Detailed explanation of the Tcpreplay command

The tool name can be used to guess the role of the tool, that is, to replay TCP packets. But what is the function of the tool? is it limited to playing back packets on a network card, this manual mainly introduces some test-related use of tcprelay. Before introducing the use of the tcpreplay command, we should first introduce a closely related command: tcpprep, the literal translation is the meaning of tcp preparation. For its role, see the description on the official website:

Tcpprep is the pcap pre-processor for tcpreplay and tcprewrite. the purpose of tcpprep is to create a cache file which is used to "split" traffic into two sides (often called primary/secondary or client/server ). if you are intending to use tcpreplay with two NIC's, then tcpprep is what decides which interface each packet will use. by using a seperate process to generate cache files, tcpreplay can send packets at a much higher rate then if it had to do the calculations to split traffic itself.

(I suggest you read the man file and read it three times to better understand it)

P: <list>-Must be one of the listed packets where the list corresponds to the packet number in the capture file.

Ex:-xP: 1-5, 9, 15 wocould only send packets 1 through 5, 9 and 15.

The specified message is sent based on the parameter value (message number) after the parameter. You can confirm the number of the message in ethereal and then send the required message. It can be used to exclude ARP packets.

F: "<filter>"-BPF filter. See the tcpdump (8) man page for syntax.

Unknown. Add it later.

-X <match> Send all the packets into t those specified

The optional parameter is the inverse of the-x parameter, and the parameter content is the same.

-V Verbose

Optional parameter. It displays the processing process of the cache file generated by trpprep, that is, the instant printing of some information.

-V Version

The version number is displayed.
Tcpprep usage Summary

During the process of constructing the cache file, I used a lot of option parameters, such as-v,-P,-xB, and-xP, which are generally in the client and server modes, the other two modes have not been tested and I do not know how to use them yet. I used the bridge mode once and found that the packets are sent from one Nic.

Both tcp and udp protocols are tested and supported. icmp is not successful yet. If you have a pcap file for the BT packets on the network, you can create a cache file to simulate the actual BT traffic.

The current usage is so much that it is still very useful. Some of the tcpreplay parameters are repeated with tcpprep. The following Help File descriptions are not described in detail, however, special useful parameters are highlighted in blue. The disadvantage is that you have not learned to replay packets in nat mode. Now, all packets are replayed in transparent mode.
Tcpreplay Help File description

Usage: tcpreplay [args] <file (s)>

-A "<args>" Pass arguments to tcpdump decoder (use w/-v)

Optional parameter. When output information is printed in the tcpdump style, call the parameters in tcpdump. The default value is-n,-l, the host name is not printed. Note that the-v parameter can be used only when tcpreplay uses the-v parameter. Without-v, no error is reported, but it has no practical significance. Format:-vA "nnt" indicates that the message information is output in tcpdump format, and the time stamp, host name, and port service name are not printed. Do not use the-c parameter to specify the number of printed data packets, so that the number of sent packets will decrease.

-B Bridge two broadcast domains in sniffer mode

Optional parameter, not used

-C <cachefile> Split traffic via cache file

A required parameter for dual-nic playback packets, followed by the cache file name. This file is constructed by tcpprep based on the corresponding pcap file.

-C <CIDR1, CIDR2,...> Split traffic by matching src IP

Optional parameter,

-D Data dump mode (set this BEFORE-w and-W)

Optional parameter: writes data at the application layer to a specified file using dump mode, which is used together with the-w and-W parameters.

-E <ip1: ip2> Specify IP endpoint rewriting

Optional parameter: Specify the ip address of the endpoint, that is, change the ip address of the sent and received packets to the ip address specified in the corresponding parameter value, however, the messages sent in this way do not distinguish between the client and the server.

-F <configfile> Specify configuration file

Optional parameter. It specifies the configuration file, which is not used currently.

-F Fix IP, TCP, UDP and ICMP checksums

Optional parameter. The error checksum is automatically corrected when a message is sent. It is useful for DUT verification.

-H Help

Displays the Help file.

-I <nic> Primary interface to send traffic out

A required parameter for dual-nic playback packets. It specifies the primary interface.

-I <mac> Rewrite dest MAC on primary interface

Optional parameter. it overwrites the target MAC address of the packet sent by the primary ENI.

-J <nic> Secondary interface to send traffic out

A required parameter for dual-nic playback packets, specifying the slave interface.

-J <mac> Rewrite dest MAC on secondary interface

Optional. Rewrite the target MAC address for sending packets from the NIC.

-K <mac> Rewrite source MAC on primary interface

Optional. Rewrite the source MAC address of the message sent by the primary ENI.

-K <mac> Rewrite source MAC on secondary interface

Optional. Rewrite the source MAC address of the packet sent from the NIC.

-L <loop> Specify number of times to loop

Optional parameter, which specifies the number of cycles. The test process is not so useful and needs to be confirmed.

-L <limit> Specify the maximum number of packets to send

(Optional) specifies the maximum number of packages. It can be used when you confirm the connection debugging.

-M <multiple> Set replay speed to given multiple

An optional parameter that specifies a doubling value, that is, the number of times that the sending rate is faster by default. After increasing the sending rate, DUT may mean more concurrent connections and connections, especially for the replay of BT packets, because the connection timeout is fixed. If the rate increases, the number of connections left in the session table increases. You can also modify the connection timeout time to achieve this goal.

-M Disable sending martian IP packets

Optional parameter, indicating not to send "Mars" ip packets. The man file defines 0/8, 172/8, and 255/8.

-N Not nosy mode (not promisc in sniff/bridge mode)

Optional. When the-S parameter is used, listening is not performed in the mixed mode. No tests.

-N <CIDR1: CIDR2,...> Rewrite IP's via pseudo-NAT

Optional parameter. The IP address is overwritten through forged NAT. This parameter should be very important and is not currently used for testing.

-O One output mode

Optional parameter, not used for test

-P <packetrate> Set replay speed to given rate (packets/sec)

Tcpreplay details: click here
Tcpreplay: click here

1 2 Next Page