wiki:TraceReplay

Version 1 (modified by salcock, 10 years ago) (diff)

--

tracereplay allows users to replay traces in trace time, i.e. preserving the original packet timing. tracereplay will pad truncated packets back to their original wire length and recompute checksums appropriately.

Usage

tracereplay [ -f | --filter bpf ] [ -b | --broadcast ] [ -s | --snaplength len ] inputuri outputuri

Options

-f, --filter
Specifies a BPF filter to apply to the input trace.
-b, --broadcast
Changes the Ethernet destination address to the broadcast address. This will send the transmitted packets to any hosts on the local network.
-s, --snaplength
Truncate the replayed packets to the length specified. Only applies if the input is a capture device, rather than a trace file.

Applications

Replay a trace file via the interface eth0

tracereplay -b erf:input.erf.gz int:eth0

Notes

Be careful about using tracereplay over a production network - generally, you want to replay traces over a controlled network that has no access to the rest of your "live" network. Last thing you want is a flood of packets from a large trace file saturating your network :)