123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295 |
- .TH TCPREWRITE 1 2005-06-12 "" "Programmer's Manual"
- .\" DO NOT EDIT THIS FILE (tcprewrite.1)
- .\"
- .\" It has been AutoGen-ed Sunday June 12, 2005 at 10:24:35 PM PDT
- .\" From the definitions tcprewrite_opts.def
- .\" and the template file agman1.tpl
- .\"
- .SH NAME
- tcprewrite \- Rewrite the packets in a pcap file.
- .SH SYNOPSIS
- .B tcprewrite
- .\" Mixture of short (flag) options and long options
- .RB [ -\fIflag\fP " [\fIvalue\fP]]... [" --\fIopt-name\fP " [[=| ]\fIvalue\fP]]..."
- .PP
- All arguments must be options.
- .SH "DESCRIPTION"
- This manual page documents, briefly, the \fBtcprewrite\fP command.
- Tcprewrite is a tool to rewrite packets stored in \fIpcap(3)\fP file format, such
- as crated by tools such as \fItcpdump(1)\fP and \fIethereal(1)\fP. Once a pcap
- file has had it's packets rewritten, they can be replayed back out on the network
- using \fItcpreplay(1)\fP.
- tcprewrite currently supports the following DLT types:
- * DLT_C_HDLC
- * DLT_EN10MB
- * DLT_LINUX_SSL
- * DLT_RAW
- The packet editing features of tcprewrite which distinguish between "client"
- and "server" traffic requires a tcpprep(1) cache file.
- .SH OPTIONS
- .TP
- .BR -d " \fInumber\fP, " --dbug "=" \fInumber\fP
- Enable debugging output.
- This option may appear up to 1 times.
- The default \fInumber\fP for this option is:
- .ti +4
- 0
- .sp
- If configured with --enable-debug, then you can specify a verbosity
- level for debugging output. Higher numbers increase verbosity.
- .TP
- .BR -D " \fIstring\fP, " --dmac "=" \fIstring\fP
- Rewrite destination MAC addresses.
- This option may appear up to 1 times.
- .sp
- Takes a pair of comma deliminated ethernet MAC addresses which
- will replace the destination MAC address of outbound packets.
- The first MAC address will be used for the server traffic
- and the optional second MAC address will be used for the client
- traffic.
- Example:
- .nf
- --dmac 00:12:13:14:15:16,00:22:33:44:55:66
- .fi
- .TP
- .BR -S " \fIstring\fP, " --smac "=" \fIstring\fP
- Rewrite source MAC addresses.
- This option may appear up to 1 times.
- .sp
- Takes a pair of comma deliminated ethernet MAC addresses which
- will replace the source MAC address of outbound packets.
- The first MAC address will be used for the server traffic
- and the optional second MAC address will be used for the client traffic.
- Example:
- .nf
- --smac 00:12:13:14:15:16,00:22:33:44:55:66
- .fi
- .TP
- .BR -P " \fInumber\fP, " --proto "=" \fInumber\fP
- Override L2 protocol type for DLT_RAW.
- This option may appear up to 1 times.
- .sp
- By default, pcap files encapsulated using DLT_RAW will have their protocol
- set to ETHERTYPE_IP (0x0800).
- .TP
- .BR -l " \fIstring\fP, " --dlink "=" \fIstring\fP
- Rewrite Data-Link layer with specified data.
- This option may appear up to 2 times.
- .sp
- Provide a series of comma deliminated hex values which will be
- used to rewrite or create the Layer 2 header of the packets.
- The first instance of this argument will rewrite both server
- and client traffic, but if this argument is specified a second
- time, it will be used for the client traffic.
- Example:
- .nf
- --dlink 01,02,03,04,05,06,00,11,22,33,44,55,66,08,00
- .fi
- .TP
- .BR -r " \fIstring\fP, " --portmap "=" \fIstring\fP
- Rewrite TCP/UDP ports.
- This option may appear up to 1 times.
- .sp
- Specify a list of comma delimited port mappingings consisting of
- colon delimited port number pairs. Each colon delimited port pair
- consists of the port to match followed by the port number to rewrite.
- Example:
- .nf
- --portmap 80:8000,8080:80
- .fi
- .TP
- .BR -s " \fInumber\fP, " --seed "=" \fInumber\fP
- Randomize src/dst IP addresses w/ given seed.
- This option may appear up to 1 times.
- .sp
- Causes the source and destination IP addresses to be pseudo
- randomized but still maintain client/server relationships.
- Since the randomization is deterministic based on the seed,
- you can reuse the same seed value to recreate the traffic.
- .TP
- .BR -N " \fIstring\fP, " --pnat "=" \fIstring\fP
- Rewrite IP addresses using pseudo-NAT.
- This option may appear up to 2 times.
- .sp
- Takes a comma delimited series of colon delimited CIDR
- netblock pairs. Each netblock pair is evaluated in order against
- the IP addresses. If the IP address in the packet matches the
- first netblock, it is rewriten using the second netblock as a
- mask against the high order bits.
- Example:
- .nf
- --pnat 192.168.0.0/16:10.77.0.0/16,172.16.0.0/12:10.1.0.0/24
- .fi
- .TP
- .BR -e " \fIstring\fP, " --endpoints "=" \fIstring\fP
- Rewrite IP addresses to be between two endpoints.
- This option may appear up to 1 times.
- .sp
- Takes a pair of colon delimited IP addresses which will be used to rewrite
- all traffic to appear to be between the two IP's.
- Example:
- .nf
- --endpoints 172.16.0.1:172.16.0.2
- .fi
- .TP
- .BR -C ", " --fixcsum
- Force recalculation of IP/TCP/UDP checksums.
- .sp
- Causes each IP packet to have it's checksums recalcualted and
- fixed. Automatically enabled for packets modified with \fB--seed\fP,
- \fB--pnat\fP, \fB--endpoints\fP or \fB--fixlen\fP.
- .TP
- .BR -i " \fIstring\fP, " --infile "=" \fIstring\fP
- Input pcap file to be processed.
- This option may appear up to 1 times.
- .sp
- .TP
- .BR -o " \fIstring\fP, " --outfile "=" \fIstring\fP
- Output pcap file.
- This option may appear up to 1 times.
- .sp
- .TP
- .BR -c " \fIstring\fP, " --cachefile "=" \fIstring\fP
- Split traffic via tcpprep cache file.
- This option may appear up to 1 times.
- .sp
- Use tcpprep cache file to split traffic based upon client/server relationships.
- .TP
- .BR -m " \fInumber\fP, " --mtu "=" \fInumber\fP
- Override default MTU length (1500 bytes).
- This option may appear up to 1 times.
- .sp
- Override the default 1500 byte MTU size for determining the maximum padding length.
- .TP
- .BR -E ", " --efcs
- Remove Ethernet checksums (FCS) from end of frames.
- .sp
- .TP
- .BR -F " \fIstring\fP, " --fixlen "=" \fIstring\fP
- Pad or truncate packet data to match header length.
- This option may appear up to 1 times.
- .sp
- Packets may be truncated during capture if the snaplen is smaller then the
- packet. This option allows you to modify the packet to pad the packet back
- out to the size stored in the IPv4 header or rewrite the IP header total length
- to reflect the stored packet length.
- .sp 1
- \fBpad\fP
- Truncated packets will be padded out so that the packet length matches the
- IPv4 total length
- .sp 1
- \fBtrunc\fP
- Truncated packets will have their IPv4 total length field rewritten to match
- the actual packet length
- .TP
- .BR -T " \fIstring\fP, " --vlan "=" \fIstring\fP
- Specify 802.1q VLAN tag mode.
- This option may appear up to 1 times.
- .sp
- Allows you to rewrite ethernet frames to add a 802.1q header to standard 802.3
- ethernet headers or remove the 802.1q VLAN tag information.
- .sp 1
- \fBadd\fP
- Rewrites the existing 802.3 ethernet header as an 802.1q VLAN header
- .sp 1
- \fBdel\fP
- Rewrites the existing 802.1q VLAN header as an 802.3 ethernet header
- .TP
- .BR -t " \fInumber\fP, " --vlan-tag "=" \fInumber\fP
- Specify the new 802.1q VLAN tag value.
- This option may appear up to 1 times.
- This option must appear in combination with the following options:
- vlan.
- .sp
- .TP
- .BR -c " \fInumber\fP, " --vlan-cfi "=" \fInumber\fP
- Specify the 802.1q VLAN CFI value.
- This option may appear up to 1 times.
- This option must appear in combination with the following options:
- vlan.
- .sp
- .TP
- .BR -p " \fInumber\fP, " --vlan-pri "=" \fInumber\fP
- Specify the 802.1q VLAN priority.
- This option may appear up to 1 times.
- This option must appear in combination with the following options:
- vlan.
- .sp
- .TP
- .BR -v ", " --verbose
- Print decoded packets via tcpdump to STDOUT.
- This option may appear up to 1 times.
- .sp
- .TP
- .BR -A " \fIstring\fP, " --decode "=" \fIstring\fP
- Arguments passed to tcpdump decoder.
- This option may appear up to 1 times.
- This option must appear in combination with the following options:
- verbose.
- .sp
- When enabling verbose mode (\fB-v\fP) you may also specify one or
- more additional arguments to pass to \fBtcpdump\fP to modify
- the way packets are decoded. By default, -n and -l are used.
- Be sure to quote the arguments so that they are not interpreted
- by tcprewrite. The following arguments are valid:
- [ -aAeNqRStuvxX ]
- [ -E spi@ipaddr algo:secret,... ]
- [ -s snaplen ]
- .TP
- .BR -V ", " --version
- Print version information.
- .sp
- .TP
- .BR -h ", " --less-help
- Display less usage information and exit.
- .sp
- .TP
- .BR \-H , " \--help"
- Display usage information and exit.
- .TP
- .BR \-! , " \--more-help"
- Extended usage information passed thru pager.
- .TP
- .BR \- " [\fIrcfile\fP]," " \--save-opts" "[=\fIrcfile\fP]"
- Save the option state to \fIrcfile\fP. The default is the \fIlast\fP
- configuration file listed in the \fBOPTION PRESETS\fP section, below.
- .TP
- .BR \- " \fIrcfile\fP," " \--load-opts" "=\fIrcfile\fP," " --no-load-opts"
- Load options from \fIrcfile\fP.
- The \fIno-load-opts\fP form will disable the loading
- of earlier RC/INI files. \fI--no-load-opts\fP is handled early,
- out of order.
- .SH OPTION PRESETS
- Any option that is not marked as \fInot presettable\fP may be preset
- by loading values from configuration ("RC" or ".INI") file(s).
- The \fIhomerc\fP file is "\fI$$/\fP", unless that is a directory.
- In that case, the file "\fI.tcprewriterc\fP"
- is searched for within that directory.
- .SH "SEE ALSO"
- tcpdump(1), tcpprep(1), tcpreplay(1)
- .SH AUTHOR
- Copyright 2004-2005 Aaron Turner
- For support please use the tcpreplay-users@lists.sourceforge.net mailing list.
- .PP
- Released under the Free BSD License.
- .PP
- This manual page was \fIAutoGen\fP-erated from the \fBtcprewrite\fP
- option definitions.
|