Network_switches

Replaying PCap to specific network interface

For replaying offline pcap file captured by Wireshark or Windump can be used following tools. On windows was sending throughput lower than on Linux devices, where top speed was done on pcapbulkreplay (300Mbs on lowend 1Gbps network card).

Windows

tcpreplay

  • tool able to send offline traffic at specific speed (1Mbs, 100Mbs, maximum of interface throughput)
  • To list all available interfaces use –listnics

Example: tcpreplay.exe –listnics

Available network interfaces:
Alias Name Description
%0 \Device\NPF_{DE165B82-8C92-41DD-82DB-0AEF6B8CB7B4}
VMware vmxnet3 virtual network device
%1 \Device\NPF_{99846C37-3FA8-4C69-8DBC-FB80FDA208D2}
VMware vmxnet3 virtual network device

  • to send unmodified traffic to selected NIC use -i %{interface alias}

Example: tcpreplay.exe -t -i %1 c:\Pcaps\taumagic.pcap

 

sending out \Device\NPF_{99846C37-3FA8-4C69-8DBC-FB80FDA208D2}
processing file: c:\Pcaps\taumagic.pcap
Actual: 1763313 packets (324062931 bytes) sent in 80.99 seconds. Rated: 4001271.0 bps, 30.53 Mbps, 21771.98 pps
Statistics for network device: \Device\NPF_{99846C
Attempted packets: 1763313
Successful packets: 1763313
Failed packets: 0
Retried packets (ENOBUFS): 0
Retried packets (EAGAIN): 0

Linux

tcpreplay is much faster than it’s Windows cousin, has same usage

Leave a Reply