linux tcpreplay 数据重放命令详解与案例

一、tcpreplay命令简介

tcpreplay 主要用于通过tcpdump，wrieshark 抓取的数据，通过此命令回放到指定网络中。从而对特定类故障 ，数据进行分析。

二、测试环境搭建（虚拟机环境）

虚拟机安装centos 7

派网论坛下载panabit安装包，通过安装panabit 标准免费版模拟网络，因为该系统具备协议识别功能所以容易模拟，或者其他厂家具备七层协议识别功能的设备也可以。

三、tcpreplay安装

yum -y install epel-release

yum provides tcpreplay #可以反向查看该命令的软件包

yum -y install tcpreplay-4.3.3-1.el7.x86_64

四、tcpreplay命令常用参数

[root@localhost ~]# tcpreplay -h

-v, --verbose Print decoded packets via tcpdump to STDOUT

以tcpdump 形式输出回放数据信息

-i, --intf1=str Client to server/RX/primary traffic output interface

指定回放数据的发送网口

-l, --loop=num Loop through the capture file X times

指定回放数据的循环次数

-L, --limit=num Limit the number of packets to send

指定回放数据包的数量

-p, --pps=str Replay packets at a given packets/sec

回放速率，以每秒多少个pps回放

-V, --version Print version information

版本信息显示

-h, --less-help Display less usage information and exit

帮助信息

五、实验模拟

将wireshark 抓取的数据上传到linux

回放信息如下：

[root@localhost ~]# tcpreplay -v  -p 1  -i ens33   -L 1 1111111.pcap 
Warning: 1111111.pcap was captured using a snaplen of 10000 bytes.  This may mean you have truncated packets.
reading from file -, link-type EN10MB (Ethernet)
23:31:16.1598283076 IP 192.168.1.165.34318 > 116.128.137.125.54182: UDP, length 25
Actual: 1 packets (67 bytes) sent in 0.000008 seconds
Rated: 8375000.0 Bps, 67.00 Mbps, 125000.00 pps
Flows: 1 flows, 125000.00 fps, 1 flow packets, 0 non-flow
Statistics for network device: ens33
	Successful packets:        1
	Failed packets:            0
	Truncated packets:         0
	Retried packets (ENOBUFS): 0
	Retried packets (EAGAIN):  0
[root@localhost ~]# tcpreplay -v  -p 1  -i ens33  -L 100  1111111.pcap 
Warning: 1111111.pcap was captured using a snaplen of 10000 bytes.  This may mean you have truncated packets.
reading from file -, link-type EN10MB (Ethernet)
23:31:16.1598283076 IP 192.168.1.165.34318 > 116.128.137.125.54182: UDP, length 25
23:31:16.1598283076 IP 116.128.137.125.54182 > 192.168.1.165.34318: UDP, length 25
23:31:16.1598283076 IP 192.168.1.165.34318 > 116.128.137.125.54182: UDP, length 25
23:31:16.1598283076 IP 116.128.137.125.54182 > 192.168.1.165.34318: UDP, length 25
23:31:16.1598283076 IP 192.168.1.165.34318 > 116.128.137.125.54182: UDP, length 23
23:31:16.1598283076 IP 116.128.137.125.54182 > 192.168.1.165.34318: UDP, length 23
23:31:16.1598283076 IP 116.128.137.125.54182 > 192.168.1.165.34318: UDP, length 6
23:31:16.1598283076 IP 192.168.1.165.34318 > 116.128.137.125.54182: UDP, length 207
23:31:16.1598283076 IP 192.168.1.165.34318 > 116.128.137.125.54182: UDP, length 13
23:31:16.1598283076 IP 116.128.137.125.54182 > 192.168.1.165.34318: UDP, length 150
23:31:16.1598283076 IP 116.128.137.125.54182 > 192.168.1.165.34318: UDP, length 12
23:31:16.1598283076 IP 192.168.1.165.34318 > 116.128.137.125.54182: UDP, length 30
23:31:16.1598283076 IP 116.128.137.125.54182 > 192.168.1.165.34318: UDP, length 12

panabit端查相关数据：

备注： 建议回放的时候wireshark 抓取数据中的来源IP地址和linux虚拟机网卡的ip地址一致，本实验中 pcap的来源ip和linux 虚拟机的IP 均为192.168.1.165