index.html 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295
  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  2. <html>
  3. <head>
  4. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  5. <title>Tcpreplay: Pcap editing and replay tools for *NIX</title>
  6. <link rel="stylesheet" type="text/css" title="normal" media="screen" href="web.css" >
  7. </head>
  8. <body>
  9. <table border=0 cellpadding=3 cellspacing=0 width="100%">
  10. <tr>
  11. <td align=center class=title colspan=1>
  12. Tcpreplay: Pcap editing and replay tools for *NIX
  13. </td>
  14. </tr>
  15. <tr>
  16. <td align=right class=menubar>
  17. <!--
  18. <a href="http://sourceforge.net/project/showfiles.php?group_id=48862">Downloads</a> |
  19. <a href="manual.html">Manual</a> |
  20. <a href="faq.html">FAQ</a> |
  21. <a href="http://sourceforge.net/mail/?group_id=48862">Mailing Lists</a> |
  22. <a href="https://www.synfin.net/cgi-bin/viewcvs.cgi/tcpreplay/">SVN
  23. Repository</a>
  24. -->
  25. <a href="#about">About</a> |
  26. <a href="#details">Details</a> |
  27. <a href="#news">News</a> |
  28. <a href="#downloads">Downloads</a> |
  29. <a href="#docs">Documentation</a> |
  30. <a href="#support">Support</a>
  31. </td>
  32. </tr>
  33. </table>
  34. <P>&nbsp;<P>
  35. <table border=0 cellpadding=3 cellspacing=0 width="100%" class=fill>
  36. <a name="about"></a>
  37. <tr><td class=sechdr>About</td></tr>
  38. <tr><td class=section>
  39. Tcpreplay is a suite of BSD licensed tools written by Aaron Turner for *NIX
  40. operating systems which gives you the ability to use previously captured
  41. traffic in <a href="http://www.tcpdump.org">libpcap format</a> to test a
  42. variety of network devices. &nbsp;It allows you to classify traffic as
  43. client or server, rewrite Layer 2, 3 and 4 headers and finally replay the
  44. traffic back onto the network and through other devices such as switches,
  45. routers, firewalls, NIDS and IPS's.
  46. <P>
  47. Voted as <a href="http://www.insecure.org/tools.html"> one of the top 75
  48. security tools</a>, tcpreplay is used by numerous firewall, IDS, IPS and
  49. other networking vendors, enterprises, universities, and open source
  50. projects. If your organization uses tcpreplay, please let me know who you
  51. are and what you use it for so that I can continue to add features which are
  52. useful.
  53. </td>
  54. </tr>
  55. <a name="details"></a>
  56. <tr><td>&nbsp;</td></tr>
  57. <tr><td class=sechdr>Details</td></tr>
  58. <tr><td class=section>
  59. Tcpreplay includes the following tools:
  60. <ul>
  61. <li>tcpprep - multi-pass pcap file pre-processor which
  62. determines packets as client or server and creates cache files
  63. used by tcpreplay and tcprewrite</li>
  64. <li>tcprewrite - pcap file
  65. editor which rewrites TCP/IP and Layer 2 packet headers</li>
  66. <li>tcpreplay - replays pcap files at arbitrary speeds onto the
  67. network</li>
  68. <li>tcpbridge - bridge two network segments with
  69. the power of tcprewrite</li>
  70. <li>flowreplay - emulates a network
  71. client using a pcap file as the basis of a TCP or UDP connection
  72. (currently in alpha)</li>
  73. </ul>
  74. <P>
  75. Generally speaking, most people would first run tcpprep against a pcap file
  76. to create a cache file which splits traffic between client and server if
  77. they are testing an inline device like a firewall or IPS. &nbsp;Then
  78. depending on their network setup and where the pcap was captured, they would
  79. use tcprewrite to edit the packets so that the device under test will
  80. examine them properly. &nbsp;Finally, tcpreplay is used to replay the pcap
  81. onto the network to do the test.
  82. </td>
  83. </tr>
  84. <a name="news"></a>
  85. <tr><td>&nbsp;</td></tr>
  86. <tr><td class=sechdr>News</td></tr>
  87. <tr>
  88. <td class=section>
  89. 2005-08-07<br>
  90. Tcpreplay 3.0.beta7 is relased which merges the tcpprep
  91. fixes from 2.3.5 and incorprates an important flowreplay fix
  92. for UDP flows. Still looking for a tech writer who can
  93. spend a few hours a week on the documentation.
  94. <P>
  95. 2005-07-03<br>
  96. Tcpreplay 2.3.5 is released which fixes a long standing bug
  97. in tcpprep with auto/router mode. Note that *all* tcpprep
  98. releases up to now in all three branches of code (1.x, 2.x
  99. and 3.x) have this bug. 3.0.beta7 will have the fix, but
  100. 1.x is EOL.
  101. <P>
  102. 2005-06-29<br>
  103. Many thanks to <a href="http://www.cse.scu.edu/send.cgi?Z&people/parttime/DorrClark.htm">Dorr
  104. Clark</a> of Santa Clara University who provided me a
  105. really nice <a href="http://www.doxygen.org">doxygen</a>
  106. file for documenting the 3.0 source code.
  107. <P>
  108. 2005-06-28<br>
  109. Beta6 is out. Fixes a number of user reported bugs. Thanks
  110. to all the beta testers who have been giving me such great
  111. feedback. Keep it comming!
  112. <P>
  113. 2005-06-14<br>
  114. Well I got a lot of good feedback on the beta4 release, so
  115. beta5 fixes a number of key bugs and adds a few enhancements
  116. which should help people out. Let me know...
  117. <P>
  118. 2005-06-05<br>
  119. Released 3.0.beta4 and 2.3.4. Both fix problems compiling
  120. under OpenBSD and add support for libpcap 0.5 although some
  121. features may be disabled. 3.0.beta4 also fixes a number of
  122. bugs during both compile and runtime... check the changelog
  123. for details.
  124. <P>
  125. 2005-05-28<br>
  126. Ugh. <a href="http://libnids.sourceforge.net/">libnids</a>
  127. is so close and yet so far away. It handles the basic
  128. functionality of doing IP defragmentation and TCP stream
  129. reassembly which I need for flowreplay, but yet misses the
  130. boat on a number of key requirements... the biggest of which
  131. are no multi-thread support or proper handling of multiple
  132. pcap files.
  133. <P>
  134. Unfortunately, doing proper multi-thread support would
  135. require an API change... something that the libnids author
  136. is unwilling to do. The only option seems to be a fork of
  137. the code, but that's plain ugly... Suggestions?
  138. <P>
  139. 2005-05-12<br>
  140. Oops. I thought I fixed a compile problem with dlt2desc
  141. in 3.0.beta3, but apparently I goofed. If you get an error
  142. complaining about multiple definitions, then go into
  143. src/edit_packet.c and delete the line:<P>
  144. <pre>
  145. #include "dlt_names.h"
  146. </pre>
  147. <P>
  148. 2005-03-09<br>
  149. Just re-posted a <a
  150. href="https://sourceforge.net/people/viewjob.php?group_id=48862&job_id=21661">job
  151. posting for a technical writer/editor</a> to help me
  152. with the tcpreplay documentation. If you are interested in
  153. getting some good tech writing experiance in the
  154. networking/security space, then this might just be the
  155. opportunity for you!
  156. </td>
  157. </tr>
  158. <a name="download"></a>
  159. <tr><td>&nbsp;</td></tr>
  160. <tr><td class=sechdr>Get It</td></tr>
  161. <tr><td class=section>
  162. Releases:
  163. <ul>
  164. <li>Latest development release:
  165. <a
  166. href="http://prdownloads.sourceforge.net/tcpreplay/tcpreplay-3.0.beta7.tar.gz">tcpreplay-3.0.beta7.tar.gz</a>
  167. (<a
  168. href="CHANGELOG">Changelog</a>)
  169. </li>
  170. <li>
  171. Latest stable release:
  172. <a href="http://prdownloads.sourceforge.net/tcpreplay/tcpreplay-2.3.5.tar.gz">tcpreplay-2.3.5.tar.gz</a>
  173. (<a
  174. href="http://sourceforge.net/project/shownotes.php?release_id=339538">release notes</a>)
  175. </li>
  176. <li>
  177. Last release supporting Libnet 1.0.x:
  178. <a href="http://prdownloads.sourceforge.net/tcpreplay/tcpreplay-1.3.3.tar.gz">tcpreplay-1.3.3.tar.gz</a>
  179. (<a
  180. href="http://sourceforge.net/project/shownotes.php?release_id=156906">release
  181. notes</a>) Note that the 1.x series is EOL.
  182. </li>
  183. <li><a
  184. href="http://sourceforge.net/project/showfiles.php?group_id=48862">
  185. Past releases</a>
  186. </li>
  187. </ul>
  188. <P>
  189. Source via Subversion:<br>
  190. svn co https://www.synfin.net/svn/tcpreplay/trunk tcpreplay-trunk<br>
  191. or view it online using
  192. <a href="https://www.synfin.net/cgi-bin/viewcvs.cgi/tcpreplay/">
  193. the web interface</a>
  194. <P>
  195. Packages:
  196. <ul>
  197. <li>Apple OS X users can try Darian Lanx's Fink package: <i>fink install tcpreplay</i></li>
  198. <li>Debian users can try Noel Koethe's APT package: <i>apt-get install tcpreplay</i></li>
  199. <li>
  200. Win32 users can try
  201. <a
  202. href="http://sourceforge.net/project/showfiles.php?group_id=48862&package_id=144474">this
  203. UNOFFICAL and UNSUPPORTED</a> port. &nbsp;Note: anyone interested in helping with an offical Win32 port of tcpreplay should contact me.
  204. </li>
  205. </td>
  206. <a name="docs"></a>
  207. <tr><td>&nbsp;</td></tr>
  208. <tr><td class=sechdr>Documentation</td></tr>
  209. <tr>
  210. <td><table border=0 cellpadding=0 cellspacing=0 width="100%">
  211. <tr valign=top>
  212. <td class=section width="50%">
  213. 3.x Docs:
  214. <ul>
  215. <li><a href="manual/index.html">Manual</a></li>
  216. <li><a href="FAQ/index.html">Frequently Asked Questions</a></li>
  217. <li><a href="doxygen/html/index.html">Source code documentation via
  218. Doxygen</a></li>
  219. </ul>
  220. 3.x Man Pages:
  221. <ul>
  222. <li><a href="man/tcpreplay.html">tcpreplay</a></li>
  223. <li><a href="man/tcpprep.html">tcpprep</a></li>
  224. <li><a href="man/tcprewrite.html">tcprewrite</a></li>
  225. <li><a href="man/flowreplay.html">flowreplay</a></li>
  226. <li><a href="man/tcpbridge.html">tcpbridge</a></li>
  227. </ul>
  228. Other:
  229. <ul>
  230. <li> <a href="TODO">3.x TODO list</a></li>
  231. </ul>
  232. </td>
  233. <td class=section>
  234. 2.x Docs:
  235. <ul>
  236. <li><a href="tcpreplay-2-faq.html">Frequently Asked
  237. Questions</a></li>
  238. </uL>
  239. </td>
  240. </tr>
  241. </table>
  242. </td>
  243. </tr>
  244. <a name="support"></a>
  245. <tr><td>&nbsp;</td></tr>
  246. <tr><td class=sechdr>Support</td></tr>
  247. <tr><td class=section>
  248. Sourceforge has a support, bug and patch ticket tracking system
  249. which I <b>do not use</b>.
  250. &nbsp;So if you submit a ticket into any of those systems, it
  251. will likely be ignored for a few months, if not longer.
  252. &nbsp;Hence, you should be using the
  253. <a href="http://sourceforge.net/mail/?group_id=48862">tcpreplay-users mailing
  254. list</a> for support. (Due to spam, the
  255. tcpreplay-users list is a closed list, so you will need to
  256. subscribe in order to post.)
  257. <P>
  258. Please note that tcpreplay has a lot of documentation.
  259. &nbsp;Please read the documentation before asking for help.
  260. <P>
  261. You may also be interested in checking out
  262. <a href="http://www.sourceforge.net/projects/tcpreplay/">
  263. tcpreplay's SourceForge project page</a>.
  264. </ul>
  265. </td>
  266. </tr>
  267. <tr>
  268. <td align=center>
  269. &nbsp;
  270. <P>
  271. <a href="http://sourceforge.net"><img
  272. src="http://sourceforge.net/sflogo.php?group_id=48862&type=1"
  273. width="88" height="31" border="0" alt="SourceForge.net
  274. Logo" /></a>
  275. </td>
  276. </tr>
  277. </table>
  278. </body>
  279. </html>