网络安全工具-Tcpreplay
2014-02-09 12:51:01 
阿炯
Tcpreplay是网络安全中一种常用的工具,对于其报文重放的功能大家都非常清楚,但是对于其能够在重放过程中改写报文的内容的功能应用却不是很多,如果能够熟练的应用Tcpreplay的报文改写功能就有可能使攻击者安全的规避的防火墙的检测手段。它针对目前很多防火墙产品并不检测报文的载荷,只是根据规则来阻止某个协议字段来达到防范的目的,这样通过Tcprepaly就可以改写敏感的报文字段,使其安全的通过防火墙的检测。采用C/C++开发并在GPLv3协议下授权,支持多个平台。
Tcpreplay is a suite of BSD GPLv3 licensed tools written by Aaron Turner for UNIX (and Win32 under Cygwin) operating systems which gives you the ability to use previously captured traffic in libpcap format to test a variety of network devices. It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 headers and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS's. Tcpreplay supports both single and dual NIC modes for testing both sniffing and inline devices.
Tcpreplay is used by numerous firewall, IDS, IPS and other networking vendors, enterprises, universities, labs and open source projects. If your organization uses Tcpreplay, please let me know who you are and what you use it for so that I can continue to add features which are useful.
The Tcpreplay suite includes the following tools:
tcpprep - multi-pass pcap file pre-processor which determines packets as client or server and creates cache files used by tcpreplay and tcprewrite
tcprewrite - pcap file editor which rewrites TCP/IP and Layer 2 packet headers
tcpreplay - replays pcap files at arbitrary speeds onto the network
tcpliveplay - Replays network traffic stored in a pcap file on live networks using new TCP connections
tcpreplay-edit - replays & edits pcap files at arbitrary speeds onto the network
tcpbridge - bridge two network segments with the power of tcprewrite
tcpcapinfo - raw pcap file decoder and debugger
最新版本:4.0
此版本包括主干部分的改进和 bug 修复,进行了功能扩展和性能提升。这是第一个版本直接支持 IP Flow/Netflow 性能测试,当使用 netmap 网络驱动时,添加了 10GigEwire-speed 重播率;支持 Netflow, unique flows per iteration, timestamp overhaul, new API, ARM 和新 DLT 。
项目主页:http://tcpreplay.synfin.net/