Replaying captures is useful for many types of classification problems or adding background load on a PacketShaper. It does not work very well if one wants to shape traffic because packets are sent at a deterministic rate by the replay machine.
The packet capture needs to be in libpcap format. Packet captures taken on a PacketShaper are in this format and Wireshark or other capture tools can be used as long as the capture is saved in libpcap format.
A Linux machine with two available interfaces is needed. The two interfaces are cabled directly to the Inside and Outside ports on the PacketShaper. If there are packets in the pcap which are larger than the default MTU on the interfaces of the replay machine, you need to increase the MTU on those interfaces. For example, if the capture was taken on an 802.1 trunk, packets are an additional 4 bytes larger. The "ifconfig" command can be used or change the MTU of an interface.
ifconfig eth0 mtu 1518
Tcpreplay is free and can be obtained from http://tcpreplay.synfin.net. Installation instructions and complete documentation are located there as well.
After installation of Tcpreplay, the next step is to "prep" the pcap for replay. This is a process which splits the traffic in the pcap into client and server side packets such that client packets are replayed out of one interface and server packets are replayed out of the other interface. The pcap is prepared using the "Tcpprep" utility which is included with the Tcpreplay installation. There are many options for how to split the traffic; "client or "server" usually work pretty well. In this example, the traffic is split in auto client mode, -N is to send non-IP traffic out the server interface, and a cache file called test_cache is created:
tcpprep --auto=client -N --cachefile=test_cache -i test.dmp
The pcap can now be replayed through the PacketShaper using Tcpreplay. Eth0 and eth1 will be used and are cabled directly to the PacketShaper.
tcpreplay --intf1=eth0 --intf2=eth1 --cachefile=test_cache test.dmp
There are many options for replaying the original pcap. For example, if one wanted to replay the pcap at 5 times the original capture speed the --multiplier option would be specified:
tcpreplay --multiplier=5 --intf1=eth0 --intf2=eth1 --cachefile=test_cache test.dmp
Or instead of a multiplier, you could designate a fixed speed with --mbps=
It is often helpful to loop the replay multiple times:
tcpreplay --loop=10 --intf1=eth0 --intf2=eth1 --cachefile=test_cache test.dmp (loop 10 times)
tcpreplay --loop=0 --intf1=eth0 --intf2=eth1 --cachefile=test_cache test.dmp (loop until Crtl-C is pressed)
These are only a few of the options to prep and replay a capture file. Further information can found on line or with the "--help" argument.