安裝
brew install tcpreplay
yum install tcpreplay
tcpreplay 回放
tcpreplay is a tool for replaying network traffic from files saved with tcpdump or other tools which write pcap(3) files.
tcpreplay回放的報文要具備一定的格式pcap,格式不對,無法回放
使用網卡en0,報文syn.pcap回放10次
tcpreplay -i en0 -l 10 syn.pcap
tcpprep過濾報文;幫助信息 man tcpprep
tcpprep is a 'pcap(3)' file pre-processor which creates a cache file which provides "rules" for 'tcprewrite(1)' and 'tcpreplay(1)' on how to process and send packets
The basic operation of tcpreplay is to resend all packets from the input file(s) out a single file. Tcpprep processes a pcap file and applies a set of user-specified rules to create a cache file which tells tcpreplay whether or not to send each packet and which interface the packet should be sent out of.
For more details, please see the Tcpreplay Manual at: http://tcpreplay.appneta.com
tcpreplay默認回放*.pcap里所有的報文,而tcpprep的作用是進行過濾,通過過濾留下某些報文
生成目的端口為80的報文緩存文件
tcpprep -i *.pcap -o *.cache -p 80
tcprewrite 修改報文
Tcprewrite is a tool to rewrite packets stored in pcap(3) file format, such as created by tools such as tcpdump(1) and wireshark(1). Once a pcap file has had it's packets rewritten, they can be replayed back out on the network using tcpreplay(1)
把報文的端口修改為80->8080
tcprewrite -r 80:8080 -i syn-2.pcap -o test.pcap
tcpreplay-edit 直接回放編輯后的報文,不生成中間文件
遺留問題
有沒有tcp攔截修改報文的工具?