tcpreplay

List available network interfaces

$ tcpreplay --listnics

$ tcpreplay [[-i|--intf1]] [eth0] [traffic.pcap]

$ tcpreplay [[-i|--intf1]] [eth0] [[-v|--verbose]] [traffic.pcap]

$ tcpreplay [[-i|--intf1]] [eth0] [[-t|--topspeed]] [traffic.pcap]

$ tcpreplay [[-i|--intf1]] [eth0] [[-M|--mbps]] [10] [traffic.pcap]

$ tcpreplay [[-i|--intf1]] [eth0] [[-l|--loop]] [num_times] [traffic.pcap]

tcpreplay [options]

-i
    Specify the network interface to send packets on.

-t
    Print timestamps for each packet sent.

-K
    Read pcap file from standard input.

-p
    Send packets at a specified packets per second rate.

-m
    Send packets at a specified megabits per second rate.

--loop
    Loop the pcap file a specified number of times.

--stats
    Display statistics about the replay process.

--topspeed
    Ignore configured sending rate limits.

--verbose
    Enable verbose output.

-h
    Display help information.

tcpreplay is a tool for replaying network traffic that has been captured in packet capture (pcap) files.
It allows you to send network packets back onto a network interface as if they were being generated in real-time, mimicking the original traffic patterns.
This is particularly useful for testing network intrusion detection systems (NIDS), performance testing network infrastructure, and analyzing network security vulnerabilities.
tcpreplay supports various options to control the replay speed, packet injection timing, and interface to use. It can replay traffic at different speeds, including real-time and at a specified rate (packets per second or bits per second).
Moreover, tcpreplay can modify packets on-the-fly during replay, allowing for sophisticated testing scenarios.
It's a powerful tool for network engineers and security professionals who need to analyze or simulate network traffic.

tcpreplay requires root privileges to send packets on network interfaces. The accuracy of replay depends on the system clock and network conditions.

tcpreplay can be integrated with other tools to modify packets on-the-fly during replay. This allows for creating custom testing scenarios and simulating specific network attacks.

Careful consideration should be given to the chosen rate limit to avoid overwhelming the network or target system. Start with a low rate and gradually increase it while monitoring network performance.

tcpreplay was originally developed to provide a robust and flexible tool for replaying captured network traffic. Its development was driven by the need to test network security devices and analyze network performance. Over time, it has evolved to support more features, including rate limiting, interface selection, and packet modification.

tcpdump(1), wireshark(1), tcpslice(1)