| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275 |
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
- <html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <title>Tcpreplay: Pcap editing and replay tools for *NIX</title>
- <link rel="stylesheet" type="text/css" title="normal" media="screen" href="web.css" >
- </head>
- <body>
-
- <table border=0 cellpadding=3 cellspacing=0 width="100%">
- <tr>
- <td align=center class=title colspan=1>
- Tcpreplay: Pcap editing and replay tools for *NIX
- </td>
- </tr>
- <tr>
- <td align=right class=menubar>
- <!--
- <a href="http://sourceforge.net/project/showfiles.php?group_id=48862">Downloads</a> |
- <a href="manual.html">Manual</a> |
- <a href="faq.html">FAQ</a> |
- <a href="http://sourceforge.net/mail/?group_id=48862">Mailing Lists</a> |
- <a href="https://www.synfin.net:444/cgi-bin/viewcvs.cgi/tcpreplay/">SVN
- Repository</a>
- -->
- <a href="#about">About</a> |
- <a href="#details">Details</a> |
- <a href="#news">News</a> |
- <a href="#downloads">Downloads</a> |
- <a href="#docs">Documentation</a> |
- <a href="#support">Support</a>
- </td>
- </tr>
- </table>
-
- <P> <P>
-
- <table border=0 cellpadding=3 cellspacing=0 width="100%" class=fill>
- <a name="about"></a>
- <tr><td class=sechdr>About</td></tr>
- <tr><td class=section>
- Tcpreplay is a suite of BSD licensed tools written by Aaron Turner for *NIX
- operating systems which gives you the ability to use previously captured
- traffic in <a href="http://www.tcpdump.org">libpcap format</a> to test a
- variety of network devices. It allows you to classify traffic as
- client or server, rewrite Layer 2, 3 and 4 headers and finally replay the
- traffic back onto the network and through other devices such as switches,
- routers, firewalls, NIDS and IPS's.
- <P>
- Voted as <a href="http://www.insecure.org/tools.html"> one of the top 75
- security tools</a>, tcpreplay is used by numerous firewall, IDS, IPS and
- other networking vendors, enterprises, universities, and open source
- projects. If your organization uses tcpreplay, please let me know who you
- are and what you use it for so that I can continue to add features which are
- useful.
- </td>
- </tr>
- <a name="details"></a>
- <tr><td> </td></tr>
- <tr><td class=sechdr>Details</td></tr>
- <tr><td class=section>
- Tcpreplay includes the following tools:
- <ul>
- <li>tcpprep - multi-pass pcap file pre-processor which
- determines packets as client or server and creates cache files
- used by tcpreplay and tcprewrite</li>
-
- <li>tcprewrite - pcap file
- editor which rewrites TCP/IP and Layer 2 packet headers</li>
- <li>tcpreplay - replays pcap files at arbitrary speeds onto the
- network</li>
-
- <li>tcpbridge - bridge two network segments with
- the power of tcprewrite</li>
-
- <li>flowreplay - emulates a network
- client using a pcap file as the basis of a TCP or UDP connection
- (currently in alpha)</li>
- </ul>
-
- <P>
- Generally speaking, most people would first run tcpprep against a pcap file
- to create a cache file which splits traffic between client and server if
- they are testing an inline device like a firewall or IPS. Then
- depending on their network setup and where the pcap was captured, they would
- use tcprewrite to edit the packets so that the device under test will
- examine them properly. Finally, tcpreplay is used to replay the pcap
- onto the network to do the test.
- </td>
- </tr>
- <a name="news"></a>
- <tr><td> </td></tr>
- <tr><td class=sechdr>News</td></tr>
- <tr>
- <td class=section>
- 2005-06-14<br>
- Well I got a lot of good feedback on the beta4 release, so
- beta5 fixes a number of key bugs and adds a few enhancements
- which should help people out. Let me know...
- <P>
- 2005-06-05<br>
- Released 3.0.beta4 and 2.3.4. Both fix problems compiling
- under OpenBSD and add support for libpcap 0.5 although some
- features may be disabled. 3.0.beta4 also fixes a number of
- bugs during both compile and runtime... check the changelog
- for details.
- <P>
- 2005-05-28<br>
- Ugh. <a href="http://libnids.sourceforge.net/">libnids</a>
- is so close and yet so far away. It handles the basic
- functionality of doing IP defragmentation and TCP stream
- reassembly which I need for flowreplay, but yet misses the
- boat on a number of key requirements... the biggest of which
- are no multi-thread support or proper handling of multiple
- pcap files.
- <P>
- Unfortunately, doing proper multi-thread support would
- require an API change... something that the libnids author
- is unwilling to do. The only option seems to be a fork of
- the code, but that's plain ugly... Suggestions?
- <P>
- 2005-05-12<br>
- Oops. I thought I fixed a compile problem with dlt2desc
- in 3.0.beta3, but apparently I goofed. If you get an error
- complaining about multiple definitions, then go into
- src/edit_packet.c and delete the line:<P>
- <pre>
- #include "dlt_names.h"
- </pre>
- 2005-05-04<br>
- 3.0.beta3 has just been released which fixes some major
- configure and compile problems. Users who had problems
- building 3.0.beta2 are encouraged to try 3.0.beta3.
- <P>
- 2005-04-20<br>
- Just released tcpreplay 3.0.beta2! A metric ton of bug
- fixes and some new features as well. First release with
- "tcpbridge" which re-introduces the network bridge
- functionality originally added to the 2.x tree.
- <P>
- 2005-03-09<br>
- Just re-posted a <a
- href="https://sourceforge.net/people/viewjob.php?group_id=48862&job_id=21661">job
- posting for a technical writer/editor</a> to help me
- with the tcpreplay documentation. If you are interested in
- getting some good tech writing experiance in the
- networking/security space, then this might just be the
- opportunity for you!
- <P>
- 2005-02-28<br>
- New website design. Not nearly as ugly as the last one.
- <P>
- 2005-02-27<br>
- First 3.0 BETA released!
- </td>
- </tr>
- <a name="download"></a>
- <tr><td> </td></tr>
- <tr><td class=sechdr>Get It</td></tr>
- <tr><td class=section>
- Releases:
- <ul>
- <li>Latest development release:
- <a
- href="http://prdownloads.sourceforge.net/tcpreplay/tcpreplay-3.0.beta5.tar.gz">tcpreplay-3.0.beta5.tar.gz</a>
- (<a
- href="CHANGELOG">Changelog</a>)
- </li>
- <li>
- Latest stable release:
- <a href="http://prdownloads.sourceforge.net/tcpreplay/tcpreplay-2.3.4.tar.gz">tcpreplay-2.3.4.tar.gz</a>
- (<a
- href="http://sourceforge.net/project/shownotes.php?release_id=332796">release notes</a>)
- </li>
- <li>
- Last release supporting Libnet 1.0.x:
- <a href="http://prdownloads.sourceforge.net/tcpreplay/tcpreplay-1.3.3.tar.gz">tcpreplay-1.3.3.tar.gz</a>
- (<a href="http://sourceforge.net/project/shownotes.php?release_id=156906">release notes</a>)
- </li>
- <li><a
- href="http://sourceforge.net/project/showfiles.php?group_id=48862">
- Past releases</a>
- </li>
- </ul>
- <P>
-
- Source via Subversion:<br>
- svn co https://www.synfin.net:444/svn/tcpreplay/trunk tcpreplay-trunk<br>
- or view it online using
- <a href="https://www.synfin.net:444/cgi-bin/viewcvs.cgi/tcpreplay/">
- the web interface</a>
- <P>
- Packages:
- <ul>
- <li>Apple OS X users can try Darian Lanx's Fink package: <i>fink install tcpreplay</i></li>
- <li>Debian users can try Noel Koethe's APT package: <i>apt-get install tcpreplay</i></li>
-
- <li>
- Win32 users can try
- <a
- href="http://sourceforge.net/project/showfiles.php?group_id=48862&package_id=144474">this
- UNOFFICAL and UNSUPPORTED</a> port. Note: anyone interested in helping with an offical Win32 port of tcpreplay should contact me.
- </li>
-
- </td>
-
- <a name="docs"></a>
- <tr><td> </td></tr>
- <tr><td class=sechdr>Documentation</td></tr>
- <tr>
- <td><table border=0 cellpadding=0 cellspacing=0 width="100%">
- <tr valign=top>
- <td class=section width="50%">
- 3.x Docs:
- <ul>
- <li><a href="manual/index.html">Manual</a></li>
- <li><a href="FAQ/index.html">Frequently Asked Questions</a></li>
- </ul>
- 3.x Man Pages:
- <ul>
- <li><a href="man/tcpreplay.html">tcpreplay</a></li>
- <li><a href="man/tcpprep.html">tcpprep</a></li>
- <li><a href="man/tcprewrite.html">tcprewrite</a></li>
- <li><a href="man/flowreplay.html">flowreplay</a></li>
- <li><a href="man/tcpbridge.html">tcpbridge</a></li>
- </ul>
- </td>
- <td class=section>
- 2.x Docs:
- <ul>
- <li><a href="tcpreplay-2-faq.html">Frequently Asked
- Questions</a></li>
- </uL>
- </td>
- </tr>
- </table>
- </td>
- </tr>
- <a name="support"></a>
- <tr><td> </td></tr>
- <tr><td class=sechdr>Support</td></tr>
- <tr><td class=section>
- Sourceforge has a support, bug and patch ticket tracking system which we <b>do not use</b>.
- So if you submit a ticket into any of those systems, it will likely be ignored for a few
- months, if not longer. Hence, you should be using the
- <a href="http://sourceforge.net/mail/?group_id=48862">tcpreplay-users mailing
- list</a> for support. (Note, due to spam, the
- tcpreplay-users list is a closed list, so you will need to
- subscribe in order to post.)
- <P>
- Please note that tcpreplay has a lot of documentation.
- Please read the documentation before asking for help.
- <P>
- You may also be interested in checking out
- <a href="http://www.sourceforge.net/projects/tcpreplay/">
- tcpreplay's SourceForge project page</a>.
- </ul>
- </td>
- </tr>
- <tr>
- <td align=center>
- <a href="http://sourceforge.net"><img
- src="http://sourceforge.net/sflogo.php?group_id=48862&type=1"
- width="88" height="31" border="0" alt="SourceForge.net
- Logo" /></a>
- </td>
- </tr>
- </table>
- </body>
- </html>
|
