pcapreplay
Retransmits packet binary to a specified network interface. Use this command to retransmit packet data stored in a PCAP file or a table through a network device.
Command properties
| Item | Description |
|---|---|
| Command type | Processing query |
| Required permission | None |
| License usage | N/A |
| Parallel execution | Supported |
| Distributed execution | Runs on Data Node (mapper) |
Syntax
Options
device=STR- PCAP network device identifier to send packets to. Use the
system-pcap-devicescommand to query the list of available devices. pps=LONG- Maximum number of packets to transmit per second (Packets Per Second). When a positive value is specified, the transmission rate is limited. When not specified or set to 0 or less, packets are transmitted without a rate limit.
Input fields
| Field | Type | Required | Description |
|---|---|---|---|
| payload | binary | Required | Packet binary to transmit. If the type is not byte[] or is null, transmission for that record is skipped. |
Error codes
Parse errors
| Error code | Message | Description |
|---|---|---|
| 30900 | Cannot initialize PCAP device. | The device option is not specified |
| 30901 | The pps value must be a numeric value greater than 0. | The pps option value cannot be converted to a number |
Runtime errors
N/A
Description
The pcapreplay command reads the packet binary from the payload field of the input record and transmits it to the specified network device. The input record is passed to the next command unchanged.
The pps option limits the number of packets transmitted per second. When a rate limit is set, the command manages packet transmission counts in one-second intervals and waits until the next one-second interval after all allocated packets have been sent.
When the network device's transmit buffer is full, the command waits until the device is ready to write. If the device closes unexpectedly, transmission of that packet is skipped.
Examples
-
Retransmitting packets from a PCAP file
pcapfile /opt/logpresso/data/capture.pcap | pcapreplay device="eth0"Retransmits packets read from the PCAP file to the
eth0network device. -
Retransmitting packets with a rate limit
pcapfile /opt/logpresso/data/capture.pcap | pcapreplay device="eth0" pps=1000Retransmits packets read from the PCAP file to the
eth0device at a rate limited to 1,000 packets per second. -
Filtering specific packets and retransmitting
pcapfile /opt/logpresso/data/capture.pcap | pcapdecode | search dst_port == 80 | pcapreplay device="eth0" pps=500Filters only packets with destination port 80 from the PCAP file and retransmits them at a rate limited to 500 packets per second.