[vox-tech] tcpreplay play back at same speed?

Brian Lavender brian at brie.com
Fri Jun 4 11:02:35 PDT 2010


On Fri, Jun 04, 2010 at 01:10:51AM -0700, Bill Broadley wrote:
> On 06/03/2010 10:38 PM, Brian Lavender wrote:
> > Does tcpreplay play back at the same speed the pcap file was captured?
> 
> Unless I'm misreading the manpage, yes.  Unless of course you tell it to 
> use --topspeed, or use one of the acceleration features like 
> --multiplier, or --sleep-accel.

Excellent. The duration of the connections is an attribute I searching
for. I used it to play capture data last night and it seemed to be
working. I wasn't sure though.

> 
> > Also, is there a way to make the dummy0 ethernet so that it is writable
> > by my user id?
> 
> Hrm, what's the goal?  To allow users to send arbitrary packets?  Or to 
> let users think they are sending arbitrary packets?  Depending on what 
> you want it might be easiest to just have sudo allow running the 
> particular command.

Well, I want to use tcpreplay to play back the capture file and have the
Network Intrusion Detection System (NIDS) that I am developing listen to
the dummy device. I am doing an integration into nProbe. I can use my
regular user and run the program and it will suck up the capture file,
but it does it as fast as it can and I lose all timing data. Thus, I
created a dummy0 ethernet device, use tcpreplay to play to it and then
the nProbe sucks it up. Right now, I run nProbe as root. It seems that
there ought to be a way that you can add an attribute to the dummy0
ethernet device. 

I can't seem to find the device and it there is no evidence of it in
udev either.

brian
-- 
Brian Lavender
http://www.brie.com/brian/

"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."

Professor C. A. R. Hoare
The 1980 Turing award lecture


More information about the vox-tech mailing list