node2.html 13 KB


  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
  2. <!--Converted with LaTeX2HTML 2002-2 (1.70)
  3. original version by: Nikos Drakos, CBLU, University of Leeds
  4. * revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
  5. * with significant contributions from:
  6. Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
  7. <HTML>
  8. <HEAD>
  9. <TITLE>1 General Info</TITLE>
  10. <META NAME="description" CONTENT="1 General Info">
  11. <META NAME="keywords" CONTENT="FAQ">
  12. <META NAME="resource-type" CONTENT="document">
  13. <META NAME="distribution" CONTENT="global">
  14. <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
  15. <META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
  16. <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
  17. <LINK REL="STYLESHEET" HREF="FAQ.css">
  18. <LINK REL="next" HREF="node3.html">
  19. <LINK REL="previous" HREF="node1.html">
  20. <LINK REL="up" HREF="FAQ.html">
  21. <LINK REL="next" HREF="node3.html">
  22. </HEAD>
  23. <BODY >
  24. <DIV CLASS="navigation"><!--Navigation Panel-->
  25. <A NAME="tex2html134"
  26. HREF="node3.html">
  27. <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
  28. <A NAME="tex2html130"
  29. HREF="FAQ.html">
  30. <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
  31. <A NAME="tex2html124"
  32. HREF="node1.html">
  33. <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
  34. <A NAME="tex2html132"
  35. HREF="node1.html">
  36. <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
  37. <BR>
  38. <B> Next:</B> <A NAME="tex2html135"
  39. HREF="node3.html">2 Bugs, Feature Requests,</A>
  40. <B> Up:</B> <A NAME="tex2html131"
  41. HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
  42. <B> Previous:</B> <A NAME="tex2html125"
  43. HREF="node1.html">Contents</A>
  44. &nbsp; <B> <A NAME="tex2html133"
  45. HREF="node1.html">Contents</A></B>
  46. <BR>
  47. <BR></DIV>
  48. <!--End of Navigation Panel-->
  49. <!--Table of Child-Links-->
  50. <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
  51. <UL CLASS="ChildLinks">
  52. <LI><A NAME="tex2html136"
  53. HREF="node2.html#SECTION00021000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">1</SPAN> What is this FAQ for?</A>
  54. <LI><A NAME="tex2html137"
  55. HREF="node2.html#SECTION00022000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">2</SPAN> What tools come with tcpreplay?</A>
  56. <LI><A NAME="tex2html138"
  57. HREF="node2.html#SECTION00023000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">3</SPAN> What tools no longer come with Tcpreplay?</A>
  58. <LI><A NAME="tex2html139"
  59. HREF="node2.html#SECTION00024000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">4</SPAN> How can I get tcpreplay's source?</A>
  60. <LI><A NAME="tex2html140"
  61. HREF="node2.html#SECTION00025000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">5</SPAN> What requirements does tcpreplay have?</A>
  62. <LI><A NAME="tex2html141"
  63. HREF="node2.html#SECTION00026000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">6</SPAN> Are there binaries available?</A>
  64. <LI><A NAME="tex2html142"
  65. HREF="node2.html#SECTION00027000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">7</SPAN> Is there a Microsoft Windows port?</A>
  66. <LI><A NAME="tex2html143"
  67. HREF="node2.html#SECTION00028000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">8</SPAN> How is tcpreplay licensed?</A>
  68. <LI><A NAME="tex2html144"
  69. HREF="node2.html#SECTION00029000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">9</SPAN> What is tcpreplay?</A>
  70. <LI><A NAME="tex2html145"
  71. HREF="node2.html#SECTION000210000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">10</SPAN> What are some uses for tcpreplay?</A>
  72. <LI><A NAME="tex2html146"
  73. HREF="node2.html#SECTION000211000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">11</SPAN> What are some uses for flowreplay?</A>
  74. <LI><A NAME="tex2html147"
  75. HREF="node2.html#SECTION000212000000000000000"><SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">12</SPAN> What is the history of tcpreplay?</A>
  76. </UL>
  77. <!--End of Table of Child-Links-->
  78. <HR>
  79. <H1><A NAME="SECTION00020000000000000000">
  80. <SPAN CLASS="arabic">1</SPAN> General Info</A>
  81. </H1>
  82. <P>
  83. <H2><A NAME="SECTION00021000000000000000">
  84. <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">1</SPAN> What is this FAQ for?</A>
  85. </H2>
  86. <P>
  87. Tcpreplay is a suite of powerful tools, but with that power comes
  88. complexity. While I have done my best to write good man pages for
  89. tcpreplay and it's associated utilities, I understand that many people
  90. may want more information then I can provide in the man pages. Additionally,
  91. this FAQ attempts to cover material which I feel will be of use to
  92. people using tcpreplay, as well as common questions that occur on
  93. the Tcpreplay-Users &lt;tcpreplay-users@lists.sourceforge.net&gt; mailing
  94. list.
  95. <P>
  96. <H2><A NAME="SECTION00022000000000000000">
  97. <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">2</SPAN> What tools come with tcpreplay?</A>
  98. </H2>
  99. <P>
  100. <UL>
  101. <LI>tcpreplay - replay ethernet packets stored in a pcap file as they
  102. were captured
  103. </LI>
  104. <LI>tcprewrite - edit packets stored in a pcap file
  105. </LI>
  106. <LI>tcpprep - a pcap pre-processor for tcpreplay
  107. </LI>
  108. <LI>flowreplay<A NAME="tex2html1"
  109. HREF="#foot153"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A> - connects to a server(s) and replays the client side of the connection
  110. stored in a pcap file
  111. </LI>
  112. </UL>
  113. <P>
  114. <H2><A NAME="SECTION00023000000000000000">
  115. <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">3</SPAN> What tools no longer come with Tcpreplay?</A>
  116. </H2>
  117. <P>
  118. Recently, other people and projects have developed better versions
  119. of two applications that shipped with tcpreplay 2.x:
  120. <P>
  121. <UL>
  122. <LI>pcapmerge - merges two or more pcap files into one. Ethereal now ships
  123. with a more powerful appliation called 'mergecap'.
  124. </LI>
  125. <LI>capinfo - displays basic information about a pcap file. Ethereal now
  126. ships with a more powerful application of the same name.
  127. </LI>
  128. </UL>
  129. <P>
  130. <H2><A NAME="SECTION00024000000000000000">
  131. <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">4</SPAN> How can I get tcpreplay's source?</A>
  132. </H2>
  133. <P>
  134. The source code is available in tarball format on the tcpreplay homepage:
  135. http://tcpreplay.sourceforge.net/ I also encourage users familiar
  136. with Subversion to try checking out the latest code as it often has
  137. additional features and bugfixes not found in the tarballs.
  138. <P>
  139. svn checkout https://www.synfin.net/svn/tcpreplay/trunk tcpreplay
  140. <P>
  141. <H2><A NAME="SECTION00025000000000000000">
  142. <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">5</SPAN> What requirements does tcpreplay have?</A>
  143. </H2>
  144. <P>
  145. <OL>
  146. <LI>You'll need recent versions of the libnet<A NAME="tex2html2"
  147. HREF="#foot38"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A> and libpcap<A NAME="tex2html3"
  148. HREF="#foot39"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A> libraries.
  149. </LI>
  150. <LI>To support the packet decoding feature you'll need tcpdump<A NAME="tex2html4"
  151. HREF="#foot40"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A> installed.
  152. </LI>
  153. <LI>You'll also need a compatible operating system. Basically, any UNIX-like
  154. or UNIX-based operating system should work. Linux, *BSD, Solaris,
  155. OS X and others should all work. If you find any compatibility issues
  156. with any UNIX-like/based OS, please let me know.
  157. </LI>
  158. </OL>
  159. <P>
  160. <H2><A NAME="SECTION00026000000000000000">
  161. <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">6</SPAN> Are there binaries available?</A>
  162. </H2>
  163. <P>
  164. The tcpreplay project does not maintain binaries for any platforms.
  165. However some operating systems such as Debian GNU/Linux (apt-get)
  166. and OS X (fink) have packages available. Try searching on Google.
  167. <P>
  168. <H2><A NAME="SECTION00027000000000000000">
  169. <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">7</SPAN> Is there a Microsoft Windows port?</A>
  170. </H2>
  171. <P>
  172. Not really. We had one user port the code over for an old version
  173. of tcpreplay to Windows. Now we're looking for someone to help merge
  174. and maintain the code in to the main development tree. If you're interested
  175. in helping with this please contact Aaron Turner or the tcpreplay-users
  176. list. Other then that, you can download the tcpreplay-win32.zip file
  177. from the website and give it a go. Please understand that the Win32
  178. port of tcpreplay comes with no support whatsoever, so if you run
  179. into a problem you're on your own.
  180. <P>
  181. <H2><A NAME="SECTION00028000000000000000">
  182. <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">8</SPAN> How is tcpreplay licensed?</A>
  183. </H2>
  184. <P>
  185. Tcpreplay is licensed under a three clause BSD-style license. For
  186. details see the docs/LICENSE file included with the source code.
  187. <P>
  188. <H2><A NAME="SECTION00029000000000000000">
  189. <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">9</SPAN> What is tcpreplay?</A>
  190. </H2>
  191. <P>
  192. In the simplest terms, tcpreplay is a tool to send network traffic
  193. stored in pcap format back onto the network; basically the exact opposite
  194. of tcpdump. Just to make things more confusing, tcpreplay is also
  195. a suite of tools: tcpreplay, tcpprep, tcprewrite and flowreplay.
  196. <P>
  197. <H2><A NAME="SECTION000210000000000000000">
  198. <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">10</SPAN> What are some uses for tcpreplay?</A>
  199. </H2>
  200. <P>
  201. Originally, tcpreplay was written to test network intrusion detection
  202. systems (NIDS), however tcpreplay has been used to test firewalls,
  203. routers, and other network devices. With the addition of flowreplay,
  204. most<A NAME="tex2html5"
  205. HREF="#foot48"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A> any udp or tcp service on a server can be tested as well.
  206. <P>
  207. <H2><A NAME="SECTION000211000000000000000">
  208. <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">11</SPAN> What are some uses for flowreplay?</A>
  209. </H2>
  210. <P>
  211. A lot of people wanted a tool like tcpreplay, but wanted to be able
  212. to replay traffic <SPAN CLASS="textit">to</SPAN> a server. Since tcpreplay was unable to
  213. do this, I developed flowreplay which replays the data portion of
  214. the flow, but recreates the connection to the specified server(s).
  215. This makes flowreplay an ideal tool to test host intrusion detection
  216. systems (HIDS) as well as captured exploits and security patches when
  217. the actual exploit code is not available. Please note that flowreplay
  218. is still alpha quality code which means it doesn't work very well
  219. (some would argue it doesn't work at all) and is currently missing
  220. some important features. Feel free to try flowreplay, but unless you're
  221. willing and able to contribute, don't bother complaining that it doesn't
  222. work.
  223. <P>
  224. <H2><A NAME="SECTION000212000000000000000">
  225. <SPAN CLASS="arabic">1</SPAN>.<SPAN CLASS="arabic">12</SPAN> What is the history of tcpreplay?</A>
  226. </H2>
  227. <P>
  228. Tcpreplay has had quite a few authors over the past five or so years.
  229. One of the advantages of the BSD and GPL licenses is that if someone
  230. becomes unable or unwilling to continue development, anyone else can
  231. take over.
  232. <P>
  233. Originally, Matt Undy of Anzen Computing wrote tcpreplay. Matt released
  234. version 1.0.1 sometime in 1999. Sometime after that, Anzen Computing
  235. was (at least partially) purchased by NFR and development ceased.
  236. <P>
  237. Then in 2001, two people independently started work on tcpreplay:
  238. Matt Bing of NFR and Aaron Turner of OneSecure. After developing a
  239. series of patches (the -adt branch), Aaron attempted to send the patches
  240. in to be included in the main development tree.
  241. <P>
  242. After some discussion between Aaron and Matt Bing, they decided to
  243. continue development together. Since then, two major rewrites have
  244. occured, and more then thirty new features have been added, including
  245. the addition of a number of accessory tools.
  246. <P>
  247. Today, Aaron continues active development of the code.
  248. <P>
  249. <BR><HR><H4>Footnotes</H4>
  250. <DL>
  251. <DT><A NAME="foot153">... flowreplay</A><A
  252. HREF="node2.html#tex2html1"><SUP><SPAN CLASS="arabic">1</SPAN></SUP></A></DT>
  253. <DD>Flowreplay is still ``alpha'' quality and is not usable for most
  254. situations. Anyone interested in helping me develop flowreplay is
  255. encouraged to contact me.
  256. </DD>
  257. <DT><A NAME="foot38">... libnet</A><A
  258. HREF="node2.html#tex2html2"><SUP><SPAN CLASS="arabic">2</SPAN></SUP></A></DT>
  259. <DD>http://www.packetfactory.net/libnet/
  260. </DD>
  261. <DT><A NAME="foot39">... libpcap</A><A
  262. HREF="node2.html#tex2html3"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A></DT>
  263. <DD>http://www.tcpdump.org/
  264. </DD>
  265. <DT><A NAME="foot40">... tcpdump</A><A
  266. HREF="node2.html#tex2html4"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A></DT>
  267. <DD>http://www.tcpdump.org/
  268. </DD>
  269. <DT><A NAME="foot48">...
  270. most</A><A
  271. HREF="node2.html#tex2html5"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A></DT>
  272. <DD>Note the flowreplay does not support protocols such as ftp which use
  273. multiple connections.
  274. </DD>
  275. </DL>
  276. <DIV CLASS="navigation"><HR>
  277. <!--Navigation Panel-->
  278. <A NAME="tex2html134"
  279. HREF="node3.html">
  280. <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
  281. <A NAME="tex2html130"
  282. HREF="FAQ.html">
  283. <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
  284. <A NAME="tex2html124"
  285. HREF="node1.html">
  286. <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
  287. <A NAME="tex2html132"
  288. HREF="node1.html">
  289. <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
  290. <BR>
  291. <B> Next:</B> <A NAME="tex2html135"
  292. HREF="node3.html">2 Bugs, Feature Requests,</A>
  293. <B> Up:</B> <A NAME="tex2html131"
  294. HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
  295. <B> Previous:</B> <A NAME="tex2html125"
  296. HREF="node1.html">Contents</A>
  297. &nbsp; <B> <A NAME="tex2html133"
  298. HREF="node1.html">Contents</A></B> </DIV>
  299. <!--End of Navigation Panel-->
  300. <ADDRESS>
  301. Aaron Turner
  302. 2006-08-07
  303. </ADDRESS>
  304. </BODY>
  305. </HTML>