installation
brew install tcpreplay
yum install tcpreplaytcpreplay playback
tcpreplay is a tool for replaying network traffic from files saved with tcpdump or other tools which write pcap(3) files.tcpreplay playback of messages to have a certain format pcap, the format does not play back
使用网卡en0,报文syn.pcap回放10次
tcpreplay -i en0 -l 10 syn.pcaptcpprep packet filtering; help man tcpprep
tcpprep is a 'pcap(3)' file pre-processor which creates a cache file which provides "rules" for 'tcprewrite(1)' and 'tcpreplay(1)' on how to process and send packets
The basic operation of tcpreplay is to resend all packets from the input file(s) out a single file. Tcpprep processes a pcap file and applies a set of user-specified rules to create a cache file which tells tcpreplay whether or not to send each packet and which interface the packet should be sent out of.
For more details, please see the Tcpreplay Manual at: http://tcpreplay.appneta.comtcpreplay default playback * .pcap in all packets, and the role of tcpprep is filtered through a filter leaving some messages
生成目的端口为80的报文缓存文件
tcpprep -i *.pcap -o *.cache -p 80tcprewrite modify messages
Tcprewrite is a tool to rewrite packets stored in pcap(3) file format, such as created by tools such as tcpdump(1) and wireshark(1). Once a pcap file has had it's packets rewritten, they can be replayed back out on the network using tcpreplay(1)
把报文的端口修改为80->8080
tcprewrite -r 80:8080 -i syn-2.pcap -o test.pcaptcpreplay-edit packets after playback of the edited directly, without intermediate file generation
Remaining problem
There are no editing tools tcp intercept messages?