123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213 |
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
- <!--Converted with LaTeX2HTML 2002-2 (1.70)
- original version by: Nikos Drakos, CBLU, University of Leeds
- * revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
- * with significant contributions from:
- Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
- <HTML>
- <HEAD>
- <TITLE>3 Understanding tcpprep</TITLE>
- <META NAME="description" CONTENT="3 Understanding tcpprep">
- <META NAME="keywords" CONTENT="FAQ">
- <META NAME="resource-type" CONTENT="document">
- <META NAME="distribution" CONTENT="global">
- <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
- <META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
- <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
- <LINK REL="STYLESHEET" HREF="FAQ.css">
- <LINK REL="next" HREF="node5.html">
- <LINK REL="previous" HREF="node3.html">
- <LINK REL="up" HREF="FAQ.html">
- <LINK REL="next" HREF="node5.html">
- </HEAD>
- <BODY >
- <DIV CLASS="navigation"><!--Navigation Panel-->
- <A NAME="tex2html175"
- HREF="node5.html">
- <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
- <A NAME="tex2html171"
- HREF="FAQ.html">
- <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
- <A NAME="tex2html165"
- HREF="node3.html">
- <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
- <A NAME="tex2html173"
- HREF="node1.html">
- <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
- <BR>
- <B> Next:</B> <A NAME="tex2html176"
- HREF="node5.html">4 Common Error and</A>
- <B> Up:</B> <A NAME="tex2html172"
- HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
- <B> Previous:</B> <A NAME="tex2html166"
- HREF="node3.html">2 Bugs, Feature Requests,</A>
- <B> <A NAME="tex2html174"
- HREF="node1.html">Contents</A></B>
- <BR>
- <BR></DIV>
- <!--End of Navigation Panel-->
- <!--Table of Child-Links-->
- <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
- <UL CLASS="ChildLinks">
- <LI><A NAME="tex2html177"
- HREF="node4.html#SECTION00041000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">1</SPAN> What is tcpprep?</A>
- <LI><A NAME="tex2html178"
- HREF="node4.html#SECTION00042000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">2</SPAN> How does tcpprep work? </A>
- <LI><A NAME="tex2html179"
- HREF="node4.html#SECTION00043000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">3</SPAN> Does tcpprep modify my libpcap file?</A>
- <LI><A NAME="tex2html180"
- HREF="node4.html#SECTION00044000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">4</SPAN> Why use tcpprep?</A>
- <LI><A NAME="tex2html181"
- HREF="node4.html#SECTION00045000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">5</SPAN> Can a cache file be used for multiple (different) libpcap files? </A>
- <LI><A NAME="tex2html182"
- HREF="node4.html#SECTION00046000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">6</SPAN> Why would I want to use tcpreplay with two network cards? </A>
- <LI><A NAME="tex2html183"
- HREF="node4.html#SECTION00047000000000000000"><SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">7</SPAN> How big are the cache files?</A>
- </UL>
- <!--End of Table of Child-Links-->
- <HR>
- <H1><A NAME="SECTION00040000000000000000">
- <SPAN CLASS="arabic">3</SPAN> Understanding tcpprep</A>
- </H1>
- <P>
- <H2><A NAME="SECTION00041000000000000000">
- <SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">1</SPAN> What is tcpprep?</A>
- </H2>
- <P>
- Tcpreplay can send traffic out two network cards, however it requires
- the calculations be done in real-time. These calculations can be expensive
- and can significantly reduce the throughput of tcpreplay.
- <P>
- Tcpprep is a libpcap pre-processor for tcpreplay which enables using
- two network cards to send traffic without the performance hit of doing
- the calculations in real-time.
- <P>
- <H2><A NAME="SECTION00042000000000000000">
- <SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">2</SPAN> How does tcpprep work? </A>
- </H2>
- <P>
- Tcpprep reads in a libpcap (tcpdump) formatted capture file and does
- some processing to generate a tcpreplay cache file. This cache file
- tells tcpreplay which interface a given packet should be sent out
- of.
- <P>
- <H2><A NAME="SECTION00043000000000000000">
- <SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">3</SPAN> Does tcpprep modify my libpcap file?</A>
- </H2>
- <P>
- No.
- <P>
- <H2><A NAME="SECTION00044000000000000000">
- <SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">4</SPAN> Why use tcpprep?</A>
- </H2>
- <P>
- There are three major reasons to use tcpprep:
- <P>
- <OL>
- <LI>Tcpprep can split traffic based upon more methods and criteria then
- tcpreplay.
- </LI>
- <LI>By pre-processing the pcap, tcpreplay has a higher theoretical maximum
- throughput.
- </LI>
- <LI>By pre-processing the pcap, tcpreplay can be more accurate in timing
- when replaying traffic at normal speed.
- </LI>
- </OL>
- <P>
- <H2><A NAME="SECTION00045000000000000000">
- <SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">5</SPAN> Can a cache file be used for multiple (different) libpcap files? </A>
- </H2>
- <P>
- Cache files have nothing linking them to a given libpcap file, so
- there is nothing to stop you from doing this. However running tcpreplay
- with a cache file from a different libpcap source file is likely to
- cause a lot of problems and is not supported.
- <P>
- <H2><A NAME="SECTION00046000000000000000">
- <SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">6</SPAN> Why would I want to use tcpreplay with two network cards? </A>
- </H2>
- <P>
- Tcpreplay traditionally is good for putting traffic on a given network,
- often used to test a network intrusion detection system (NIDS). However,
- there are cases where putting traffic onto a subnet in this manner
- is not good enough- you have to be able to send traffic *through*
- a device such as a IPS, router, firewall, or bridge.
- <P>
- In these cases, being able to use a single source file (libpcap) for
- both ends of the connection solves this problem.
- <P>
- <H2><A NAME="SECTION00047000000000000000">
- <SPAN CLASS="arabic">3</SPAN>.<SPAN CLASS="arabic">7</SPAN> How big are the cache files?</A>
- </H2>
- <P>
- Very small. Actual size depends on the number of packets in the dump
- file. Two bits of data is stored for each packet. On a test using
- a 900MB dump file containing over 500,000 packets, the cache file
- was only 150K.
- <P>
- <DIV CLASS="navigation"><HR>
- <!--Navigation Panel-->
- <A NAME="tex2html175"
- HREF="node5.html">
- <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
- <A NAME="tex2html171"
- HREF="FAQ.html">
- <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
- <A NAME="tex2html165"
- HREF="node3.html">
- <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
- <A NAME="tex2html173"
- HREF="node1.html">
- <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
- <BR>
- <B> Next:</B> <A NAME="tex2html176"
- HREF="node5.html">4 Common Error and</A>
- <B> Up:</B> <A NAME="tex2html172"
- HREF="FAQ.html">Tcpreplay 3.x FAQ</A>
- <B> Previous:</B> <A NAME="tex2html166"
- HREF="node3.html">2 Bugs, Feature Requests,</A>
- <B> <A NAME="tex2html174"
- HREF="node1.html">Contents</A></B> </DIV>
- <!--End of Navigation Panel-->
- <ADDRESS>
- Aaron Turner
- 2006-08-07
- </ADDRESS>
- </BODY>
- </HTML>
|