TCPPREP(1) Programmer's Manual TCPPREP(1)
NAME
tcpprep - generating with tcpreplay (--cachefile) cache file by file pcap
SYNOPSIS
tcpprep [-flag [value]]... [--opt-name [[=| ]value]]...
All parameters must be specified options.
tcpprep is a pcap (3) pre-treatment tool to tcprewrite (1) processing packets, tcpreplay (1) sends packets provide rules.
DESCRIPTION
The manual describes the simple usage of tcpprep. Tcpreplay basic operation is to transmit all packets pcap file into a single interface.
Tcpprep processed through a series of user-defined rules pcap file, generates cache files, tcpreply clear, whether the message is for a single message sent by the cache files and sent via the interface.
For more information, see Tcpreplay manual: http://tcpre-play.appneta.com
OPTIONS
-d number, --dbug = number
enabled debug output.
This option can only occur at most once, number is an integer between 0-5, default value is 0.
If the compile time configuration (./configure) the --enable-debug, which can debug option output, the larger the content of the digital output more detail.
-a string, --auto = string
Automatic segmentation mode. This option can appear only once, and can not use the same cidr port regex mac mixed, options.
Tcpprep will be calculated by the ip packet capture is a server or a client. To distinguish between the client, the server, you must provide a hint to tcpprep. Available hint is:
bridge: Bridge mode processing each packet, try to judge the message sender is a client or server. After processing all the packets, the result will be (--ratio) adjusted based on the ratio. If the message can not be correctly classified existence, the program will quit.
router: Router Bridge mode with the operating mode works like. The ratio after adjustment message, tcpprep be adjusted with a mask (from minmask to maxmask), until not correctly identify the address of a client or server to fall within the same network segment. Router mode has a great chance of success to distinguish between client, server, but not one hundred percent guarantee.
client: client mode with mode works like a bridge, not correctly classify the packets would be considered a client. client mode should always be successful.
server: Server mode with bridge works like, can not correctly classified messages will be considered as servers. server model should have been successful.
first: First pattern by looking at the IP address appears first in each of the SRC still appear in the DST. If the IP address appears first in the SRC domain, IP is considered to be the client, if the IP address appears first in the DST field, the IP address is identified as a server. The model has been able to execute successfully.
-c string, --cidr=string
CIDR-split split mode. This option can only appear once. This option is not available with auto, port, regex, mac option combination.
Specifies a series of segments separated by a comma, the source address of each IP packet with the matching network can be matched to the packet is the server.
Example IPv4:
--cidr = 192.168.0.0 / 16,172.16.0.0 / 12,10.0.0.0 /. 8
the IPv6 Example:
--cidr = [:: FFFF: 0: 0/96], [FE80 :: / 16]
-R & lt string, --regex = string
regular expression pattern. This option can appear only once, this option can not be mixed with the auto, port, cidr, mac use.
Take the specified regular expression matching the source IP address of each packet, matching the success of the message is considered to be the server.
-p, --port
Port distinguish mode. This option can only appear once. This option does not use auto, regex, cidr, mac with the following blending options.
Specific TCP, UDP packets can be distinguished by the destination port packet header client, server.
-e string, --mac = string
Mac address to distinguish the source mode, this option can appear only once. This option can not be mixed with the following options for use: auto, regex, cidr, port .
FIG define a series of MAC address matches the source MAC address of each packet, the packet is successfully matched server.
--reverse
Match the client rather than the server. This option can only appear once.
By default --mac, --regex, --cidr are used to match the server, not matching packets to client. By --reverse, matching the packet is a client, not matching packets to server.
-C string, --comment=string
Comments embedded in the cache file. This option can only appear once.
--no-arg-comment
does not embed any comments to the cache file, this option can appear only once.
By default, tcppreptcpprep passed as parameters user comments existence cache files, so if you do not want to define this option.
-x string, --include = string
includes only successfully matched packets. This option can only appear once. This option can not be mixed with the exclude option.
Override the default processing mode, only the processing of the transmitted packets successfully matching rules. Rule may be the following values:
S: <CIDR1>, ... - the source IP address matching
D: <CIDR1>, ... - matches the destination IP address
B: <CIDR1>, ... - Source IP address Destination IP address bucket must match
E: <CIDR1>, ... - the source IP address, destination IP address matches any
P: <LIST> - the following processes packets in pcap index file.
F: '<bpf>' - BPF filter. View tcpdump (8) man manual see the syntax.
-X string, --exclude = string
excluding any packets that match the rules, this option can appear only once. This option can not be used in conjunction with the include option.
Excluding the following rules match packets only send, edit the rule does not match the offer message. Rule may be:
S: <CIDR1>, ..
D: <CIDR1>, ... - matches the destination IP address
B: <CIDR1>, ... - the source IP address, destination IP address matches both
E: <CIDR1>, ... - the source IP address, destination IP address matches any
P: <LIST> - excluding the following packets in pcap index file.
-o string, --cachefile = string
output cache file, this option can appear only once.
String -i, --pcap = String
PCAP file input to be processed, this option can appear only once.
-P string, --print-comment = string
printed annotation information embedded in the cache file, this option can appear only once.
-I string, --print-info = string
print basic information from the cache file. This option can only appear once.
-S string, --print-stats = string
statistics print specific cache files, this option can appear only once.
-s string, --services = string
Loading service port service file, this option can appear only once. This option must be used in conjunction with port option.
This option must be used in conjunction with the option port.
/ Consistent with a range of server ports with / etc services format:
<service_name> <port>/<protocol> # comment
Example: 80 HTTP / TCP
-N, --nonip
Send non-IP traffic to the server interface. This option can only appear once.
By default, non-IP traffic can not be treated as divided into server after the server or the client is classified as a "client", specify --nonip options.
Note that if the --reverse option is specified, this option would reverse the meaning of.
-R string, --ratio = string
number of packets ratio client / server. This option can only appear once. This option must be used in conjunction with the auto option. The default value for this option:
2.0
Since a given host from the client may contain two server traffic, tcpprep ratio by adjusting a number of packets. If you want to override the default value, define a floating-point value.
-m number, --minmask = number
minimum mask length the auto mode. This option can appear only once, this option can only be used in conjunction with the auto option. This option is for the 0-32 bit integer parameter, the default value is 30.
By default, Auto mode with a minimal netmask comprising 30 to take networking server, the client. This option allows you to change this value, large value can improve efficiency, but may lead to incorrect results.
-M number, --maxmask=number
The maximum length of the network mask under auto mode, this option can appear only once, this option is an integer of 0-32, this option can only be used in conjunction with the auto.
Number The default for the this the Option at The IS:
8
default for this option is 8.
-v, --verbose
by tcpdump decodes the packet, and outputs the packet to the standard output after decoding. This option can only appear once.
-A string, --decode = string
passed a tcpdump decoder parameters, this option can appear only once, this option must be used in conjunction with verbose.
When specifying verbose mode, you may need to specify a number of parameters passed to the tcpdump modified to take the message decoding mode. By default, the parameter is -n, -l. Ensure that the parameters in quotation marks, so that the parameters are not resolved tcprewrite.
The following are the available parameters:
[-AAeNqRStuvxX]
[-E spi @ ipaddr algo: secret, ...]
[-s snaplen]
-V, --version
Print version number
-h, --less-help
output brief usage information and exit.
-H, --help
output usage and exit.
- !, --more-help
output usage and exit.
--save-opts [= rcfile]
Save option to configure the rcfile.
--load-opts = rcfile, --no- load-opts
Load options from rcfile in.
OPTION PRESETS
See tcpreplay man manual translation
SEE ALSO
tcpdump(1), tcprewrite(1), tcpreplay(1)
AUTHOR
Copyright 2000-2010 Aaron Turner
For support please use the [email protected] mailing list.
The latest version of this software is always available from: http://tcpreplay.synfin.net/
Released under the Free BSD License.
This manual page was AutoGen-erated from the tcpprep option definitions.
(tcpprep ) 2010-04-04 TCPPREP(1)
something to know
- --no-load-opts option to use, temporarily did not find out
Reference material
- http://tcpreplay.appneta.com/wiki/tcpprep