tcpreplay 快速入门使用
TCPREPLAY
tcpreplay是一系列工具的集合。包括(tcpprep、tcprewrite、tcpreplay和tcpbridge)
其中tcpreplay是真正实现流量回放功能的工具,其他几个工具可以看作tapreplay的辅助工具,作为流量重放前期的准备工作,比如
tcpprep可以划分哪些包是client的, 哪些是server的, 一会发包的时候client的包从一个网卡发, server的包可能从另一个网卡发。
tcprewrite可以就是修改2层, 3层, 4层报文头部,也就是可以将IP,MAC等信息修改为你期望的值。
官网: http://tcpreplay.appneta.com/
1. 安装
CentOS环境下直接:yum -y install tcpreplay 即可
其他环境不再赘述。
查看安装是否成功:
tcpreplay -V tcpreplay version: 4.2.5 (build git:v4.2.5) Copyright 2013-2017 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net> The entire Tcpreplay Suite is licensed under the GPLv3 Cache file supported: 04 Not compiled with libdnet. Compiled against libpcap: 1.5.3 64 bit packet counters: enabled Verbose printing via tcpdump: enabled Packet editing: disabled Fragroute engine: disabled Injection method: PF_PACKET send() Not compiled with netmap
帮助文档:
tcpreplay -h tcpreplay (tcpreplay) - Replay network traffic stored in pcap files Usage: tcpreplay [ -<flag> [<val>] | --<name>[{=| }<val>] ]... <pcap_file(s)> -q, --quiet Quiet mode -T, --timer=str Select packet timing mode: select, ioport, gtod, nano --maxsleep=num Sleep for no more then X milliseconds between packets -v, --verbose Print decoded packets via tcpdump to STDOUT -A, --decode=str Arguments passed to tcpdump decoder -K, --preload-pcap Preloads packets into RAM before sending -c, --cachefile=str Split traffic via a tcpprep cache file -2, --dualfile Replay two files at a time from a network tap -i, --intf1=str Client to server/RX/primary traffic output interface -I, --intf2=str Server to client/TX/secondary traffic output interface --listnics List available network interfaces and exit -l, --loop=num Loop through the capture file X times --loopdelay-ms=num Delay between loops in milliseconds --pktlen Override the snaplen and use the actual packet len -L, --limit=num Limit the number of packets to send --duration=num Limit the number of seconds to send -x, --multiplier=str Modify replay speed to a given multiple -p, --pps=str Replay packets at a given packets/sec -M, --mbps=str Replay packets at a given Mbps -t, --topspeed Replay packets as fast as possible -o, --oneatatime Replay one packet at a time for each user input --pps-multi=num Number of packets to send for each time interval --unique-ip Modify IP addresses each loop iteration to generate unique flows --unique-ip-loops=str Number of times to loop before assigning new unique ip --no-flow-stats Suppress printing and tracking flow count, rates and expirations --flow-expiry=num Number of inactive seconds before a flow is considered expired -P, --pid Print the PID of tcpreplay at startup --stats=num Print statistics every X seconds, or every loop if '0' -V, --version Print version information -h, --less-help Display less usage information and exit -H, --help display extended usage information and exit -!, --more-help extended usage information passed thru pager --save-opts[=arg] save the option state to a config file --load-opts=str load options from a config file Options are specified by doubled hyphens and their name or by a single hyphen and the flag character. tcpreplay is a tool for replaying network traffic from files saved with tcpdump or other tools which write pcap(3) files. Please send bug reports to: <tcpreplay-users@lists.sourceforge.net>
2. 使用
2.1 快速使用
tcpreplay -i eth0 p.pcap
快速使用: 其中 p.pcap 是用wireshark或者tcpdump抓取的流量包
2.2 高阶使用
查看本机网卡信息,可以 看到网卡信息。
tcpreplay --listnics
Available network interfaces:
eth0
eth1
any
将 p.pcap 文件进行 tcpprep 操作,制作 cache 文件。
tcpprep -an client -i p.pcap -o p.cache –v
原文链接:https://blog.csdn.net/makenothing/article/details/105277614