安装
brew install tcpreplay
yum install tcpreplay
tcpreplay 回放
tcpreplay is a tool for replaying network traffic from files saved with tcpdump or other tools which write pcap(3) files.
tcpreplay回放的报文要具备一定的格式pcap,格式不对,无法回放
使用网卡en0,报文syn.pcap回放10次
tcpreplay -i en0 -l 10 syn.pcap
tcpprep过滤报文;帮助信息 man tcpprep
tcpprep is a 'pcap(3)' file pre-processor which creates a cache file which provides "rules" for 'tcprewrite(1)' and 'tcpreplay(1)' on how to process and send packets
The basic operation of tcpreplay is to resend all packets from the input file(s) out a single file. Tcpprep processes a pcap file and applies a set of user-specified rules to create a cache file which tells tcpreplay whether or not to send each packet and which interface the packet should be sent out of.
For more details, please see the Tcpreplay Manual at: http://tcpreplay.appneta.com
tcpreplay默认回放*.pcap里所有的报文,而tcpprep的作用是进行过滤,通过过滤留下某些报文
生成目的端口为80的报文缓存文件
tcpprep -i *.pcap -o *.cache -p 80
tcprewrite 修改报文
Tcprewrite is a tool to rewrite packets stored in pcap(3) file format, such as created by tools such as tcpdump(1) and wireshark(1). Once a pcap file has had it's packets rewritten, they can be replayed back out on the network using tcpreplay(1)
把报文的端口修改为80->8080
tcprewrite -r 80:8080 -i syn-2.pcap -o test.pcap
tcpreplay-edit 直接回放编辑后的报文,不生成中间文件
遗留问题
有没有tcp拦截修改报文的工具?