What is tcpreplay?

What is tcpreplay?

Tcpreplay is a suite of free Open Source utilities for editing and replaying previously captured network traffic. Originally designed to replay malicious traffic patterns to Intrusion Detection/Prevention Systems, it has seen many evolutions including capabilities to replay to web servers.

How tcpreplay works?

It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 packets and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS’s. Tcpreplay supports both single and dual NIC modes for testing both sniffing and in-line devices.

Can Wireshark replay pcap?

q=replay+pcap Note wireshark provides several commandline programs that can select, split, combine, and alter the contents of pcap files so you could replay data partly the same as but partly different from what was captured.

Can you inject packets with Tcpreplay?

Q: Can I send packets on the same computer running tcpreplay? Generally speaking no. When tcpreplay sends packets, it injects them between the TCP/IP stack of the system and the device driver of the network card.

author

Back to Top