Monthly Archives: May 2013

Inject packets from PCAP-format

tcpreplay / tcprewrite

$ sudo apt-get install tcpreplay
$ tcpreplay -t -L <limit> -i <interface> <file.cap>

Options:
-i string, --intf1=string      Server/primary traffic output interface.
-I string, --intf2=string      Client/secondary traffic output interface.
-L number, --limit=number      Limit the number of packets to send.

-M float , --mbps=float        Replay packets at a given Mbps. Specify a floating point value.
-t,        --topspeed          Replay packets as fast as possible. 
-p number, --pps=number        Replay packets at a given packets/sec.
without -t or -p               Send out packets as in the timestamp of each packet of the PCAP file.

tcpreplay.synfin.net Wiki: tcpreplay
tcpreplay.synfin.net Wiki: tcprewrite
How to capture and replay network traffic on Linux

ostinato

packeth

$ sudo apt-get install packeth
$ sudo packeth
Load -> PCAP

netdude

Netdude 0.5.1 and libnetdude 0.12 released
Edit PCAP files in a GUI.
Netdude Homepage
Netdude Source

mergecap

Merges two or more capture files into one

mergecap [ -a ] [ -v ] -w <outfile> <infile> [<infile> ...]
-a             Causes the frame timestamps to be ignored. 
               When -a is not specified, the contents of the input files are merged
               in chronological order based on each frame's timestamp.
-v             Causes mergecap to print a number of messages while it's working.
-w  <outfile>  Sets the output filename.

capinfos

Prints information about capture files

-a    Displays the start time of the capture.
-e    Displays the end time of the capture.
-c    Displays the number of packets in the capture file.
-u    Displays the capture duration, in seconds.
-S    Display the start and end times as seconds (unixtime)

editcap

Edit and/or translate the format of capture files

-A  <start time>               Saves only the packets whose timestamp is on or after start time. 
-B  <stop time>                Saves only the packets whose timestamp is before stop time.
-t  <time adjustment>          Sets the time adjustment to use on selected packets.
                               The adjustment is specified as [-]seconds[.fractional seconds].
-S  <strict time adjustment>   Time adjust selected packets to insure strict chronological order.
                               The value represents relative seconds specified as [-]seconds[.fractional seconds].
                               If the value is 0 or greater then only packets with a timestamp less than the previous packet will be adjusted.
                               If the value is specified as a negative value, then the timestamp values of all packets will be adjusted
                               to be equal to the timestamp value of the previous packet plus the absolute value of the value