tcpreplay

Replay captured network traffic

TLDR

Replay pcap

$ tcpreplay -i [eth0] [capture.pcap]

Replay at speed

$ tcpreplay -i [eth0] -M [100] [capture.pcap]

Loop replay

$ tcpreplay -i [eth0] --loop [10] [capture.pcap]

Replay at topspeed

$ tcpreplay -i [eth0] --topspeed [capture.pcap]

Multiplier speed

$ tcpreplay -i [eth0] -x [2.0] [capture.pcap]

SYNOPSIS

tcpreplay [-i interface] [-M mbps] [--loop n] [options] pcap

tcpreplay replays previously captured network traffic from pcap files back onto the network. It reads packet captures produced by tools like tcpdump or Wireshark and transmits them through a specified network interface at controlled rates.The tool provides flexible speed control: traffic can be replayed at the original recorded speed, at a fixed rate in Mbps, at a speed multiplier, or at maximum wire speed with --topspeed. The --loop option repeats the capture file multiple times, and -K preloads the entire file into memory for consistent high-speed replay.Common use cases include testing network devices like firewalls and IDS/IPS systems, stress-testing network infrastructure, reproducing network issues for debugging, and benchmarking network applications under realistic traffic conditions.

PARAMETERS

-i IFACE

Output interface.

-M MBPS

Rate in Mbps.

-x MULT

Speed multiplier.

--loop N

Loop count.

--topspeed

Maximum speed.

-K

Preload into memory.

CAVEATS

Requires root for raw socket access. Replaying traffic on a production network can cause disruption. The interface specified with -i must be up. For editing packets before replay, use tcprewrite.

HISTORY

tcpreplay was created for replaying captured network traffic for testing network devices and applications.