Tcpreplay – PCAP Editing and Replaying Utility

Tcpreplay is a suite of GPLv3 licensed utilities for UNIX (and Win32 under Cygwin) operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Wireshark.

The tool allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 packets and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS’s. There is support for both single and dual NIC modes for testing both sniffing and in-line devices.

Tcpreplay - Pcap Editing and Replaying Utility
Tcpreplay – Pcap Editing and Replaying Utility

Currently the utility is used by numerous firewall, IDS, IPS, NetFlow and other networking vendors, enterprises, universities, labs and open source projects.

As of version 4.0, this release include several enhancement to address the complexities of testing and tuning IP Flow/NetFlow hardware. Enhancements include:

  • Support for netmap modified network drivers for 10GigE wire-speed performance
  • Increased accuracy for playback speed
  • Increased accuracy of results reporting
  • Flow statistics including Flows Per Second (fps)
  • Flow analysis for analysis and fine tuning of flow expiry timeouts
  • Hundreds of thousands of flows per second (dependent on flow sizes in pcap file)

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments