Questions tagged [tcpreplay]
12 questions
6
votes
2 answers
Why packets sent by tcpreplay don't appear on server?
I'm trying to replay pcap file to HTTP server.
Before that I'm trying to manually check that I'm using tcpreplay correctly.
I've start netcat -l 12345 to listen on specific port. Let's call it "server"
On other machine I've run tcpdump to capture…
Nikolai Golub
- 195
4
votes
1 answer
How to tcpreplay only packets satisfying a pcap filter rule?
I have a dump file with lots of various packets in it, but I want to selectively replay, say, only all udp packets to a given port number, without having to edit the dump file first.
How?
3
votes
1 answer
How can I playback a network capture through the same machine?
I've been trying to get tcpreplay to work to replay a network capture I have on my system. re. Unfortunately, (from the FAQ):
Can I send packets on the same computer running tcpreplay?
Generally speaking no. When tcpreplay sends packets, it injects…
rtpg
- 195
2
votes
1 answer
Filebeat not receiving packets from replayed pcap file, but tcpdump is
I'm replaying a PCAP file containing UDP packets only using tcpreplay, from one server to another (same IP subnet). The destination MAC address and IP address have been changed to that of the receiving server using tcprewrite. When I did a tcpdump…
Rayne
- 623
1
vote
1 answer
Black hole output interface for tcpreplay
I'm using a command line like this to replay a huge PCAP file at high speed - I'm benchmarking various aspects of tcpreplay:
sudo tcpreplay --mbps=1000 --intf1=docker0 linuxbig_log.pcap
As I don't want to annoy our sysadmins, I use my local docker…
Ken Y-N
- 134
0
votes
1 answer
Replaying packets on local machine other than loopback
This might sound very wierd; but can I replay a pcap file on a interface other than lo in local machine? I want to get packets on lets say eth1. It is not attached to any link as of now. I want the packets to come in and not go out of eth1. I do not…
vpram86
- 2,838
0
votes
1 answer
How to replay tcpdump's recorded traffic (.pcap) into my proxy so I could inspect it?
I capture traffic on my local interface with tcpdump (in pcap/pcapng file) and I want to study it using apps like Charles/Fiddler, but then I have to direct it to its proxy somehow.
How can I replay the captured traffic to a specific address and…
user1261347
- 101
0
votes
1 answer
How to Replay a Process of Sending an email
I'm curious if anybody out there familiar with virtualization know of any options of recording an emulated machine (QEMU, KVM, VMware) so that when I boot up a machine, I record myself using the terminal to send an email using the postfix package…
a_polo
- 1
0
votes
1 answer
tcpreplay occupies 100% CPU
I'm running a pcap file of size 1G using tcpreplay command to check any any malicious traffic or not. Command took approx. more than 5 hours though the system has enough cores and RAM.
System RAM: 16G
Core : 8
PID USER PR NI VIRT RES …
Darknight
- 109
0
votes
1 answer
unable to use tcpreplay in cygwin because I can't find the interface name similar to eth0 in linux
I want to use tcpreplay in cygwin to replay recorded pcap file, but it turns out very difficult, after battling with issues in building tcpreplay in cygwin environment, now i need to overcome the last hurdle.
I use this command:
tcpreplay…
0
votes
1 answer
PCAPNG file that does not send packets through TCPReplay
Using tcpreplay I am able to send UDP packets from a pcapng file (Log.pcapng) on a linux machine using:
sudo tcpreplay --intf1=enp9s0 --loop=10 log.pcapng
Using Wireshark on a second Windows 10 machine I can see that the UDP packets are…
0
votes
1 answer
How to block a pcap pumped by tcpreplay from one server by iptables on the other?
I am new to stack exchange.
What I am trying is:
I am pumping traffic from one server by the following command:
tcpreplay -i ens3 ~/daniel/sipdump.pcap from server 1
And I am capturing the traffic in the server 2 by tcpdump -i ens3 -nn
I want to…
