16-09-2021

How To Install Tcpreplay On Windows

  • Downloads
  • Installation
  1. How To Install Tcpreplay On Windows Media Player
  2. Tcpreplay Tutorial
  3. Tcpreplay Example

Downloads

Download Releases for Users

Hi guys, Anyone plz confirm if it is necessary to install same version of WinCollect agent on windows hosts as the version installed in console? If yes, then how can I find which version is installed in console? I run the rpm search and it gives me a noarch number like AGENT-WINCOLLECT-7.4-2157. With that said, you’ll need Cygwin to compile/run tcpreplay. You’ll also need to install Winpcap - the port of libpcap for Windows. For whatever reason, it seems important that you install the Winpcap files in the Cygwin root directory (/Wpdpack). Be sure to install both the driver and DLL files AND developer pack. Installing tcpreplay on Windows (too old to reply) Rayne 2009-02-06 08:51:24 UTC. Hi, On the online manual, it was mentioned that to install tcpreplay on Windows, I will 'need to install Winpcap the port of libpcap for Windows. For whatever reason, it seems important that you install the Winpcap files in the Cygwin root directory. Hi, On the online manual, it was mentioned that to install tcpreplay on Windows, I will 'need to install Winpcap the port of libpcap for Windows. For whatever reason, it seems important that you install the Winpcap files in the Cygwin root directory (/Wpdpack).' What is meant by installing the winpcap files in the Cygwin root directory? Dismiss Be notified of new releases. Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 50 million developers.

  • Latest release:
  • Previous release:
  • Old Win32 release
    • Note that Windows is not supported by the maintainer

Download Source for Developers

Compiling source from GitHub has more requirements than compiling a release.Specifically you must have AutoGen installed. If you plan to contribute you musthave AutoGen version 5.16.2, otherwise your pull requestsmay be rejected.

If you want to help develop Tcpreplay visit our Developer Wiki.

  • Download via GitHub
  • git clone https://github.com/appneta/tcpreplay
  • Or if you plan to contribute someday simply fork the repo and submit a pull request whenyou are ready to share your changes with us
  • Or download the latest master tarball
  • Note that master is always production ready, but not necessarily the latest stable release. See GitHub networkto see the state of master

Installation

Simple directions for Unix users

You will need to compile the source code, but first you must ensure that you havecompiling tools and prerequisite software installed. For example, on a baseUbuntu or Debian system you may need to do the following:

Next extract tarball, change to root directory, then do:

Optionally you can run the tests to ensure that your installation isfully functional:

Installation Video

Build netmap feature

This feature will detect netmapcapable network drivers on Linux and BSDsystems. If detected, the network driver is bypassed for the executionduration of tcpreplay and tcpreplay-edit, and network buffers will bewritten to directly. This will allow you to achieve full line rates oncommodity network adapters, similar to rates achieved by commercial networktraffic generators.

Note that bypassing the network driver will disrupt other applicationsconnected through the test interface. For example, you may see interruptionswhile testing on the same interface you ssh’ed into.

FreeBSD 10 and higher already contains netmap capabilities and will be detectedby configure. To enable netmap on the system you will need torecompile the kernel with device netmap included.

For Linux, download latest and install netmap from http://info.iet.unipi.it/~luigi/netmap/If you extracted netmap into /usr/src/ or /usr/local/src you can build without extraconfigure options. Otherwise you will must specify the netmap source directory, for example:

You can also find netmap source at http://code.google.com/p/netmap/

Netmap Installation Video

Advanced Options

There are quite a few configure time options for tcpreplay which allow you to control a lotof things. Some of the more interesting ones are:

  • –enable-debug – useful for debugging bugs and crashes.
  • –enable-64bits – use 64 bit counters to handle large pcap files & looping
  • –enable-libnet – link to libnet. Note that libnet support has been deprecated due tovarious bugs which have not been fixed in over a year.
  • –with-libnet – specify root path to libnet (something like –with-libnet=/usr/local)
  • –with-libpcap – specify root path to libpcap
  • –with-netmap – specify root path to netmap
  • –with-tcpdump – specify path to tcpdump executable
  • –enable-tcpreplay-edit – compile tcpreplay with packet editing support

You can also manually select a particular method to inject packets:

  • –enable-force-pf – force tcpreplay to use Linux’s PF_PACKET to send packets
  • –enable-force-bpf – force tcpreplay to use Free/Net?/OpenBSD or OS X’s BPF interfaceto send packets
  • –enable-force-libnet – force tcpreplay to use Libnet to send packets
  • –enable-force-inject – force tcpreplay to use Libpcap’s pcap_inject() API to send packets
  • –enable-force-sendpacket – force tcpreplay to use Libpcap’s pcap_sendpacket() APIto send packets

How To Install Tcpreplay On Windows Media Player

If you’re having compatibility issues with a system-installed GNU Autogen,you may want to consider these options:

  • –disable-local-libopts – Don’t use the libopts tearoff supplied with tcpreplay(default is enabled)
  • –disable-libopts-install – don’t install the libopts library files

Tcpreplay Tutorial

Special Instructions for Windows

Consider Windows support for Tcpreplay is experimental - beta quality if you will.We strongly recommend you read the page about how to get support for Tcpreplay.

With that said, you’ll need Cygwin to compile/run tcpreplay. You’ll also need to installWinpcap - the port of libpcap for Windows. For whatever reason, it seems importantthat you install the Winpcap files in the Cygwin root directory (/Wpdpack).

Be sure to install both the driver and DLL files AND developer pack.Then when you run./configure, you’ll need to specify the location for Winpcap using the --with-libpcapflag, but use all lowercase: ./configure --with-libpcap=/wpdpack.

After that, for the most part things should just work. There are some caveats; a fewfeatures and make test don’t work, but for the most part they seem to be pretty minor.

For more detailed instructions, see the Win32Readme.txt.

Note: We’ve been informed that the guile Cygwin package is broken.This horribly breaks parts of GNU Autogen - specifically the parts whichallow you to build Tcpreplay via GitHub. Hence, I strongly recommend grabbinga tarball release.

Need Help?

What is tcpreplay

Having problems? Try asking for help on thetcpreplay-users mailing list or check out the Support section.

Tcpreplay is a suite of tools that allows editing and replaying previously captured traffic in libpcap format. This can come handy in many situations, one common use is traffic pattern based behavior re-creation in a lab environment.
Tcpreplay suite comes with the following tools:
  • tcpprep - multi-pass pcap file pre-processor which determines packets as client or server and creates cache files used by tcpreplay and tcprewrite
  • tcprewrite - pcap file editor which rewrites TCP/IP and Layer 2 packet headers
  • tcpreplay - replays pcap files at arbitrary speeds onto the network
  • tcpliveplay - Replays network traffic stored in a pcap file on live networks using new TCP connections
  • tcpreplay-edit - replays; edits pcap files at arbitrary speeds onto the network
  • tcpbridge - bridge two network segments with the power of tcprewrite
  • tcpcapinfo - raw pcap file decoder and debugger
To exemplify the use of tcpreplay, let's say we have the following setup:
Now in this setup we're interested in how our DUT device (Device Under Test) is reacting given a specific traffic pattern that is let's say very specific to this environment. I will assume the DUT is a Layer 3 device.

I will take different scenario of interest and show how tcpreplay helps.
Scenario 1: The interesting traffic pattern is unidirectional only from the client. We are not interested in what the server sends. In this case a packet capture file (I name it original.pcap) can be taken between the client and the DUT and subsequently replayed in a lab environment. I'll assume the packet capture was taken on the client itself in this example and the traffic was unidirectional. The tcpreplay environment will look as below:
The traffic capture should have the following characteristics:
Source MAC address: client MAC address / Source IP: 192.168.0.1
Destination MAC address: router MAC address / Destination IP: 172.16.0.1

Let's assume that the device running tcpreplay is a Linux device and the interface connecting it to the DUT is eth0.
What we want to do first is to rewrite the MAC addresses of the traffic (at least the destination MAC address) in order to reflect the devices involved in the traffic at replay time (source MAC address would be the tcpreplay's eth0 interface (eg. 00:11:11:11:11:11), destination mac address would be of the DUT's interface connecting to the tcpreplay box(eg. 00:22:22:22:22:22))
How To Install Tcpreplay On Windows
Now we should have a file named rewritten.pcap with the source and destination MAC addresses rewritten. The characteristics of the rewritten.pcap are now transformed to:
Source MAC address: tcpreplay eth0 MAC address / Source IP: 192.168.0.1
Destination MAC address: DUT MAC address / Destination IP: 172.16.0.
We can use now tcpreplay to replay this traffic now:
Scenario 2: The interesting traffic pattern is bidirectional. We are interested in both what the client sends as well as what the server sends. In this case a packet capture file can be taken anywhere between the client and the DUT. Now here the best option is to get the 2 packet captures: one between the client and the DUT and another between the DUT and the server and then merge them into one file. This would give us the client side packets as well as the server side packets before they are processed by the DUT. A tool to merge packet captures is mergecap and very quickly, let's say that we have 2 capture files taken:
client.pcap - taken in between the client and the router and contains packets client -> server
server.pcap - taken in between the DUT and the server and contains packets server -> client
mergecap -w merged.pcap client.pcap server.pcap

The packet capture file, before processing it would have the endpoint IP addresses of the client/server (192.168.0.1 and 172.16.0.1) and the MAC addresses of the client/router and server/DUT from the 1st image.
  1. to define in our packet capture what traffic belongs to the server side and which traffic belongs to the client side
  2. to rewrite the MAC endpoints so that they reflect our tcpreplay environment
  3. to replay the traffic as it is in the packet capture (some packets being sent by the client and some by the server)
1. First we define which packets belong to the client and which to the server. This is done with the help of tcpprep. There are several options on how to make this separation (by IP address space - CIDR, by source MAC address, by port number, by regular expression). There are also some auto modes based on client/server traffic type, but I won't cover this here. You can check the tcpprep documentation. By default the matched packets will be associated with server side traffic.
The result of tcpprep operation will be a cachefile that will hold information about which packets belong to which side (client/server). Let's split the packet capture we have based on CIDR:

Tcpreplay Example

The above means all packets being sent from 172.16.0.0/24 are server sent packets. All other packets are client side packets. The file merged.cache is the file holding the information about packets direction (server/client side packets).
2. We want to rewrite the MAC addresses of the original merged.pcap packet capture to reflect the source/destination MAC addresses of our tcpreplay environment (DUT and computer running tcpreplay). We can use tcprewrite for this:
Important to note that the first MAC address in both enet-dmac and enet-smac being rewritten is the server side MAC address, the 2nd MAC address is the client side (00:22:22:22:22:23 is the destination MAC address of packets originated from the server,00:22:22:22:22:22 is the destination MAC address of the packets originated from the client; 00:11:11:11:11:11:12is the source MAC address of packets originating from the server side, 00:11:11:11:11:11:11 is the source MAC address originating from the client side). The differentiation on which packets are server side and which are client side are done again based on the cachefile previously generated with tcpprep.
3. We can use tcpreplay now to replay the file rewritten.pcap and using the merged.cache file to instruct tcpreplay to send the server originated packets on the server side bound interface (eth1) and to send the client side packets out on the client side bound interface (eth0)
Again, here is important to note that intf1 is the interface on the server side (sending server generated packets -from 172.16.0.0/24) and intf2 is the client side interface (sending packets that are not from 172.16.0.0/24).
The packets from client -> server will be sent out eth0, the packets from server -> client will be sent out eth1.
Some other uses of of the tools in the tcpreplay suite:
  • Fixing checksums (IPv4/TCP/UDP). The --fixcsum option forces recalculation of IPv4/TCP/UDP checksums
  • Replaying the same capture file for a number of times (10 times in the example)
  • Replaying the packet capture not at the speed it was captured, but with a define pps (packets/second) rate (5 pps in the example)