</SPAN> What tools come with tcpreplay?</A>
- </H2>
- <P>
- <UL>
- <LI>tcpreplay - replay ethernet packets stored in a pcap file as they
- were captured
- </LI>
- <LI>tcprewrite - edit packets stored in a pcap file
- </LI>
- <LI>tcpprep - a pcap pre-processor for tcpreplay
- </LI>
- <LI>flowreplay<A NAME="tex2html1"
- HREF="#foot153"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A> - connects to a server(s) and replays the client side of the connection
- stored in a pcap file
- </LI>
- </UL>
- <P>
- <H2><A NAME="SECTION00023000000000000000">
- <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">3</SPAN> What tools no longer come with Tcpreplay?</A>
- </H2>
- <P>
- Recently, other people and projects have developed better versions
- of two applications that shipped with tcpreplay 2.x:
- <P>
- <UL>
- <LI>pcapmerge - merges two or more pcap files into one. Ethereal now ships
- with a more powerful appliation called 'mergecap'.
- </LI>
- <LI>capinfo - displays basic information about a pcap file. Ethereal now
- ships with a more powerful application of the same name.
- </LI>
- </UL>
- <P>
- <H2><A NAME="SECTION00024000000000000000">
- <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">4</SPAN> How can I get tcpreplay's source?</A>
- </H2>
- <P>
- The source code is available in tarball format on the tcpreplay homepage:
- http://tcpreplay.sourceforge.net/ I also encourage users familiar
- with Subversion to try checking out the latest code as it often has
- additional features and bugfixes not found in the tarballs.
- <P>
- svn checkout https://www.synfin.net/svn/tcpreplay/trunk tcpreplay
- <P>
- <H2><A NAME="SECTION00025000000000000000">
- <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">5</SPAN> What requirements does tcpreplay have?</A>
- </H2>
- <P>
- <OL>
- <LI>You'll need recent versions of the libnet<A NAME="tex2html2"
- HREF="#foot38"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A> and libpcap<A NAME="tex2html3"
- HREF="#foot39"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A> libraries.
- </LI>
- <LI>To support the packet decoding feature you'll need tcpdump<A NAME="tex2html4"
- HREF="#foot40"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A> installed.
- </LI>
- <LI>You'll also need a compatible operating system. Basically, any UNIX-like
- or UNIX-based operating system should work. Linux, *BSD, Solaris,
- OS X and others should all work. If you find any compatibility issues
- with any UNIX-like/based OS, please let me know.
- </LI>
- </OL>
- <P>
- <H2><A NAME="SECTION00026000000000000000">
- <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">6</SPAN> Are there binaries available?</A>
- </H2>
- <P>
- The tcpreplay project does not maintain binaries for any platforms.
- However some operating systems such as Debian GNU/Linux (apt-get)
- and OS X (fink) have packages available. Try searching on Google.
- <P>
- <H2><A NAME="SECTION00027000000000000000">
- <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">7</SPAN> Is there a Microsoft Windows port?</A>
- </H2>
- <P>
- Not really. We had one user port the code over for an old version
- of tcpreplay to Windows. Now we're looking for someone to help merge
- and maintain the code in to the main development tree. If you're interested
- in helping with this please contact Aaron Turner or the tcpreplay-users
- list. Other then that, you can download the tcpreplay-win32.zip file
- from the website and give it a go. Please understand that the Win32
- port of tcpreplay comes with no support whatsoever, so if you run
- into a problem you're on your own.
- <P>
- <H2><A NAME="SECTION00028000000000000000">
- <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">8</SPAN> How is tcpreplay licensed?</A>
- </H2>
- <P>
- Tcpreplay is licensed under a three clause BSD-style license. For
- details see the docs/LICENSE file included with the source code.
- <P>
- <H2><A NAME="SECTION00029000000000000000">
- <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">9</SPAN> What is tcpreplay?</A>
- </H2>
- <P>
- In the simplest terms, tcpreplay is a tool to send network traffic
- stored in pcap format back onto the network; basically the exact opposite
- of tcpdump. Just to make things more confusing, tcpreplay is also
- a suite of tools: tcpreplay, tcpprep, tcprewrite and flowreplay.
- <P>
- <H2><A NAME="SECTION000210000000000000000">
- <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">10</SPAN> What are some uses for tcpreplay?</A>
- </H2>
- <P>
- Originally, tcpreplay was written to test network intrusion detection
- systems (NIDS), however tcpreplay has been used to test firewalls,
- routers, and other network devices. With the addition of flowreplay,
- most<A NAME="tex2html5"
- HREF="#foot48"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A> any udp or tcp service on a server can be tested as well.
- <P>
- <H2><A NAME="SECTION000211000000000000000">
- <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">11</SPAN> What are some uses for flowreplay?</A>
- </H2>
- <P>
- A lot of people wanted a tool like tcpreplay, but wanted to be able
- to replay traffic <SPAN CLASS="textit">to</SPAN> a server. Since tcpreplay was unable to
- do this, I developed flowreplay which replays the data portion of
- the flow, but recreates the connection to the specified server(s).
- This makes flowreplay an ideal tool to test host intrusion detection
- systems (HIDS) as well as captured exploits and security patches when
- the actual exploit code is not available. Please note that flowreplay
- is still alpha quality code which means it doesn't work very well
- (some would argue it doesn't work at all) and is currently missing
- some important features. Feel free to try flowreplay, but unless you're
- willing and able to contribute, don't bother complaining that it doesn't
- work.
- <P>
- <H2><A NAME="SECTION000212000000000000000">
- <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">12</SPAN> What is the history of tcpreplay?</A>
- </H2>
- <P>
- Tcpreplay has had quite a few authors over the past five or so years.
- One of the advantages of the BSD and GPL licenses is that if someone
- becomes unable or unwilling to continue development, anyone else can
- take over.
- <P>
- Originally, Matt Undy of Anzen Computing wrote tcpreplay. Matt released
- version 1.0.1 sometime in 1999. Sometime after that, Anzen Computing
- was (at least partially) purchased by NFR and development ceased.
- <P>
- Then in 2001, two people independently started work on tcpreplay:
- Matt Bing of NFR and Aaron Turner of OneSecure. After developing a
- series of patches (the -adt branch), Aaron attempted to send the patches
- in to be included in the main development tree.
- <P>
- After some discussion between Aaron and Matt Bing, they decided to
- continue development together. Since then, two major rewrites have
- occured, and more then thirty new features have been added, including
- the addition of a number of accessory tools.
- <P>
- Today, Aaron continues active development of the code.
- <P>
- <BR><HR><H4>Footnotes</H4>
- <DL>
- <DT><A NAME="foot153">... flowreplay</A><A
- HREF="node2.html#tex2html1"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A></DT>
- <DD>Flowreplay is still ``alpha'' quality and is not usable for most
- situations. Anyone interested in helping me develop flowreplay is
- encouraged to contact me.
- </DD>
- <DT><A NAME="foot38">... libnet</A><A
- HREF="node2.html#tex2html2"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A></DT>
- <DD>http://www.packetfactory.net/libnet/
- </DD>
- <DT><A NAME="foot39">... libpcap</A><A
- HREF="node2.html#tex2html3"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A></DT>
- <DD>http://www.tcpdump.org/
- </DD>
- <DT><A NAME="foot40">... tcpdump</A><A
- HREF="node2.html#tex2html4"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A></DT>
- <DD>http://www.tcpdump.org/
- </DD>
- <DT><A NAME="foot48">...
- most</A><A
- HREF="node2.html#tex2html5"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A></DT>
- <DD>Note the flowreplay does not support protocols such as ftp which use
- multiple connections.
- </DD>
- </DL>
- <DIV CLASS="navigation"><HR>
- <!--Navigation Panel-->
- <A NAME="tex2html134"
- HREF="node3.html">
- <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
- <A NAME="tex2html130"
- HREF="FAQ.html">
- <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
- <A NAME="tex2html124"
- HREF="node1.html">
- <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
- <A NAME="tex2html132"
- HREF="node1.html">
- <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
- <BR>
- <B> Next:</B> <A NAME="tex2html135"
- HREF="node3.html">2 Bugs, Feature Requests,</A>
- <B> Up:</B> <A NAME="tex2html131"
- HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
- <B> Previous:</B> <A NAME="tex2html125"
- HREF="node1.html">Contents</A>
- <B> <A NAME="tex2html133"
- HREF="node1.html">Contents</A></B> </DIV>
- <!--End of Navigation Panel-->
- <ADDRESS>
- Aaron Turner
- 2006-07-17
- </ADDRESS>
- </BODY>
- </HTML>
|