-
Notifications
You must be signed in to change notification settings - Fork 49
tracereplay
tracereplay allows users to replay traces in trace time, i.e. preserving the original packet timing. tracereplay will pad truncated packets back to their original wire length and recompute checksums appropriately.
tracereplay [ -f | --filter bpf ] [ -b | --broadcast ] [ -s | --snaplength len ] inputuri outputuri
-f, --filter
Specifies a BPF filter to apply to the input trace.
-b, --broadcast
Changes the Ethernet destination address to the broadcast address. This will send the transmitted packets to any hosts on the local network.
-s, --snaplength
Truncate the replayed packets to the length specified. Only applies if the input is a capture device, rather than a trace file.
Replay a trace file via the interface eth0: tracereplay -b erf:input.erf.gz int:eth0
Be careful about using tracereplay over a production network - generally, you want to replay traces over a controlled network that has no access to the rest of your "live" network. Last thing you want is a flood of packets from a large trace file saturating your network :)